Two members of the hacking group called Vile, 19-year-old Sagar Steven Singh and 25-year-old Nicholas Ceraolo, have been charged with their alleged roles in the hack of the Drug Enforcement Agency’s web portal last year. According to the Department of Justice, they stole a police officer’s credentials to access a federal law enforcement database, which they then used to extort victims. Singh used the information from the federal portal to threaten his victims, and in one instance, wrote to one person that he would harm their family unless they gave him the credentials to their Instagram accounts. Ceraolo used the portal to obtain the email credentials belonging to a Bangladeshi police officer, posing as the officer in correspondence with an unnamed social media platform, and convincing the site to provide the personal details of a specific user. While law enforcement sometimes asks social media sites for data about a particular user if they’re involved in a crime, this requires a subpoena or search warrant signed by a judge. However, emergency data requests don’t need this kind of approval, which is something hackers are taking advantage of. The DOJ states the portal contained “detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.” Ceraolo has been described as a security researcher in numerous reports that credit him with uncovering security vulnerabilities related to T-Mobile, AT&T, and Cox Communications. Law enforcement raided Ceraolo’s home in May 2022 before searching Singh’s residence in September. While Singh was arrested in Pawtucket, Rhode Island on Tuesday, Ceraolo turned himself in shortly after the DOJ announced its charges.
Two hackers accused of breaching the DEA portal last year face charges.
