Mỹ (U.S. Department of Justice)
Maryland Man Sentenced for Conspiracy to Commit Wire Fraud
Phạm Đình Tiến
26/6/2026
Không ai có thể ngờ, một người đàn ông làm nghề thợ nail tại bang Maryland lại là "chìa khóa vàng" giúp các hacker bí ẩn đột nhập thẳng vào hệ thống dữ liệu của Cục Hàng không Liên bang Mỹ (FAA) cùng hàng loạt nhà thầu Bộ Quốc phòng.
Đây không phải là kịch bản phim Hollywood, mà là một vụ án có thật vừa bị Bộ Tư pháp và FBI triệt phá, để lại một cú sốc lớn cho cả Lầu Năm Góc.
Từ tiệm nail Maryland đến những chiếc laptop triệu đô
Nhân vật chính trong câu chuyện động trời này là Minh Phuong Ngoc Vong (thường gọi là Phương Minh) người Mỹ, gốc Việt, 40 tuổi, sống tại thành phố Bowie, bang Maryland. Hằng ngày, công việc của anh ta gắn liền với tiệm nail Allure Nail Spa. Thế nhưng, đằng sau vỏ bọc bình dị đó lại là một phi vụ gian lận công nghệ có quy mô không tưởng.
Từ năm 2021 đến năm 2024, Phương Minh đã cấu kết với một kẻ có bí danh "William James" (sống tại Thẩm Quyến, Trung Quốc - đối tượng bị tình nghi là gián điệp mạng của Triều Tiên) để lừa đảo ít nhất 13 công ty công nghệ thông tin hàng đầu của Mỹ.
Kịch bản diễn ra vô cùng mượt mà: Cứ mỗi khi trúng tuyển làm việc từ xa (remote), các công ty Mỹ lại gửi máy tính làm việc (laptop) cùng quyền truy cập nội bộ về nhà Phương Minh. Nhưng thay vì gõ code, anh thợ nail của chúng ta lại cài phần mềm điều khiển từ xa, "sang tay" toàn bộ quyền kiểm soát chiếc laptop cho đồng bọn ở bên kia đại dương để họ tha hồ khai thác thông tin bảo mật.
Đổi lại, các công ty Mỹ vẫn đều đặn trả lương. Tổng cộng, Phương Minh đã đút túi hơn 970.000 USD (khoảng 22 tỷ đồng) từ những hợp đồng béo bở mà bản thân anh ta chẳng cần biết một dòng mã lệnh nào.
Giải mã bí ẩn: Tại sao qua mặt được vòng phỏng vấn?
Nhiều người sẽ thắc mắc: "Ủa, các công ty Mỹ khét tiếng kỹ tính, không lẽ họ không phỏng vấn hay bắt thi code trực tiếp?"
Câu trả lời là HỌ CÓ PHỎNG VẤN, nhưng Phương Minh và đồng bọn đã lách luật bằng một kịch bản vô cùng logic:
Hồ sơ giả, người thật: Tên hacker "William James" đã làm giả một bộ CV cực khủng cho Phương Minh, khai gian rằng anh ta có bằng Cử nhân và... 16 năm kinh nghiệm làm lập trình viên.
Người thật ra mặt "check var": Khi công ty yêu cầu phỏng vấn trực tuyến qua camera (Video Call), chính Phương Minh là người ngồi trước màn hình. Vì là công dân Mỹ thật, anh ta tự tin giơ thẳng Bằng lái xe và Hộ chiếu Mỹ thật 100% của mình lên để xác minh danh tính.
Hacker "gánh" kỹ thuật: Đối với các vòng phỏng vấn lý thuyết hoặc giao tiếp, Phương Minh chỉ cần học vẹt các câu trả lời cơ bản được chuẩn bị sẵn. Còn khi vào việc thật, kẻ đứng sau chỉ cần điều khiển laptop từ xa để gõ code. Các công ty cứ đinh ninh nhân viên Mỹ của mình đang làm việc chăm chỉ tại nhà, mà không biết rằng tín hiệu mạng đã bị chuyển tiếp ngầm sang Trung Quốc.
Cái kết đắng sau lăng kính ngựa vằn
"Đi đêm lắm có ngày gặp ma", lỗ hổng bị lộ tẩy khi một công ty tiến hành rà soát an ninh chuyên sâu để cấp thẻ tiếp cận hệ thống chính phủ cho Phương Minh. Họ phát hiện các dấu hiệu truy cập bất thường và định vị ngầm trỏ về khu vực biên giới Trung Quốc - Triều Tiên.
