Security Experts:

Connect with us

Hi, what are you looking for?



US Charges Two Men Over Use of Hacked Law Enforcement Database for Doxing

Sagar Singh and Nicholas Ceraolo have been charged for their alleged roles in a doxing operation that involved hacking a law enforcement platform and email account.

The US Justice Department on Tuesday announced charges against two men from New York and Rhode Island over their alleged roles in a doxing operation that involved hacking into a law enforcement portal and a police official’s email account.

The suspects, 19-year-old Sagar Steven Singh (aka Weep) and 25-year-old Nicholas Ceraolo (aka Convict and Ominous), have been charged with conspiracy to commit computer intrusions, for which they face up to five years in prison. Ceraolo has also been charged with conspiracy to commit wire fraud, for which he faces a maximum of 20 years in prison.

Singh has been arrested, but Ceraolo remains at large.

According to the DoJ, Singh and Ceraolo were part of a cybercrime operation named ‘Vile’, which involved extorting individuals by threatening to make their personal information public — or doxing them. 

Members of the Vile group collected victims’ names, physical addresses, email addresses, phone numbers, social security numbers, and other information, and then threatened to make it public on their website unless they paid up. Victims could also pay to have information removed from the site.

In order to obtain information on the targeted individuals, they relied on various methods, including tricking customer service representatives and using insiders. 

However, the charges brought against them focus on the theft of a police officer’s access credentials for a restricted law enforcement database containing detailed information, including intelligence reports, and currency and narcotics seizure records. 

Authorities have not said which law enforcement portal was targeted, but cybersecurity blogger Brian Krebs, who wrote about these types of doxing operations in the past, revealed that it was a portal belonging to the US Drug Enforcement Agency (DEA).

Krebs broke the news about the DEA portal getting hacked nearly one year ago, when he explained that the compromised portal is linked to more than a dozen different federal law enforcement databases.

In addition to using the hacked law enforcement portal, the Vile group impersonated law enforcement officers in order to obtain information about victims from online service providers.

In one case mentioned in the indictment, Singh, Ceraolo and other members of the operation gained access to the email account of a police official in Bangladesh. They then used that account to pose as the officer in an effort to convince social media platforms to hand over information about specified subscribers, claiming that they had been suspected of various crimes, such as blackmail and “child extortion”. 

“Ceraolo also used the Bangladeshi police account to attempt to purchase a license from a facial recognition company whose services are not available to the general public,” the DoJ said.

The Bangladeshi police officer’s email account was also used to send data requests to an online gaming platform, but the attempt failed as the company became suspicious. 

Ceraolo was mentioned in several news stories in the past years for finding vulnerabilities in the systems of major telecommunications companies in the US.

Related: Alleged NetWire RAT Operator Arrested in Croatia as FBI Seizes Website 

Related: Two Men Arrested for JFK Airport Taxi Hacking Scheme

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...