LOS ANGELES – A federal Grand Jury has indicted Oriyomi Sadiq Aloba, 32, of Houston, Texas, on multiple counts of unauthorized impairment of a protected computer, unauthorized access to obtain information and aggravated identity theft for a multi-stage phishing attack on the Los Angeles County Superior Court (LASC) computer system.
According to the indictment, over the course of a week in late July 2017, Aloba used the stolen username and passwords of multiple LASC employees to log into the LASC servers and send phishing e-mails to e-mail addresses outside the LASC system, as well as to send test e-mails to himself to test the security features and ensure full access to the account. The phishing e-mails included an e-mail purporting to be a communication from American Express that led to a webpage that asked victims to provide their American Express login credentials, personal identifying information, and credit card information. The link for the fake American Express website used a source code that designated Aloba’s account as the delivery address for the information that the victims input into the website.
In total, Aloba allegedly accessed at least 18 different LASC employee accounts and sent out approximately 2 million phishing e-mails.
A criminal complaint contains allegations that a defendant has committed a crime. Every defendant is presumed innocent until and unless proven guilty in court.
If Aloba is found guilty of the charged offenses, he would face a maximum sentence of 17 years in prison –10 years for unauthorized transmission, 5 years for the unauthorized accessing a protected computer, and 2 years for the identity theft.
The matter was investigated by the Federal Bureau of Investigation. The case is being prosecuted by Assistant United States Attorney Robyn Bacon of the Cyber and Intellectual Property Crimes Section, National Security Division.