A Texas man found guilty of hacking into the Los Angeles Superior Court (LASC) computer system and abusing it to send phishing emails was sentenced to federal prison this week.
The man, Oriyomi Sadiq Aloba, 33, of Katy, Texas, was found guilty of using the hacked LASC computer system to send around 2 million malicious phishing emails and of obtaining hundreds of credit card numbers. He was sentenced to 145 months in federal prison.
Aloba and his co-conspirators targeted LASC in July 2017 by compromising the email account of one court employee. He then used that account to send phishing emails to the victim’s coworkers, linking to a bogus website that requested the users’ LASC email addresses and passwords.
While thousands received the email, hundreds disclosed their login credentials to the attackers, who then used the compromised email accounts to send the roughly 2 million phishing emails.
The second wave of phishing emails claimed to come from American Express, Wells Fargo and other companies and contained links to a webpage requesting the recipients’ banking login credentials, personal details, and credit card information.
Aloba’s email account was set to receive the information the victims introduced on the fake American Express website.
When executing a search warrant at Aloba’s residence, the investigators found a thumb drive in a toilet, a damaged iPhone in a bathroom sink, and a laptop with a smashed screen.
In July, Aloba was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft, the Department of Justice announced.
Co-defendant Robert Charles Nicholson, 28, of Brooklyn, New York, pleaded guilty in June to one count of conspiracy to commit wire fraud. He is scheduled to be sentenced on November 4.
Three other defendants, supposedly hired by Aloba to develop the phishing kits, remain at large outside the United States.
Related: IT Specialist Convicted on Cyber Hacking Charges Sentenced
Related: California Man Gets 26-Month Prison Sentence for DDoS Attacks
