Here is a recent arrest that is worth watching. This is an interesting twist where the intruders, allegedly part of the “ViLE” group, used powerful law enforcement only databases to target their victims. In addition, they used an officer’s email address to defraud social media companies.
The charges stem from Singh’s and Ceraolo’s efforts to extort victims by threatening to release their personal information online.
…
In pursuit of victims’ personal information, Singh and Ceraolo unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports. Ceraolo (with Singh’s knowledge) also accessed without authorization the email account of a foreign law enforcement officer, and used it to defraud social media companies by making purported emergency requests for information about the companies’ users.
…
As alleged in the complaint, in pursuit of victims’ personal information. Singh and Ceraolo used a police officer’s credentials to access without authorization a nonpublic, password-protected web portal (the “Portal”) maintained by a U.S. federal law enforcement agency, whose purpose is to share intelligence from government databases with state and local law enforcement agencies. After both Singh and Ceraolo accessed the Portal, Ceraolo wrote to Singh: “were all gonna get raided one of these days i swear.” Later that day, Singh wrote to a contact that the “portal [] i accessed i was not supposed to be there not one bit.” Singh said he had “jacked into a police officer’s account” and “that portal had some fucking potent tools.” Singh continued: “it gave me access to gov databases,” followed by the names of five search tools accessible through the Portal.
Within one day of this unauthorized access, Singh was using his access to the Portal to extort victims. Singh wrote to a victim (Victim-1) that he would “harm” Victim-1’s family unless Victim-1 gave Singh the credentials for Victim-1’s Instagram accounts – and appended Victim-1’s social security number, driver’s license number, home address, and other personal details. During the conversation, Singh told Victim-1 that he had “access to [] databases, which are federal, through [the] portal, i can request information on anyone in the US doesn’t matter who, nobody is safe.” Singh added: “you’re gonna comply to me if you don’t want anything negative to happen to your parents.” Singh ultimately directed Victim-1 to sell Victim-1’s accounts and give the proceeds to Singh.
In addition to accessing the Portal without authorization, Ceraolo posed as a police officer to obtain subscriber information from various online service providers. For example, between February 2022 and May 2022, Ceraolo accessed without authorization an official email account belonging to a Bangladeshi police official. Ceraolo used the account to pose as a Bangladeshi police officer in communication with U.S.-based social media platforms. In one instance, Ceraolo induced a social media platform (Platform-1) to provide information about one of its subscribers, including the subscriber’s address, email address and telephone number, by asserting that the subscriber had participated in “child extortion” and blackmail and had threatened officials of the Bangladeshi government. Ceraolo shared the information with another ViLE member, who sent the information to Singh. Ceraolo also used the Bangladeshi police account to attempt to purchase a license from a facial recognition company whose services are not available to the general public.
Similarly, between March 2022 and May 2022, Ceraolo targeted a company (Platform-2) that operates an online gaming platform. Ceraolo used the Bangladeshi police account to request data about one of Platform-2’s users. Employees of Platform-2 detected Ceraolo’s fraud and publicly discussed the attempted fraud. Ceraolo told an associate that he would “hack” Platform-2 in retaliation for “acting like their [sic] untouchable,” that he would “handle dumping and defacing everything for trying to snitch to homeland security” and that he could “easily get 6 figs” for selling Platform-2’s information “on one of the dark web markets.” At Ceraolo’s behest, an associate posed as a U.S. local police officer and sent a forged subpoena to one of Platform-2’s vendors, seeking registration details about Platform-2’s administrators. The vendor did not provide the information.
https://www.databreaches.net/two-men-charged-for-breaching-federal-law-enforcement-database-and-posing-as-police-officers-to-defraud-social-media-companies/
Further Reading:
- https://www.justice.gov/usao-edny/pr/two-men-charged-breaching-federal-law-enforcement-database-and-posing-police-officers
- https://flashpoint.io/wp-content/uploads/Complaint-USA-v.-Sagar-Steven-Singh-and-Nicholas-Ceraolo.pdf
- https://www.databreaches.net/two-men-charged-for-breaching-federal-law-enforcement-database-and-posing-as-police-officers-to-defraud-social-media-companies/
- https://www.theverge.com/2023/3/18/23646224/hackers-charged-dea-portal-attack-vile
- https://www.courtlistener.com/docket/67013846/united-states-v-singh/
- https://krebsonsecurity.com/2023/03/two-us-men-charged-in-2022-hacking-of-dea-portal/
Note that this is an update to:
Two Men Charged For Breaching Federal Law Enforcement Database And Posing As Police Officers
Leave a Reply