Two People Charged With Involvement In Hacking The DEA Web Portal And Police Data Fraud

The DEA portal burglar has been caught. (photo: twitter @DEA_HQ)

JAKARTA - Two men have been indicted for their role in hacking the web portal of the United States Narcotics Law Enforcement Agency (DEA) last year. According to Gizmodo, Sagar Steven Singh and Nicholas Ceraolo are suspected of stealing the credentials of a police officer to access the federal law enforcement database they use to exploit victims.

Prosecutors claim that Singh, 19, and Ceraolo, 25, are members of a hacking group called Vile, who often steals personal information from the victim and then threatens to expose the information if they don't accept payment.

Although the Justice Department did not explicitly mention which agency Singh and Ceraolo hacked, it said the portal contained "unpublished detailed records of drug and money confiscations, as well as law enforcement intelligence reports." This is in line with a report from Krebs on Security showing that the hack is linked to the United States Narcotics Law Enforcement Agency.

According to the allegations, Singh used information from the federal portal to threaten the victim, and in one instance, wrote to someone that he would harm the victim's family unless they gave him the credentials of their Instagram account.

He then attached the victim's social security number, SIM number, home address, and other personal information he collected from the government database to the threat. "Through [portal], I can ask for information about anyone in the US no matter who, no one is safe," Singh wrote, according to the allegations. "You will obey me if you don't want something negative to happen to your parents."

Sementara itu, Ceraolo menggunakan portal tersebut untuk memperoleh kredensial email seorang petugas kepolisian Bangladesh. Ceraolo diduga masuk sebagai petugas tersebut selama korupsinya dengan platform media sosial yang tidak disebutkan namanya, dan meyakinkan situs tersebut untuk memberikan alamat rumah, alamat email, dan nomor telepon pengguna tertentu di bawah alasan bahwa korban "terlibat dalam 'pelengkaian anak,' pemerasan, dan mengancam pemerintah Bangladesh."

Ceraolo is also suspected of trying to commit fraud on gaming platforms and popular facial recognition companies in the same way, but both rejected his request.

The scams carried out by Ceraolo are now increasingly common. Last year, a report from Bloomberg revealed that Apple, Meta, and Discord were victims of the same deception involving hackers pretending to be police officers seeking emergency data requests.

Although the police sometimes ask social media sites to provide data on specific users if they are involved in a crime, this requires a warrant or search warrant signed by the judge. However, requests for emergency data do not require such consent, which is something hackers use.

As Krebs on Security explains, Ceraolo has actually been described as a security researcher in many reports that it has found security vulnerabilities related to T-Mobile, AT&T, and Cox Communications. Law enforcement searched Ceraolo's house in May 2022 before conducting a search at Singh's residence in September.

It was reported that The Verge, Singh was arrested in Pawtucket, Rhode Island on Tuesday, March 14 while Ceraolo surrendered shortly after DOJ announced his allegations. According to DOJ, Ceraolo faces up to 20 years in prison for conspiracy to commit wire fraud, and neither Ceraolo nor Singh can face five years in prison for conspiracy to commit computer intrusion.