Prosecutors accused two young American men of breaking into a DEA portal in 2022 yesterday. Given that the portal was connected to the databases of 16 federal law enforcement organizations, the breach offered the criminals access to sensitive data.
The suspects are Nicholas Ceraolo, 25, also known as “Convict” or “Ominus,” and Sagar Steven Singh, 19, who went under the alias “Weep.” Singh and Ceraolo, according to the Justice Department, belonged to the infamous cybercrime organization “ViLE.” The illegal group is known for providing shelter to doxing experts who specialize in gathering personal information and utilizing it for intimidation, harassment, or extortion.
Singh allegedly used stolen login information to access a DEA portal. The complaint doesn’t specify which specific portal was compromised, but it does note that it was connected to a number of databases used by law enforcement to monitor drug seizures in the US.
Singh was detained as a result of a rookie error that allowed officials to connect him to the incident: the suspect is said to have connected to the portal using the same address to access a personal social media account. According to reports, a raid on Singh’s home gave Homeland Security agents proof that he had used the portal.
The other alleged offender, Ceraolo, pretended to be a police officer in order to get unauthorized access to a Bangladeshi police official’s email account. Then, using his fake identity, he used to ask for personal information from members of different US-based social networking platforms, alleging they were “in life-threatening danger” or were committing crimes.
According to a Justice Department press release, Ceraolo and Singh could each receive five years in jail for conspiring to commit computer intrusions and up to 20 years in prison for conspiring to commit wire fraud, respectively. The defendants are deemed innocent unless and until proven guilty because the claims in the complaint are only those allegations.
Two US citizens are accused of breaking into the US DEA portal via fictitious emergency data requests sent from hacked police and government email addresses. Their main goal was to extort and blackmail people. The two accused entered the US (Drug Enforcement Agency) DEA portal, which is linked to sixteen federal government law enforcement databases, according to a news release from the US Department of Justice.
The two suspects are allegedly affiliated with a criminal group that specializes in impersonating police and government officials by sending false emergency data demands through their stolen email accounts in order to demand money from their victims. Eastern District of New York prosecutors unveiled criminal allegations against the two defendants, Sagar Steven Singh, 19, Pawtucket, Rhode Island, and Nicholas Ceraolo, 25, Queens, New York. According to the lawsuit (PDF), Singh, alias Weep, used stolen credentials to access a US federal government portal on May 7, 2022.
Although the identity of the agency was withheld in the complaint, it did state that the site provided access to records kept by the US agency that monitors drug seizures. In addition, cybersecurity expert Brian Krebs noted that the DEA portal was the entity that was attacked. According to reports, the famed cybercrime organization ViLE included Singh and Ceraolo, also known as Ominus and Convict. This gang specializes in gathering sensitive information about unwitting victims and utilizing it to extort, harass, or otherwise harm them. The two individuals worked for Doxbin as well.