Two members of the notorious hacking group called “ViLE” have pleaded guilty to charges of conspiring to commit computer intrusion and aggravated identity theft. Sagar Steven Singh and Nicholas Ceraolo, who were charged in March 2023, admitted to using a stolen law enforcement officer’s password to gain unauthorized access to a restricted portal maintained by a US law enforcement agency.
Today, in federal court in Brooklyn, Sagar Steven Singh pled guilty before United States Magistrate Judge Marcia M. Henry to conspiring to commit computer intrusion and aggravated identify theft. On May 30, 2024, Nicholas Ceraolo pled guilty before Judge Henry to the same offenses. Singh and Ceraolo were charged in March 2023.
Breon Peace, United States Attorney for the Eastern District of New York, and Ivan J. Arvelo, Special Agent-in-Charge, U.S. Department of Homeland Security, Homeland Security Investigations (HSI), New York, announced the charges.
“The defendants called themselves ‘ViLe,’ and their actions were exactly that,” stated U.S. Attorney Peace. “They hacked into a law enforcement database and had access to sensitive personal information, then threatened to harm a victim’s family and publicly release that information unless the defendants were ultimately paid money. Our Office is relentless in protecting victims from having their sensitive information stolen and used to extort them by cybercriminals.”
Mr. Peace thanked HSI’s El Dorado Task Force, the Federal Bureau of Investigation and the New York Police Department for their assistance on the case.
“The defendants, along with their co-conspirators, exploited vulnerabilities within government databases for their own personal gain. These guilty pleas send a strong message to those that would seek illicit access to protected computer systems,” said HSI New York Special Agent in Charge Ivan J. Arvelo. “HSI New York’s El Dorado Task Force will continue to work with law enforcement partners to uncover evidence until every member of the ViLe group and similar criminal organizations are brought to justice.”
ViLE Overview
Singh and Ceraolo belonged to a group called “ViLE,” the logo of which includes the body of a hanging girl, as depicted below in the group’s official roster:
Members of ViLE sought to collect victims’ personal information, including social security numbers. ViLE then posted that information (or threatened to post it) on a public website administered by a ViLE member – an action known as “doxxing.” Victims could pay to have their information removed from or kept off the website.
Conduct
Singh and Ceraolo unlawfully used a law enforcement officer’s stolen password to access a nonpublic, password-protected online portal (the “Portal”) maintained by a U.S. federal law enforcement agency. The purpose of the Portal was to share intelligence from government databases with state and local law enforcement agencies, and the Portal provided access to detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.
Singh wrote to a victim (Victim-1) that he would “harm” Victim-1’s family unless Victim-1 gave Singh the credentials for Victim-1’s Instagram accounts. In order to drive home the threat, Singh appended Victim-1’s social security number, driver’s license number, home address and other personal details. Singh told Victim-1 that he had “access to [] databases, which are federal, through [the] portal, i can request information on anyone in the US doesn’t matter who, nobody is safe.” He added: “you’re gonna comply to me if you don’t want anything negative to happen to your parents.” Singh ultimately directed Victim-1 to sell Victim-1’s accounts and give the proceeds to Singh.
After Singh and Ceraolo accessed the Portal, they both acknowledged knowing that their conduct was criminal. Ceraolo wrote to Singh: “were [sic] all gonna get raided one of these days i swear.” Later that day, Singh wrote to a contact that the “portal [] i accessed i was not supposed to be there not one bit.” Singh said he had “jacked into a police officer’s account” and “that portal had some f***ing potent tools.” Singh continued: “it gave me access to gov databases,” followed by the names of five search tools accessible through the Portal.
The government’s case is being handled by the Office’s National Security and Cybercrime Section. Assistant United States
When sentenced, the defendants each face a minimum sentence of two years in prison, and a maximum of seven years.
The
Nicholas Ceraolo (also known as “Convict,” “Anon” and “Ominous”)
Age: 26
Queens, New York
Sagar Steven Singh (also known as “Weep”)
Age: 20
Pawtucket, Rhode Island
E.D.N.Y. Docket No. 23-cr-236
Original Source: https://www.justice.gov/usao-edny/pr/two-men-plead-guilty-computer-intrusion-and-aggravated-identity-theft-hacking-federal
Cyber Law and Cybercrime Investigation Blog: Immuniweb