Ngày 16/5/2024, Phương Minh chính thức bị bắt giữ. Trước những bằng chứng đanh thép từ FBI, anh ta đã phải cúi đầu nhận tội "Âm mưu lừa đảo qua mạng". Theo thông tin mới nhất từ Bộ Tư pháp Mỹ, Phương Minh đã bị tuyên án tù giam và đối mặt với nhiều năm bồi thường thiệt hại.
Vụ án này đang dấy lên một làn sóng tranh luận dữ dội: Liệu xu hướng làm việc từ xa (remote) có đang biến các công ty công nghệ thành "con mồi" béo bở cho các thế lực gián điệp mạng? Tiền nhiều để làm gì khi cái giá phải trả là những năm tháng thanh xuân sau song sắt?
Bạn nghĩ sao về cú lừa "bình cũ rượu mới" này? Hãy để lại ý kiến dưới phần bình luận nhé!
Mỹ (U.S. Department of Justice)
Maryland Man Sentenced for Conspiracy to Commit Wire Fraud
Thursday, December 4, 2025
For Immediate Release
Office of Public Affairs
Minh Phuong Ngoc Vong, 40, of Bowie, Maryland, was sentenced today to 15 months in prison followed by three years of supervised release for his role in a fraudulent scheme that assisted foreign information technology (IT) workers posing as U.S. citizens with obtaining remote IT positions at over a dozen U.S. companies.
According to court documents, Vong conspired with others, including John Doe, aka William James, a foreign national living in Shenyang, China, to defraud U.S. companies into hiring Vong as a remote software developer. After securing these jobs through materially false statements about his education, training, and experience, Vong allowed Doe and others to use his computer access credentials to perform the remote software development work and receive payment for that work. According to court documents, Vong knew that Doe was located next to North Korea. Additionally, Doe’s communications indicate that he is likely a North Korean national who was working to generate revenue for the North Korean government.
According to the plea agreement, on Jan. 30, 2023, Doe submitted a fraudulent resume in Vong’s name to a Virginia-based technology company for a web application developer position that required U.S. citizenship as a condition of employment. The resume falsely represented that Vong possessed a Bachelor of Science degree and 16 years of experience as a software developer. In fact, Vong did not have a college degree or experience in software development.
On March 28, 2023, Vong participated in an online job interview with the CEO of a Virginia-based company. Vong verified his identity and citizenship by showing his Maryland driver’s license and U.S. Passport. Following the interview, the Virginia-based company hired Vong and assigned him to work on a contract for the Federal Aviation Administration (FAA) involving a particular software application used by various U.S. government agencies to manage sensitive information regarding national defense matters. The Virginia-based company provided Vong with a laptop to use in connection with his employment and the FAA authorized Vong to receive a Personal Identity Verification card to access government facilities and systems. Vong installed remote access software on the laptop to facilitate Doe’s access to it and conceal his location in China.
Between March 2023 and July 2023, Doe used Vong’s credentials to perform the software development work from his location in China. The Virginia-based company paid Vong more than $28,000 in wages for work he performed, portions of which Vong then sent overseas to Doe and other conspirators.
As part of his guilty plea, Vong admitted that the Virginia-based company was not the only company he and his co-conspirators defrauded. Between 2021 and 2024, Vong used fraudulent misrepresentations to obtain employment with at least 13 different U.S. companies, who collectively paid Vong more than $970,000 in salary for software development services that were, unbeknownst to them, performed by Doe or other overseas conspirators. Several of these defrauded companies contracted out Vong’s services to U.S. government agencies in addition to the FAA. As a result of Vong’s fraudulent misrepresentations, these government agencies unknowingly granted Vong’s co-conspirators access to sensitive U.S. government systems, which they accessed from China.
The FBI Baltimore Field Office investigated the case.
Assistant U.S. Attorney Christina A. Hoffman for the District of Maryland prosecuted the case with valuable assistance from the National Security Division’s National Security Cyber Section.
Under the Department-wide DPRK RevGen: Domestic Enabler Initiative, launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and agents are prioritizing the identification and shuttering of U.S.-based “laptop farms” – locations hosting laptops provided by victim U.S. companies to individuals they believed were legitimate U.S.-based freelance IT workers – and the investigation and prosecution of individuals hosting them. The Department previously announced other actions pursuant to the initiative, including in January and June 2025.
Updated December 4, 2025
Maryland Man Sentenced for Conspiracy to Commit Wire Fraud
Thông tin chi tiết từ Văn phòng Biện lý Hoa Kỳ - Quận Maryland
Thursday, December 4, 2025
For Immediate Release
U.S. Attorney's Office, District of Maryland
Scheme involved foreign IT workers in China, posing as U.S. citizens, obtaining remote IT positions at more than a dozen U.S. companies
Baltimore, Maryland – U.S. District Judge Deborah L. Boardman sentenced Minh Phuong Ngoc Vong, 41, of Bowie, Maryland, today, to 15 months in prison, followed by three years of supervised release — including six months of home confinement — for his role in a wire fraud scheme. Through the fraudulent scheme, Vong assisted foreign information technology (IT) workers in China, posing as U.S. citizens, with obtaining remote IT positions at more than a dozen U.S. companies.
