“ViLE” members posed as police officers and extorted victims

Two men have been charged with wire fraud and conspiracy to commit computer intrusions after they allegedly extorted victims by threatening to publish their personal information online—a practice known as doxxing.

In a press release, the US Attorney’s Office in the Eastern District of New York revealed details about the complaint against Sagar Steven Singh and Nicholas Ceraolo. Singh has been arrested but Ceraolo is still at large.

Singh and Ceraolo belonged to a group called Vile. Members of ViLE sought to collect victims’ personal information, such as names, physical addresses, telephone numbers, social security numbers, and email addresses. ViLE runs their own website which they use to post that information to unless the victim complies with their demands.

In order to get hold of the personal information, it’s alleged that Singh and Ceraolo unlawfully used a police officer’s stolen password to access a restricted database.

They used the police officer’s credentials to access the web portal maintained by a US federal law enforcement agency, whose purpose is to share intelligence from government databases with state and local law enforcement agencies. The database contained (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports. 

As stated by United States Attorney Peace:

“As alleged, the defendants shamed, intimidated and extorted others online. This Office will not tolerate those who impersonate law enforcement officers and misuse the public safety infrastructure that exists to protect our citizens.”

The two suspects are also charged with accessing the email account of a foreign law enforcement officer. They abused this access to defraud social media companies by making purported emergency requests for information about the companies’ users. For example, one of the defendants used an official email account to pose as a Bangladeshi police officer in communication with US-based social media platforms.

The same Bangladeshi police account was used to request data about the user of an online gaming platform. When caught, the defendents allegedly threatened to sell the platform’s information on the Dark Web. An associate posed as a US local police officer and sent a forged subpoena to one of the platform’s vendors, seeking registration details about their administrators.  The vendor did not provide the information.

Data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

  • Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
  • Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
  • Enable two-factor authentication. Where possible, use a FIDO2 2FA device. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
  • Watch out for fake vendors. The thieves may contact you posing as a vendor. Check the vendor website to see if they are contacting victims, and verify any contacts using a different communication channel.
  • Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.

Malwarebytes removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.