Two U.S. men have been charged with hacking into a U.S. Drug Enforcement Agency (DEA) online portal that taps into 16 different federal law enforcement databases. Both are alleged to be part of a larger criminal organization that specializes in using fake emergency data requests from compromised police and government email accounts to publicly threaten and extort their victims.
Prosecutors for the Eastern District of New York today unsealed criminal complaints against Sagar Steven Singh — a.k.a “Weep” — a 19-year-old from Pawtucket, Rhode Island; and Nicholas Ceraolo, 25, of Queens, NY, who allegedly went by the handles “Convict” and “Ominus.”
The Justice Department says Singh and Ceraolo belong to a group of cybercriminals known to its members as “ViLE,” who specialize in obtaining personal information about third-party victims, which they then use to harass, threaten or extort the victims, a practice known as “doxing.”
“ViLE is collaborative, and the members routinely share tactics and illicitly obtained information with each other,” prosecutors charged.
The government alleges the defendants and other members of ViLE use various methods to obtain victims’ personal information, including:
-tricking customer service employees;
-submitting fraudulent legal process to social media companies to elicit users’ registration information;
-co-opting and corrupting corporate insiders;
-searching public and private online databases;
-accessing a nonpublic United States government database without authorization
-unlawfully using official email accounts belonging to other countries.
The complaint says once they obtained a victim’s information, Singh and Ceraolo would post the information in an online forum. The government refers to this community only as “Forum-1,” saying that it is administered by the leader of ViLE (referenced in the complaint as “CC-1”).
“Victims are extorted into paying CC-1 to have their information removed from Forum-1,” prosecutors allege. “Singh also uses the threat of revealing personal information to extort victims into giving him access to their social media accounts, which Singh then resells.”
Sources tell KrebsOnSecurity in addition to being members of ViLE, both Weep and Ominous are or were staff members for Doxbin, a highly toxic online community that provides a forum for digging up personal information on people and posting it publicly. This is supported by the Doxbin administrator’s claimed responsibility for a high-profile intrusion at the DEA’s law enforcement data sharing portal last year.
The government alleges that on May 7, 2022, Singh used stolen credentials to log into a U.S. federal government portal without authorization. The complaint doesn’t specify which agency portal was hacked, but it does state that the portal included access to law enforcement databases that track narcotics seizures in the United States.
On May 12, 2022, KrebsOnSecurity broke the news that hackers had gained access to a DEA portal that taps into 16 different federal law enforcement databases. As reported at the time, the inside scoop on how that hack went down came from KT, the current administrator of the Doxbin and the individual referenced in the government’s complaint as “CC-1.”
Indeed, a screenshot of the ViLE group website includes the group’s official roster, which lists KT at the top, followed by Weep and Ominus.
In March 2022, KrebsOnSecurity warned that multiple cybercrime groups were finding success with fraudulent Emergency Data Requests (EDRs), wherein the hackers use compromised police and government email accounts to file warrantless data requests with social media firms and mobile telephony providers, attesting that the information being requested can’t wait for a warrant because it relates to an urgent matter of life and death.
That story showed that the previous owner of the Doxbin also was part of a teenage hacking group that specialized in offering fake EDRs as a service on the dark web.
Prosecutors say they tied Singh to the government portal hack because he connected to it from an Internet address that he’d previously used to access a social media account registered in his name. When they raided Singh’s residence on Sept. 8, 2022 and seized his devices, investigators with Homeland Security found a cellular phone and laptop that allegedly “contained extensive evidence of access to the Portal.”
The complaint alleges that between February 2022 and May 2022, Ceraolo used an official email account belonging to a Bangladeshi police official to pose as a police officer in communication with U.S.-based social media platforms.
“In these communications, Ceraolo requested personal information about users of these platforms, under the false pretense that the users were committing crimes or in life-threatening danger,” the complaint states.
For example, on or about March 13, 2022, Ceraolo allegedly used the Bangladeshi police email account to falsely claim that the target of the EDR had sent bomb threats, distributed child pornography and threatened officials of the Bangladeshi government.
On or about May 9, 2022, the government says, Singh sent a friend screenshots of text messages between himself and someone he had doxed on the Doxbin and was trying to extort for their Instagram handle. The data included the victim’s Social Security number, driver’s license number, cellphone number, and home address.
