ViLE gang members sentenced for extortion, police portal breach
Two members of a group of cybercriminals named ViLE were sentenced this week for hacking into a federal law enforcement web portal in an extortion scheme.
According to court documents, ViLE specializes in obtaining personal information about targets to harass, threaten, or extort them, a practice known as “doxing.”
To collect sensitive information on their victims, they use methods such as tricking customer service employees, submitting fraudulent legal requests to social media companies, bribing corporate insiders, and searching public and private online databases.
“The defendants impersonated law enforcement, illegally accessed government databases, and even faked life-threatening situations to bypass criminal procedures through which they could obtain sensitive personal information,” said Michael Alfonso, an Acting Special Agent in Charge with Homeland Security Investigations (HSI).
“They threatened innocent victims’ livelihoods and were found to have joked about their deceptive, exploitative, and calculated scheme in messages with each other.”
21-year-old Sagar Steven Singh (also known as Weep) from Pawtucket, Rhode Island, was sentenced to 27 months for aggravated identity theft and conspiracy to commit computer intrusion.
The second defendant, 26-year-old Nicholas Ceraolo (also known as ‘Convict,’ ‘Anon,’ and ‘Ominous’) from Queens, New York, received a 25-month sentence for the same charges.
One year ago, the two ViLE members pleaded guilty to stealing personal information belonging to multiple individuals whom they had blackmailed.
On May 7, 2022, with the help of an officer’s stolen credentials, they gained access to a database maintained by a federal law enforcement agency, which was used to share intelligence with state and local law enforcement, including “detailed nonpublic records of narcotics and currency seizures.”
They used personal information stolen from the breached portal, such as social security numbers, to extort their victims by threatening to leak this sensitive data online unless they were paid.
“ViLE then threatened to ‘dox’ victims by posting that information on a public website administered by a ViLE member. Victims could pay to have their information removed from or kept off the website,” the Justice Department said.
In one blackmail attempt, Singh forced one victim to hand over control of their Instagram accounts after messaging their security number, driver’s license number, home address, and other personal details and saying, “you’re gonna comply to me if you don’t want anything negative to happen to your parents.
Messages between Ceraolo and Singh show they fully understood the seriousness of their malicious activities and feared police raids. The U.S. Justice Department has yet to share information regarding other investigations to identify and prosecute the other four ViLE members.
Manual patching is outdated. It’s slow, error-prone, and tough to scale.
Join Kandji + Tines on June 4 to see why old methods fall short. See real-world examples of how modern teams use automation to patch faster, cut risk, stay compliant, and skip the complex scripts.
Source link
