2 Americans Arrested, Charged With DEA Portal Hack in 2022

They are members of Vile, a hacking group that steals victims' personal data and threatens to dox them online.

US Nuclear Power Facility Suffers From Cyberattacks! DOJ Claims Russian Hackers Worked With an Insider
An engineer from the Israeli company "Commun.it" uses his expertise in social media commercial analysis to identify networks of fake users during at the group's office in the Israeli city of Bnei Brak near Tel Aviv on January 23, 2019. - A coalition of Israeli diplomats, programmers and hackers have joined forces to stave off threats. Photo credit should read JACK GUEZ/AFP via Getty Images

Two individuals have been prosecuted for their suspected participation in last year's breach of the Drug Enforcement Agency's (DEA) online platform, as revealed by Gizmodo.

2022 DEA Portal Breach

The US Department of Justice (DOJ) said in a news statement published earlier this week that Sagar Steven Singh and Nicholas Ceraolo stole the credentials of a police officer in order to get access to a federal law enforcement database, which they then exploited to extort victims.

In a report by The Verge, authorities said Singh, 19, and Ceraolo, 25, are members of the hacking gang Vile. They often take personal information from victims before threatening to dox them online if they do not get paid.

The DOJ does not specify which agency Singh and Ceraolo allegedly breached. Still, it does note the site in question includes "detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports." This is consistent with a claim from Krebs on Security, suggesting the attack is connected to the DEA.

Taunting Victims

The lawsuit alleges that Singh utilized information obtained from the federal site to threaten his victims, including writing to one individual and threatening to harm their family unless they provided him access credentials to their Instagram accounts. He then intimidated the victim by including his or her social security number, driver's license number, residential address, and other personal information he obtained from a government database.

Singh reportedly said to the victim, "Through [the] portal, I can request information on anyone in the US doesn't matter who, nobody is safe. You're gonna comply to me if you don't want anything negative to happen to your parents."

Ceraolo, meanwhile, utilized the web to gain the email address of a Bangladeshi police officer. He reportedly posed as the officer and persuaded an unidentified social networking platform to reveal the home address, email address, and phone number of a particular user under the premise that the victim participated in kid extortion and blackmail and threatened the Bangladeshi government.

Ceraolo apparently tried to con both a well-known gaming platform and a face recognition firm in the same manner, but both turned down his demands.

Several sources have identified Ceraolo as a security researcher, citing his work identifying flaws at telecommunications companies, including T-Mobile, AT&T, and Cox Communications, as noted by Krebs on Security. In May 2022, law enforcement searched Ceraolo's house; in September, they searched Singh's home.

Although Singh was arrested in Pawtucket, Rhode Island, on Tuesday, Mar. 14, Ceraolo turned himself in immediately after the DOJ published its allegations.

The US claims that Ceraolo may spend a maximum of 20 years in prison for his role in a conspiracy to conduct wire fraud and that he and Singh could spend an additional five years in jail for their roles in a conspiracy to commit cyber intrusions.

Trisha Andrada
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics