Two Men Charged with Using Compromised Passwords, E-mail Accounts to Obtain Victims’ Personal Info

Two Men Charged with Using Compromised Passwords, E-mail Accounts to Obtain Victims’ Personal Info

Photo Courtesy of U.S. Attorney’s Office for the Eastern District of NY

“Singh and Ceraolo aptly belonged to a group called, as their crime was, ‘Vile.’ That conduct ends today,” Brooklyn U.S. Attorney Peace said.

By Forum Staff

A criminal complaint was unsealed on Tuesday in federal court in Brooklyn charging Sagar Steven Singh and Nicholas Ceraolo with wire fraud and conspiracy to commit computer intrusions. The charges stem from Singh’s and Ceraolo’s efforts to extort victims by threatening to release their personal information online. Singh, 19, was arrested Tuesday morning in Pawtucket, Rhode Island, and made his initial appearance Tuesday afternoon in federal court in Providence, Rhode Island.

Ceraolo, 25, a Queens resident, remains at large.

In pursuit of victims’ personal information, Singh and Ceraolo unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.  Ceraolo (with Singh’s knowledge) also accessed without authorization the email account of a foreign law enforcement officer, and used it to defraud social media companies by making purported emergency requests for information about the companies’ users.

As alleged in the criminal complaint, Singh and Ceraolo belonged to a group called “ViLE.” Members of ViLE sought to collect victims’ personal information, such as names, physical addresses, telephone numbers, social security numbers and email addresses.  ViLE then posted that information (or threatened to post it) on a public website administered by a ViLE member – an action known as “doxxing.” Victims could pay to have their information removed from or kept off the website.

As alleged in the complaint, in pursuit of victims’ personal information. Singh and Ceraolo used a police officer’s credentials to access without authorization a nonpublic, password-protected web portal (the “Portal”) maintained by a U.S. federal law enforcement agency, whose purpose is to share intelligence from government databases with state and local law enforcement agencies.  After both Singh and Ceraolo accessed the Portal, Ceraolo wrote to Singh: “were all gonna get raided one of these days i swear.”  Later that day, Singh wrote to a contact that the “portal [] i accessed i was not supposed to be there not one bit.”  Singh said he had “jacked into a police officer’s account” and “that portal had some fucking potent tools.”  Singh continued: “it gave me access to gov databases,” followed by the names of five search tools accessible through the Portal.

Within one day of this unauthorized access, Singh was using his access to the Portal to extort victims.  Singh wrote to a victim (Victim-1) that he would “harm” Victim-1’s family unless Victim-1 gave Singh the credentials for Victim-1’s Instagram accounts – and appended Victim-1’s social security number, driver’s license number, home address, and other personal details.  During the conversation, Singh told Victim-1 that he had “access to [] databases, which are federal, through [the] portal, i can request information on anyone in the US doesn’t matter who, nobody is safe.”  Singh added: “you’re gonna comply to me if you don’t want anything negative to happen to your parents.”  Singh ultimately directed Victim-1 to sell Victim-1’s accounts and give the proceeds to Singh.

In addition to accessing the Portal without authorization, Ceraolo posed as a police officer to obtain subscriber information from various online service providers.

“Singh and Ceraolo aptly belonged to a group called, as their crime was, ‘Vile.’ That conduct ends today,” said Brooklyn U.S. Attorney Breon Peace.



Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>