Guilty Pleas in Hacking Case: Two Men Admit to Breaching Federal Database for Extortion Scheme

Two men have pled guilty to breaching a federal law enforcement database and exfiltrating personal details to use in an extortion scheme.

20-year-old Sagar Steven Singh and 26-year-old Nicholas Ceraolo, members of the “ViLE” hacking group, stole sensitive personal information from the compromised database and used it to blackmail their victims, threatening to disclose the data unless paid, the U.S. Department of Justice (DoJ) said.

Both Perpetrators Pleaded Guilty

Singh, who used the monikers “Anon,” “Convict,” and “Ominous,” and Ceraolo, who was also known as “Weep,” were indicted last March. Both have now pleaded guilty and could serve two to seven years in prison.

According to the DoJ, the two perpetrators weaponized a police officer’s stolen credentials to breach a restricted law enforcement database. Once inside, they accessed a trove of information including intelligence reports, sensitive details about suspects, and enforcement actions.

Threat Actors Exploited the Portal to Solicit Additional Information

According to a DoJ press release, “the purpose of the Portal was to share intelligence from government databases with state and local law enforcement agencies, and the Portal provided access to detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports.”

However, their actions extended beyond simply accessing the sensitive data in the restricted database, the DOJ said. Ceraolo also exploited the new privileges to solicit additional information from social media companies by fabricating criminal investigations and emergencies to obtain personal user details, according to the department.

Doxing and Blackmailing

Additionally, the criminal duo were accused of doxing and threatening victims they managed to identify, blackmailing them with releasing their personal info, including email addresses, home addresses, and Social Security Numbers, unless they received payment.

After accessing the portal, the threat actors acknowledged they knew of the criminal nature of their actions, as demonstrated by internal communications recovered by law enforcement, according to the release. Ceraolo expressed concerns about the potential consequences of their activities, predicting a dramatic law enforcement response.

Later the same day, Singh told a contact that he had inappropriately accessed a restricted area, using an officer’s credentials to gain entry. He noted the significant capabilities provided by this unauthorized access, including entry to government databases and several powerful search tools available through the Portal.