Those charged are 25-year-old Nicholas Ceraolo of New York and 19-year-old Sagar Steven Singh of Rhode Island. Officials claim they are part of an online hacking collective known as "ViLE."
Ceraolo and Singh are being accused of breaking into the database of a federal law enforcement agency; using the compromised email address of a Bangladeshi police officer to fraudulently request user data from a social media company; and attempting to purchase the services of a facial recognition company whose products are not available to the general public by impersonating a law enforcement officer. (Related: WhatsApp HACKED: Nearly 500 million phone numbers from 84 countries and territories put up for sale.)
Singh was arrested in Rhode Island on Tuesday, March 14, and Ceraolo remains at large. Singh, who is facing charges of computer crimes, can face up to five years in prison. Ceraolo, charged with both wire fraud and computer crimes, could spend up to 20 years in prison.
Members of ViLE seek out the personal information of potential victims, such as physical addresses, phone numbers and Social Security Numbers. They then threaten to dox these people by posting this personal data on their website if the victims refuse to pay.
According to a press release from the United States Attorney's Office for the Eastern District of New York, Singh and Ceraolo, as part of ViLE, "unlawfully used a police officer's stolen password to access a restricted database maintained by a federal law enforcement agency that contains (among other data) detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports."
One of the hackers allegedly wrote to a contact that his access to U.S. federal law enforcement data was so complete that he "can request information on anyone in the U.S., doesn't matter who, nobody is safe."
At another point, Singh also reportedly wrote to a contact that the federal law enforcement portal "had some f------ potent tools," highlighting just how comprehensive the portal's information was.
Ceraolo and Singh reportedly used the information stolen from the data portal to cyberstalk, threaten and extort their victims. At one point, Singh allegedly called one of his targets and threatened the victim by flaunting his access to the person's Social Security number, home address and driver's license information. He even told the victim that he would "harm" the person's family if he did not receive payment.
In Ceraolo's case, he is accused of using his access to the portal to submit fraudulent emergency data requests to social media companies, which gave him access to sensitive subscriber data not found in the portal itself.
At one point, Ceraolo, using the Bangladeshi police officer's compromised email, was able to induce one social media platform to provide information about one subscriber, including the person's address, email and telephone number, by claiming that the subscriber had participated in "child extortion" and blackmail and had threatened officials of the Bangladeshi government.
Officials refused to name the law enforcement portal involved, merely describing it as a "nonpublic, password-protected web portal … maintained by a U.S. federal law enforcement agency, whose purpose is to share intelligence from government databases with state and local law enforcement agencies."
While unconfirmed, cybersecurity reporter Brian Krebs claimed the portal in question belongs to the Drug Enforcement Agency. The agency's portal provides law enforcement officials with access to 16 other databases. This would have given criminals who purchased Singh and Ceraolo's services a broad swath of very sensitive information.
Learn more about hacking and data leak incidents at CyberWar.news.
Watch this clip from "The American Journal" on InfoWars as host Harrison Smith discusses the key government secrets revealed following a security breach of U.S. Marshals Service data.