Two US Men Charged In 2022 Hacking of DEA Portal (krebsonsecurity.com) 11
An anonymous reader quotes a report from KrebsOnSecurity: Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims. Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh -- also known as "Weep" -- a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, NY, who allegedly also went by the handles "Convict" and "Ominus." The Justice Department says Singh and Ceraolo belong to a group of cybercriminals known to its members as "ViLE," who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as "doxing." [...]
The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization. The complaint doesn't specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States. [On May 12, 2022, KrebsOnSecurity broke the news.] Prosecutors say they tied Singh to the government portal hack because he connected to it from an Internet address that he'd previously used to access a social media account registered in his name. When they raided Singh's residence on Sept. 8, 2022 and seized his devices, investigators with Homeland Security found a cellular phone and laptop that allegedly "contained extensive evidence of access to the Portal." If convicted, Ceraolo faces up to 20 years' imprisonment for conspiracy to commit wire fraud; both Ceraolo and Singh face five years' imprisonment for conspiracy to commit computer intrusions.
A copy of the complaint against Ceraolo and Singh is here (PDF).
The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization. The complaint doesn't specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States. [On May 12, 2022, KrebsOnSecurity broke the news.] Prosecutors say they tied Singh to the government portal hack because he connected to it from an Internet address that he'd previously used to access a social media account registered in his name. When they raided Singh's residence on Sept. 8, 2022 and seized his devices, investigators with Homeland Security found a cellular phone and laptop that allegedly "contained extensive evidence of access to the Portal." If convicted, Ceraolo faces up to 20 years' imprisonment for conspiracy to commit wire fraud; both Ceraolo and Singh face five years' imprisonment for conspiracy to commit computer intrusions.
A copy of the complaint against Ceraolo and Singh is here (PDF).
Parallel Construction? (Score:4, Insightful)
Sounds as though Parallel Construction may have been used here. They found his username on a social media site by the IP, did they subpoena every single IP linked to the VPN's he was using and found one that wasn't VPN? I can only imagine how many IP addresses connect to the "government portal" on any given day/minute/hour.
Re: (Score:3)
Sounds as though Parallel Construction may have been used here.
Also, they go caught because: "Pfft, Amateurs".
Re: (Score:1, Insightful)
The point of parallel construction is to build a case without revealing that they already knew in advance who the perps were or that they initiated the case based on evidence that would be inadmissible in court. Nothing in your post suggests that you know what parallel construction means except perhaps it's a trigger term that upsets slashbots.
Re: (Score:1)
I mean I connected to my school's email and sshed into one of the Linux systems I had access to from outside the US on vacation and got an email 5min later from the admin (I knew him a little already, and he just sits there all day watching logs and such, general paranoid stuff)
Same IP? HAH! (Score:1)
Re: (Score:3)
There's no reason to assume that most cyber-criminals are particularly smart. I've always figured most of them are script kiddies with no moral compass - like most criminals in general, they're basically just opportunists.
Re: (Score:2)
It's Like Having Giant Databases (Score:3)
Re: (Score:2)
I have to wonder why they are not charging whoever sold the DEA such a pile of crap, or gave the OK to put it out into the wild, with a crime
Shouldn't the fucking DEA at least be able to hire competent people and put their work through effective penetration testing before exposing themselves to such attacks?
Comment removed (Score:3)