Nuked Hey everyone! Nuked here. This week I wanted to talk about two hackers who were charged for their alleged actions in last year’s hack of the Drug Enforcement Agency’s web portal.
Sagar Steven Singh and Nicholas Ceraolo, both 19 and 25 respectively, are members of a hacking group called Vile. They allegedly stole a police officer’s credentials to access a federal law enforcement database that they used to extort victims.
Prosecutors claim that Singh used the information from the federal portal to threaten his victims. He even wrote to one person that he would harm their family unless they gave him the credentials to their Instagram accounts. He then attached the victim’s social security number, driver’s license number, home address, and other personal information he collected from the government’s database to his threat.
Meanwhile, Ceraolo used the portal to obtain the email credentials belonging to a Bangladeshi police officer. He posed as this officer during his correspondence with an unnamed social media platform, and convinced the site to provide the home address, email address, and telephone number of a specific user under false pretenses.
Fake emergency data requests are becoming increasingly common, and law enforcement is taking notice. The Department of Justice has charged both men with conspiracy to commit wire fraud and conspiracy to commit computer intrusions. If convicted, Ceraolo could face up to 20 years behind bars and both could face five years in prison for their actions.
It’s important to remember that law enforcement must follow certain procedures when requesting data from social media sites. Emergency data requests don’t require a subpoena or search warrant signed by a judge like other data requests do. So it’s important to be aware of any suspicious activity online and report it if you can.