“Look familiar?” Singh allegedly wrote to the victim. “You’re gonna comply to me if you don’t want anything negative to happen to your parents. . . I have every detail involving your parents . . . allowing me to do whatever I desire to them in malicious ways.”
Neither of the defendants could be immediately reached for comment. KT, the current administrator of Doxbin, declined a request for comment on the charges.
Ceraolo is a self-described security researcher who has been credited in many news stories over the years with discovering security vulnerabilities at AT&T, T-Mobile, Comcast and Cox Communications.
Ceraolo’s stated partner in most of these discoveries — a 30-year-old Connecticut man named Ryan “Phobia” Stevenson — was charged in 2019 with being part of a group that stole millions of dollars worth of cryptocurrencies via SIM-swapping, a crime that involves tricking a mobile provider into routing a target’s calls and text messages to another device.
In 2018, KrebsOnSecurity detailed how Stevenson earned bug bounty rewards and public recognition from top telecom companies for finding and reporting security holes in their websites, all the while secretly peddling those same vulnerabilities to cybercriminals.
According to the Justice Department, if convicted Ceraolo faces up to 20 years’ imprisonment for conspiracy to commit wire fraud; both Ceraolo and Singh face five years’ imprisonment for conspiracy to commit computer intrusions.
A copy of the complaint against Ceraolo and Singh is here (PDF).
ViLE is an apt description of them. I hope they see at minimum 10 years in jail, although…they’ve wreaked so much pain and anxiety on society, 20 years is perfectly fine by me.
Ah yes, because no justice works as well as retributive justice, amirite?
It doesn’t, but there isn’t better choice for us. I think in a better society we should have it’s own state or country or island where we would extradite all the criminals. Isolate them from the outer world. Let them live there on their own. Whatever. They would create their own economy within there, be free to roam around, but weak passport. Nobody wants vigilantes on their land. Fuck them.
It was tried by the Brits, those places are known now as Belize, Australia and New Zeland
I think it ended better than what you plan, maybe you want to add nukes or something to your dream…
Make it 40. The number of horrific attacks on victims because of that site is uncountable.
these ViLE guys are pure criminals, they dox child extorters and identified massive security holes within the DEA systems (and didn’t do anything with it) throw away the key, LIFE IN PRISON!
I heard the rampant threat actor known as “thekilob” is behind most of the operations conducted by ViLE, as they are close friends with the owner and many of its members.
This person is extremely dangerous, both online and in real life. Federal agents should proceed with caution, as there is a very good possibility that “thekilob” has rigged improvised explosive devices to their residence, as shown in multiple images and videos they have sent.
Him? thekilob was also responsible for the Twitter data breach…
These two are total idiots ! They didn’t think that the US government would use all their advanced technology to find them ?
you’d think they would use their “advanced technology” to protect their systems first.
INTERNET PEOPLE WHEN REAL LIFE, ENJOY JAIL RETARDS LLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLLL
w0w wtf fr33 th3m h4ck3r 4 d4yz – cash
Well, let’s see what actual prison time gets served.
First timers, never used a gun for their money, “barely past age 18”, “Your honor, I found jesus right after I was arrested, and his msg is forgiveness”, 50 years at zero interest to repay any money stolen, etc.
I’ve heard it all in Federal courts.
Good luck, taxpayers, both before the crime and after it…
congrats u have gotten rid of 2 known child predators degens that extort young girls on minecraft and act tough! now get the rest
play stupid games, win stupid prizes.
another W for ‘merica.
rot in piss skiddos
Sha Gz – NEW OPP (Official Music Video) (REUPLOAD)
brian we on u
It’s sad that punishments for these type of people are so soft. They ruin lives, drive people to suicide and all they get a slap on the wrist, with riches waiting for them on the outside when they get released. Even when criminals are caught, it means almost nothing, the world is so disappointing.
bro deleted my post…. brian ONCE AGAIN WE ON U
sha gz- NEW OPP
Give them LIFE In prison for taking predators off of the internet !!!
these vile guys are such meanies >:(
I don’t wish anyone jail time and fuck the police, but vile and their whole “crime” group deserves to get a proper rekt. To me they are as bad as offending pedos are. Absolutely disgusting human beings. The more you look into them, the worse it gets. I don’t think they are even humans tbh.
KT lowkey a clown.
None of this would’ve happened if he didn’t decide to go brag to Krebs.
They could’ve maintained access discretely for years, lol.
Weep better start lifting weights before he hits the cell block.
We on you brian Krebs we got a new Op