Pair accused of breaking into US law enforcement database, posing as cops
Teen arrested yesterday while another man suspected of being a ViLE crime group member still 'at large'
A 19-year-old suspected of belonging to the "ViLE" crime group told a man authorities think is in the same gang that he "jacked into a police officer's account" and "the portal had some fucking potent tools" according to a complaint unsealed today in the Eastern District of New York.
The US Attorney's Office for the district alleged Sagar Steven Singh (19) and Nicholas Ceraolo (25) had not only blackmailed victims using their personal info by threatening to post it on a public-facing website, but they also made "emergency requests" to social media companies asking for information about users.
The social media companies involved were not named, but the platforms that coughed up the victims' information were "often" tricked using the pretense that "loss of life was imminent," the federal prosecutor and Homeland Security said in the statement.
The database in question has "detailed, nonpublic records of narcotics and currency seizures", as well as "law enforcement intelligence reports" – meaning it is possibly a Drug Enforcement Administration (DEA) database, although the complaint didn't spell this out. The redacted complaint was only unsealed yesterday as, according to a sworn deposition from a Homeland Security agent: "Based on my training and experience, I have learned that criminals actively search for criminal affidavits on the internet and disseminate them to other criminals as they deem appropriate, such as by posting them publicly through online forums."
The teen was arrested yesterday morning and appeared in federal court yesterday afternoon while 25-year-old Ceraolo is "still at large," US attorney for the Eastern District of New York Breon Peace, and Homeland Security special agent Ivan J Arvelo said while announcing the charges. If convicted, Ceraolo could get up to 20 years for conspiracy to commit wire fraud, and both Ceraolo and Singh face a potential five year sentence for conspiracy to commit computer intrusions.
The complaint alleges Singh and Ceraolo used a police officer's credentials to access "a nonpublic, password-protected web portal" maintained by a US federal law enforcement agency without authorization. The purpose of the portal, says the US Attorney's Office, is to share intelligence from government databases with state and local law enforcement agencies.
The prosecutors allege both Singh and Ceraolo accessed the portal, claiming Ceraolo, who they suspect is linked to the ViLE member user handles "Convict," "Anon" and "Ominous", wrote to Singh: "[we're] all gonna get raided one of these days i swear." Later that day, they allege, Singh wrote to a contact that the "portal i accessed i was not supposed to be there, not one bit." The complaint went on to allege that Singh, whom it is claimed uses the online handle "Weep", continued: "it gave me access to gov databases," followed by the names of five search tools accessible through the portal.
- Iran crew stole Charlie Hebdo database, says Microsoft
- Cyber-mercenaries for hire represent shifting criminal business model
- Privacy watchdog to probe Oz gov's right to release personal info 'to correct the record'
- The Man demands yet more account information from Twitter
Within one day of this unauthorized access, "Weep" was allegedly using his access to the portal to extort victims, claims a deposition from a Homeland Security agent in the document.
The complaint describes ViLE as a "group of cybercriminals... who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as 'doxing.' ViLE is collaborative, and the members routinely share tactics and illicitly obtained information with each other."
The group has a website where it publishes the information adorned with a creepy, disturbing logo that, suffice it to say, fits in well with the kind of edgelord bullshit so well-liked by the youngsters (and those old enough to know better) who play around on 4chan and the criminal part of the dark web. The US Attorney's Office for Eastern District of New York included a screenshot in the complaint, but The Reg doesn't care to reproduce it here. ®