Two members of cybercriminal group charged with hacking DEA portal last year

two men last year’s hack on the Drug Enforcement Administration web portal previously reported by gizmodo. of Posted a press release Earlier this week, the Justice Department announced it had accessed a federal law enforcement database used by Sagar Steven Singh and Nicholas Ceraolo to steal police credentials and extort victims.

Prosecutors allege Singh, 19, and Sera Oro, 25. A member of a hacking group called Vile, he often steals personal information from his victims and threatens to expose them online if he doesn’t receive payment. The DOJ did not specify which agency Singh and Ceraolo allegedly hacked, but said the portal contained “detailed, non-public records of drug and currency seizures, as well as law enforcement intelligence reports.” says.this is report from Krebs on Security that is Hacking is related to DEA.

According to the complaint, Singh used information from the federal portal to blackmail the victim, telling one person that he would harm his family unless he handed over his Instagram account credentials. We attached our Social Security number, driver’s license number, home address, and other personal information collected from government databases to the threat.

“finished [the] Portal, I can request information from anyone in the United States. “If you don’t want bad things to happen to your parents, listen to me.”

Meanwhile, Ceraolo used the portal to obtain email credentials belonging to a Bangladesh police officer. Ceraolo pretended to be a police officer when interacting with an unnamed social media platform and falsely claimed that the victim had participated in a “child blackmailing” campaign, using certain users’ home addresses, emails, and email addresses. , allegedly persuaded the site to provide a phone number. Blackmailed and blackmailed the Bangladesh government. Ceraolo said he tried to scam the popular game platform and a facial recognition company in the same way, but both denied the request.

The scams run by Ceraolo are becoming more and more common. last year, report from bloomberg It revealed that Apple, Meta, and Discord suffered similar damage A ploy involving hackers posing as police officers asking for urgent data requests. Law enforcement agencies may request data about users of social media sites if a particular user has been implicated in a crime, but this requires a subpoena or search warrant signed by a judge. but, urgent data request You don’t need the kind of authorization that hackers use.

as pointed out by Krebs on SecurityCeraolo, as a practicing security researcher, has been described in numerous reports in which he has admitted to discovering relevant security vulnerabilities. T-Mobile, AT&Tand Cox CommunicationsLaw enforcement raided Ceraolo’s home in May 2022 and then searched Singh’s residence in September.

Cera Oro when Singh was arrested in Pawtucket, Rhode Island on Tuesday turned himself in Shortly after DOJ announced the indictment. According to the DOJ, Ceraolo faces up to 20 years in prison for wire fraud conspiracy, and Ceraolo and Singh could face up to five years in prison for conspiring to break into a computer.