Two men have been charged(Opens in a new window) for their alleged roles in the 2022 hack of the Drug Enforcement Agency’s (DEA) web portal.
Nicholas Ceraolo, 25, and Sagar Steven Singh, 19, are accused by federal prosecutors of using compromised law enforcement passwords and government email accounts in order to obtain information about victims, which they used to blackmail and extort them.
Ceraolo, who is charged with wire fraud and computer crimes and is currently at large, is facing up to 20 years in prison. Singh, who was arrested this week in Rhode Island, is charged with computer crimes and faces up to five years in jail.
The hacked DEA portal reportedly(Opens in a new window) provided Ceraolo, Singh, and the cybercriminal group named “ViLE” that they were part of, with access to 16 different law enforcement databases full of sensitive information.
In one case, using information obtained from the hack, Singh told a victim that he had access to their Social Security number, home address, and driver’s license information and said he would “harm” their family if they refused to comply with his demands.
In a different highlighted case, Ceraolo used an official email account belonging to a Bangladeshi police officer in order to get a social media platform to provide personal information about one of its subscribers. Ceraolo told the company the subscriber was guilty of “child extortion” and blackmail and had threatened Bangladeshi government officials.
Recommended by Our Editors
Announcing the charges, United States Attorney for the Eastern District of New York Breon Peace said: “Singh and Ceraolo aptly belonged to a group called, as their crime was, ‘Vile.’ That conduct ends today. As alleged, the defendants shamed, intimidated and extorted others online. This Office will not tolerate those who impersonate law enforcement officers and misuse the public safety infrastructure that exists to protect our citizens.”
Meanwhile, Ivan J. Arvelo from Homeland Security Investigations said: “As these charges make clear, the alleged unauthorized access of a US federal law enforcement system and impersonation of law enforcement officials are serious offenses, and the criminals who perpetrate these schemes will be held accountable for their crimes.”
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.