Technology Two members of the cybercrime group have been indicted...

Two members of the cybercrime group have been indicted for last year’s DEA portal hack


- Advertisment -

Two men have been charged for their alleged role in hack from last year from the Drug Enforcement Agency web portal, as previously reported by Gizmodo. In posted a press release Earlier this week, the Justice Department said Sagar Steven Singh and Nicholas Ceraolo stole a police officer’s credentials to access a federal law enforcement database they used to blackmail victims.

Prosecutors claim 19-year-old Singh and 25-year-old Ceraolo are members of a hacking group called Vile, which often steal victims’ personal information and then threaten to dox them online if they don’t receive payment. While the DOJ does not explicitly say which agency Singh and Ceraolo allegedly hacked, it states that the portal “contains detailed, non-public records of narcotics and currency seizures, as well as reports from law enforcement intelligence.” This follows with a report of Krebs on security that indicates the hack is related to the DEA.

According to the complaint, Singh used the information from the federal portal to threaten his victims, and in one instance wrote to an individual that he would harm their family unless they gave him the credentials to their Instagram accounts. He then added the social security number, driver’s license number, home address, and other personal information collected from the government’s database to his threat.

False requests for emergency data are becoming more and more common.

“By means of [the] portal, I can request information about anyone in the US, no matter who, no one is safe,” Singh wrote to the victim. “You’re going to obey me if you don’t want anything negative to happen to your parents.”

Meanwhile, Ceraolo used the portal to obtain the email credentials of a Bangladeshi police officer. Ceraolo allegedly posed as the officer during his correspondence with an unnamed social media platform and convinced the site to provide a specific user’s home address, email address and phone number under the guise that the victim was “participating in ‘extortion of children’, blackmailed and threatened the government of Bangladesh.” Ceraolo reportedly similarly attempted to scam a popular gaming platform and facial recognition company, but both declined the requests.

The Ceraolo scam is becoming more and more common. Last year, one report Bloomberg revealed that Apple, Meta, and Discord fell victim to similar tricks where hackers posed as police officers looking for emergency data. While law enforcement sometimes asks social media sites for information about a particular user if they are involved in a crime, this requires a subpoena or search warrant signed by a judge. However, emergency data requests don’t need this kind of approval, something hackers take advantage of.

As indicated by Krebs on securityhas Ceraolo actually been described as a security researcher in numerous reports crediting him for exposing security vulnerabilities related to T-Mobile, AT&TAnd Cox communications. Law enforcement officers raided Ceraolo’s home in May 2022 before searching Singh’s residence in September.

While Singh was arrested Tuesday in Pawtucket, Rhode Island, Ceraolo turned himself in shortly after the DOJ announced its indictment. According to the DOJ, Ceraolo faces up to 20 years behind bars for conspiracy to commit wire fraud, and both Ceraolo and Singh could face five years in prison for conspiracy to commit computer break-ins.

Shreya Christina
Shreya has been with for 3 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider team, Shreya seeks to understand an audience before creating memorable, persuasive copy.


Please enter your comment!
Please enter your name here

Latest news

Today is the last day to move away from Twitter’s SMS 2FA method

As part of this change, Twitter will too turn off 2FA for your account in full if you don't...

10 tips for making hardware products risk-free

How to test and evaluate the demand for hardware products before starting the factory Creating real, tangible objects that you...

The demise of Silicon Valley Bank sharpens the spigot on $30 billion in venture capital

Startups borrowed so they wouldn't have to give up their equity. After the collapse of market leader SVB,...

How to understand trending commerce innovations

Join top executives in San Francisco on July 11-12 to hear how leaders are integrating and optimizing AI investments...
- Advertisement -

Google Pixel ‘aCropalypse’ exploit flips edited parts of screenshots

A security flaw affecting the Google Pixel's default screenshot editing tool, Markup, causes images to become partially "raw", potentially...

Emerging managers hope the new SVB offers the same support to new VCs

Before it crashed, Silicon Valley Bank was known to many startups and venture companies as the place to park...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you