Both suspects, Sagar Steven Singh and Nicholas Ceraolo, were reportedly members of a notorious cybercrime group, ViLE.
Two US citizens have been charged with hacking into the US DEA online portal using fake emergency data requests from hijacked government and police email accounts. Their primary objective was to blackmail and extort victims.
According to the press release from the US Department of Justice, the two accused hacked into the US Drug Enforcement Agency (DEA) online portal, which is connected to sixteen federal government law enforcement databases.
The two suspects are allegedly associated with a criminal organization that specializes in making fake emergency data requests via compromised email accounts of police and government officials to extort their victims.
The Eastern District of New York prosecutors unsealed criminal complaints against the two accused, 19-year-old Sagar Steven Singh from Pawtucket, Rhode Island, and 25-year-old Nicholas Ceraolo from Queens, NY.
The complaint (PDF) revealed that on May 7, 2022, Singh, aka Weep, logged into a US federal government portal using stolen credentials. The agency name was not disclosed in the complaint, but it did mention that the portal offered access to databases maintained by the US agency that tracks narcotics seizures. Additionally, cybersecurity journalist Brian Krebs reported that the targeted agency was the DEA.
Singh and Ceraolo, aka Ominus and Convict, were reportedly members of a notorious cybercrime group, ViLE. This group specializes in obtaining private data about third-party victims and using it to harass, threaten, or extort them. The two were also staff members for Doxbin.
The DEA portal hacking involved Doxbin’s current administrator, KT, who has been referred to in the government’s complaint as CC-1. This individual is listed at the top of ViLE’s official roster, followed by Weep and Ominus.
As per the government, the defendants and other ViLE members used different methods to access their victims’ private information, such as tricking customer service personnel, sending fake legal processes to social media companies to obtain users’ registration details, corrupting company employees, illegally accessing non-public US government databases and email accounts of foreign officials, and searching for private/public online databases.
When the gang obtained a victim’s data, the two accused would post it on an online forum, which the government calls Forum-1, administered by ViLE leader/CC-1.
“Victims are extorted into paying CC-1 to have their information removed from Forum-1. Singh also uses the threat of revealing personal information to extort victims into giving him access to their social media accounts, which Singh then resells,” prosecutors alleged.
Singh’s residence was raided on September 8, 2022, and investigators seized a cellphone and laptop allegedly containing evidence of DEA portal access.
Moreover, the complaint stated that between February and May 2022, Ceraolo used a Bangladeshi police official’s email account to impersonate him as the individual was in contact with the US-based social media platforms.
“In these communications, Ceraolo requested personal information about users of these platforms, under the false pretense that the users were committing crimes or in life-threatening danger,” the government noted.