Kelly O. Hayes, U.S. Attorney for the District of Maryland, announced the sentence with Special Agent in Charge Jimmy Paul, Federal Bureau of Investigation (FBI) – Baltimore Field Office.
Vong conspired with others, including John Doe, aka William James, a foreign national living in Shenyang, China, to defraud U.S. companies into hiring Vong as a remote software developer. After securing these jobs through materially false statements about his education, training, and experience, Vong allowed Doe and others to use his computer access credentials to perform the remote software development work and receive payment for that work. According to court documents, Vong knew that Doe was located in China next to North Korea. Additionally, Doe’s communications indicate that he is likely a North Korean national who was working to generate revenue for the North Korean government.
“This prosecution shows that we, along with our law-enforcement partners, are serious about holding accountable individuals who endanger our nation,” Hayes said. “By conspiring with a foreign national to infiltrate U.S. companies, Mr. Vong put American businesses, their employees, and our broader economic and national security at risk. Our office will zealously pursue anyone who undermines the integrity of U.S. systems for personal gain.”
“Vong is yet another subject being held accountable for using false identities on behalf of North Korea to infiltrate American companies,” Paul said. “His crimes threaten our economic and national security. I’m proud of the work FBI Baltimore has done to ensure that anyone who seeks to steal from or endanger the United States is brought to justice.”
According to the plea agreement, on Jan. 30, 2023, Doe submitted a fraudulent resume in Vong’s name to a Virginia-based technology company for a web application developer position that required U.S. citizenship as a condition of employment. The resume falsely represented that Vong possessed a Bachelor of Science degree and 16 years of experience as a software developer. In fact, Vong did not have a college degree nor experience in software development.
On March 28, 2023, Vong participated in an online job interview with the CEO of a Virginia-based company. Vong verified his identity and citizenship by showing his Maryland driver’s license and U.S. Passport. Following the interview, the Virginia-based company hired Vong and assigned him to work on a contract for the Federal Aviation Administration (FAA) involving a particular software application used by various U.S. government agencies to manage sensitive information regarding national defense matters. The Virginia-based company provided Vong with a laptop to use in connection with his employment, and the FAA authorized Vong to receive a Personal Identity Verification card to access government facilities and systems. Vong installed remote access software on the laptop to facilitate Doe’s access to it and conceal his location in China.
Between March 2023 and July 2023, Doe used Vong’s credentials to perform the software development work from his location in China. The Virginia-based company paid Vong more than $28,000 in wages for work he performed, portions of which Vong then sent overseas to Doe and other conspirators.
As part of his guilty plea, Vong admitted that the Virginia-based company was not the only company he and his co-conspirators defrauded. Between 2021 and 2024, Vong used fraudulent misrepresentations to obtain employment with at least 13 different U.S. companies, who collectively paid Vong more than $970,000 in salary for software development services that were, unbeknownst to them, performed by Doe or other overseas conspirators. Several of these defrauded companies contracted out Vong’s services to U.S. government agencies in addition to the FAA. As a result of Vong’s fraudulent misrepresentations, these government agencies unknowingly granted Vong’s co-conspirators access to sensitive U.S. government systems, which they accessed from China.
U.S. Attorney Hayes commended the FBI for its work in the investigation. Additionally, Ms. Hayes thanked Assistant U.S. Attorney Christina A. Hoffman, who is prosecuting the case with valuable assistance from the National Security Division’s National Security Cyber Section. The U.S. Attorney and FBI Baltimore also thank the supporting federal and local law-enforcement partners that assisted with this case.
Under the Department-wide DPRK RevGen: Domestic Enabler Initiative, launched in March 2024 by the National Security Division and the FBI’s Cyber and Counterintelligence Divisions, Department prosecutors and agents are prioritizing the identification and shuttering of U.S.-based “laptop farms” – locations hosting laptops provided by victim U.S. companies to individuals they believed were legitimate U.S.-based freelance IT workers – and the investigation and prosecution of individuals hosting them. The Department previously announced other actions pursuant to the initiative, including in Januaryand June 2025.
For more information about the Maryland U.S. Attorney’s Office, its priorities, and resources available to help the community, visit justice.gov/usao-md and justice.gov/usao-md/community-outreach.
# # #
Contact
Kevin Nash
USAMD.Press@usdoj.gov
410-209-4946
Updated December 4, 2025
Không có nhận xét nào