A Forest Hills man and his associate from Rhode Island have been charged with breaching a federal law enforcement database and posing as police officers to defraud social media companies.
Nicholas “Ominous” Ceraolo, 25, was named in a criminal complaint that was unsealed on March 13 in Brooklyn federal court charging him and Sagar Steven “Weep” Singh, 19, of Pawtucket, Rhode Island, with wire fraud and conspiracy to commit computer intrusions, according to federal prosecutors.
Singh was arrested in Pawtucket Tuesday morning, while Ceraolo remains at large.
In pursuit of their victim’s personal information, Ceraolo and Singh unlawfully used a police officer’s stolen password to access a restricted database maintained by a federal law enforcement agency that contains detailed, nonpublic records of narcotics and currency seizures, as well as law enforcement intelligence reports, federal prosecutors said. Ceraolo also accessed without authorization the email accounts of a foreign law enforcement officer and used them to defraud social media companies by making purported emergency requests for information about the company’s users.
As alleged in the criminal complaint, Ceraolo and Singh belonged to a cyber group called “ViLE,” whose logo is the body of a hanging girl. Members of ViLE sought to collect victims’ personal information, such as names, physical addresses, telephone numbers, social security numbers and email addresses. ViLE then posted that information, or threatened to post it, on a public website administered by a ViLE member, an action known as “doxing.” Victims would pay to have their personal information removed from or kept off the website. ViLE members acquired victims’ information by various means, including by impersonating law enforcement officers and sending forged requests or orders purporting to be from law enforcement to social media companies, often demanding victim information on the pretense that loss of life was imminent.
As alleged in the complaint, in pursuit of victims’ personal information, Ceraolo and Singh used a police officer’s credentials to access the federal database without authorization and began to extort victims the next day with threats of violence. In one message, Singh wrote to a victim, “You’re gonna comply to me if you don’t want anything negative to happen to your parents.”
Between February 2022 and May 2022m, Ceraolo accessed an official email account belonging to a Bangladeshi police official and then used the account to pose as a Bangladeshi police officer in communication with U.S.-based social media platforms.
In one instance, Ceraolo induced a social media platform to provide information on one of its subscribers, including the subscriber’s address, email address, and telephone number, by asserting that the subscriber had participated in “child extortion” and blackmail and had threatened officials of the Bangladeshi government. Ceraolo shared the information with another ViLE member, who sent the information to Singh. Ceraolo also used the Bangladeshi police account to attempt to purchase a license from a facial recognition company whose services are not available to the general public.
Between March 2022 and May 2022, Ceraolo targeted another company that operates an online gaming platform by using the Bangladeshi police account to request data on one of its subscribers. After platform employees detected Ceraolo’s fraud, he threatened to hack the platform in retaliation and that he could “easily get 6 figs” for selling the platform’s information “on one of the dark web markets.” At Ceraolo’s behest, an associate posed as a U.S. local police officer and sent a subpoena to one of the platform’s vendors, seeking registration details about the platform’s administrators. The vendor did not provide the information.
“Singh and Ceraolo aptly belonged to a group called, as their crime was, ‘Vile.’ That conduct ends today,” U.S. Attorney Breon Peace said. “As alleged, the defendants shamed, intimidated, and extorted others online. This office will not tolerate those who impersonate law enforcement officers and misuse the public safety infrastructure that exists to protect our citizens.
If convicted, Ceraolo faces up to 20 years in prison for conspiracy to commit wire fraud and both Ceraolo and Singh face five years in prison for conspiracy to commit computer intrusions.
“As these charges make clear, the alleged unauthorized access of a U.S. federal law enforcement system and impersonation of law enforcement officials are serious offenses, and the criminals that perpetrate these schemes will be held accountable for their crimes,” Homeland Security Investigations New York Special Agent-in-Charge Ivan Arvelo said. “HSI and its law enforcement partners are committed to safeguarding public safety infrastructure from cyber criminals and ensuring that those seeking to compromise these systems face the fullest extent of the law.”