Prosecutors yesterday charged two US men with hacking into a DEA (Drug Enforcement Agency) portal in 2022. The breach gave the perpetrators access to sensitive data, as the portal was linked to the databases of 16 federal law enforcement agencies.
The suspects are 19-year-old Sagar Steven Singh, who operated under the moniker of “Weep,” and 25-year-old Nicholas Ceraolo, also known as “Convict” or “Ominus.”
According to the Justice Department, Singh and Ceraolo were members of a notorious cybercrime group known as “ViLE.” The unlawful ensemble is known for sheltering seasoned doxing practitioners, who focus on harvesting personal information and using it for threats, harassment or extortion.
Allegedly, Singh logged into a DEA portal using stolen credentials. Although the complaint fails to indicate the precise portal breached, it does point out its connection to several law enforcement databases used to track US narcotic seizures.
A rookie mistake brought about Singh’s detention, letting authorities link him to the incident: the suspect allegedly used the same address to connect to the portal and access a personal social media account.
Reportedly, a raid at Singh’s residence provided Homeland Security investigators with evidence that he had accessed the portal.
Ceraolo, the other alleged culprit, illegally accessed a Bangladeshi police official’s email account, posing as a police officer. He then leveraged his stolen identity to solicit personal information about users of various US-based social media platforms, claiming they were “in life-threatening danger” or committing crimes.
“If convicted, Ceraolo faces up to 20 years’ imprisonment for conspiracy to commit wire fraud, and both Ceraolo and Singh face five years’ imprisonment for conspiracy to commit computer intrusions,” reads a Justice Department press release. “The charges in the complaint are allegations, and the defendants are presumed innocent unless and until proven guilty.”