Scammers used compromised police accounts in extortion scheme, prosecutors say
Two men broke into a federal law enforcement database and a Bangladeshi police officer’s email account to conduct extortion schemes, U.S. law enforcement officials say.
A federal court in New York unsealed an indictment Tuesday against 19-year-old Sagar Steven Singh and 25-year-old Nicholas Ceraolo, who are accused of illegally collecting personal information about specific people and threatening to post it on a public website unless the victims met their demands.
Singh, of Pawtucket, Rhode Island, was arrested in that city Tuesday, according to prosecutors. Ceraolo, of Brooklyn, remains at large.
They were part of a crime group called “ViLE” that specialized in doxxing, or posting sensitive information about people online, according to the indictment.
The pair “unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports,” officials said.
In one case, Singh ordered a victim to hand over the credentials to an Instagram account, prosecutors said. Singh told his target, “you’re gonna comply to me if you don’t want anything negative to happen to your parents,” according to the indictment. Singh ultimately ordered the victim to sell the Instagram account and give the money to him, prosecutors said.
The alleged scam involving the foreign police officer’s account was more complicated: Ceraolo allegedly “posed as a police officer to obtain subscriber information from various online service providers,” prosecutors said, then illicitly accessed “an official email account belonging to a Bangladeshi police official.”
The goal was to use the email account to request data from companies — including a social media company and a gaming platform — about specific customers, the indictment said. Ceraolo told one social media company to “provide information about one of its subscribers … by asserting that the subscriber had participated in ‘child extortion’ and blackmail and had threatened officials of the Bangladeshi government,” prosecutors said.
Employees of a gaming platform detected the scam, prosecutors said, causing Ceraolo to threaten to hack the company and sell its data on a dark web market. Ceraolo allegedly then found an associate to send the company a “a forged subpoena” that sought registration details about the platform’s administrators. The company did not comply, prosecutors said.
If convicted, Ceraolo faces up to 20 years in prison on charges of conspiracy to commit wire fraud. Separately, Ceraolo and Singh face up to five years in prison for conspiracy to commit computer intrusions.
is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.