Two men have been charged for their alleged roles in last year’s hack of the Drug Enforcement Agency’s web portal, as reported earlier by Gizmodo. In a press release posted earlier this week, the Department of Justice says Sagar Steven Singh and Nicholas Ceraolo stole a police officer’s credentials to access a federal law enforcement database that they used to extort victims.
Prosecutors claim the 19-year-old Singh and 25-year-old Ceraolo are members of a hacking group called Vile, which often steals personal information from victims and then threatens to dox them online if they don’t receive a payment. While the DOJ doesn’t explicitly say which agency Singh and Ceraolo allegedly hacked into, it states the portal contains “detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.” This tracks with a report from Krebs on Security that indicates the hack is related to the DEA.
According to the complaint, Singh used the information from the federal portal to threaten his victims, and in one instance, wrote to one person that he would harm their family unless they gave him the credentials to their Instagram accounts. He then attached the victim’s social security number, driver’s license number, home address, and other personal information he collected from the government’s database to his threat.
Fake emergency data requests are becoming increasingly common.
“Through [the] portal, I can request…