Two hackers charged with last year’s DEA portal breach


Two men have been charged for their alleged roles in last year’s hack of the Drug Enforcement Agency’s web portal, as reported earlier by Gizmodo. In a press release posted earlier this week, the Department of Justice says Sagar Steven Singh and Nicholas Ceraolo stole a police officer’s credentials to access a federal law enforcement database that they used to extort victims.

Prosecutors claim the 19-year-old Singh and 25-year-old Ceraolo are members of a hacking group called Vile, which often steals personal information from victims and then threatens to dox them online if they don’t receive a payment. While the DOJ doesn’t explicitly say which agency Singh and Ceraolo allegedly hacked into, it states the portal contains “detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.” This tracks with a report from Krebs on Security that indicates the hack is related to the DEA.

According to the complaint, Singh used the information from the federal portal to threaten his victims, and in one instance, wrote to one person that he would harm their family unless they gave him the credentials to their Instagram accounts. He then attached the victim’s social security number, driver’s license number, home address, and other personal information he collected from the government’s database to his threat.

Fake emergency data requests are becoming increasingly common.

“Through [the] portal, I can request information on anyone in the US doesn’t matter who, nobody is safe,” Singh allegedly wrote to the victim. “You’re gonna comply to me if you don’t want anything negative to happen to your parents.”

Meanwhile, Ceraolo used the portal to obtain the email credentials belonging to a Bangladeshi police officer. Ceraolo allegedly posed as the officer during his correspondence with an unnamed social media platform, and convinced the site to provide the home address, email address, and telephone number of a specific user under the guise that the victim “participated in ‘child extortion,’ blackmail, and threatened the Bangladeshi government.” Ceraolo allegedly attempted to scam a popular gaming platform and facial recognition company the same way, but both refused the requests.

The scam carried out by Ceraolo is becoming increasingly common. Last year, a report from Bloomberg revealed that Apple, Meta, and Discord fell victim to similar ploys that involved hackers posing as police officers seeking emergency data requests. While law enforcement sometimes asks social media sites for data about a particular user if they’re involved in a crime, this requires a subpoena or search warrant signed by a judge. However, emergency data requests don’t need this kind of approval, which is something hackers are taking advantage of.

As pointed out by Krebs on Security, Ceraolo has actually been described as a security researcher in numerous reports that credit him with uncovering security vulnerabilities related to T-Mobile, AT&T, and Cox Communications. Law enforcement raided Ceraolo’s home in May 2022 before searching Singh’s residence in September.

While Singh was arrested in Pawtucket, Rhode Island on Tuesday, Ceraolo turned himself in shortly after the DOJ announced its charges. According to the DOJ, Ceraolo faces up to 20 years behind bars for conspiracy to commit wire fraud, and both Ceraolo and Singh could face five years in prison for conspiracy to commit computer intrusions.

#hackers #charged #years #DEA #portal #breach


Related Posts

Marvel’s Blade Movie Delayed by Writer’s Strike

[ad_1] Marvel’s vampire hunter Blade is a fierce warrior but he may have finally met his match: labor unions. The upcoming, long-in-development reboot of the Marvel franchise…

How to Watch the Coronation of King Charles III Live

[ad_1] King Charles III officially shed his princedom when Queen Elizabeth II died, and the British royal’s new position will be formalized on May 6 in a coronation…

‘Quordle’ today: See each ‘Quordle’ answer and hints for May 6

[ad_1] If Quordle is a little too challenging today, you’ve come to the right place for hints. There aren’t just hints here, but the whole Quordle solution….

How to use a passkey instead of a password to sign into your Google account

[ad_1] Passwords have always been a necessary evil, giving you the choice of either using one that is too simple (so you can easily remember it) or…

Amazon quietly acquired audio content discovery engine Snackable AI to boost its podcast projects

[ad_1] Amazon quietly acquired New York-based audio content discovery engine Snackable AI last December to boost its podcast features, as first reported by New York Post. The…

Warhammer 40K’s New Tyranid Screamer-Killer Is a Great Update

[ad_1] A new edition of Warhammer 40K means new models—and for some of the 40-year-old wargaming franchise’s creatures and characters, that means updates they’ve not had in…

Leave a Reply

Your email address will not be published. Required fields are marked *