LOS ANGELES
– A suburban Houston resident has been found guilty by a jury of 27 federal
criminal charges for hacking into the Los Angeles Superior Court computer
system and then using it to send approximately 2 million malicious phishing
emails.
Oriyomi
Sadiq Aloba, 33, of Katy, Texas, was found guilty late Thursday afternoon after
a three-day trial. The jury found Aloba guilty of one count of conspiracy to
commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud,
one count of unauthorized impairment of a protected computer, five counts of
unauthorized access to a protected computer to obtain information, and four
counts of aggravated identity theft. Aloba was taken into federal custody
immediately after the verdict was read.
According to
the evidence presented at trial, in July 2017, Aloba and his co-conspirators
targeted the Los Angeles Superior Court for a phishing attack. During the
attack, one court employee’s email account was compromised and sent an email –
without her authorization – to co-workers purporting to be from the file
hosting service Dropbox. In fact, it was a phishing email that contained a link
to a phishing website that asked for the users’ Superior Court email addresses
and passwords, court papers state. Thousands of court employees received the
Dropbox email and hundreds disclosed their email credentials to the attacker.
Multiple court employees’ emails then were used by the attacker to send out
millions of phishing emails.
These
additional phishing emails purported to be communications from American
Express, Wells Fargo, and other companies, and led victims to a webpage that
asked for their banking login credentials, personal identifying information,
and credit card information. The link for the fake American Express website
used source code that designated Aloba’s email account as the delivery address
for the information that the victims input into the website, according to court
documents.
Investigators executed a search warrant at Aloba’s residence in Texas,
which revealed a thumb drive in a toilet, a damaged iPhone in a bathroom sink,
and – in the closet of a spare bedroom – a laptop computer with a smashed
screen that was smeared with fresh blood. Nearby, agents found a broken mug,
which apparently was used to smash the laptop computer. At the time of his
arrest, Aloba had blood on his hands and agents saw him picking something out
of his hands.
During the
search, agents retrieved from the thumb drive and bloody laptop dozens of
phishing kits, which is software designed to facilitate a phishing attack,
including the American Express phishing kit used in the court attack.
As a result
of the phishing attack, the court suffered monetary losses, including more than
$45,000 in employee time paid to respond to the attack that would have
otherwise been spent on ordinary work activities. Additionally, there were more
than $15,000 in combined actual and intended losses to credit card victims,
according to court documents.
United
States District Judge R. Gary Klausner has scheduled a sentencing hearing for
October 21, where Aloba will face a statutory maximum sentence of more than 350
years in federal prison.
Aloba was
initially charged by the Los Angeles County District Attorney, but the matter
was referred to the United States Attorney’s Office for federal prosecution.
A
co-defendant, Robert Charles Nicholson, 28, of Brooklyn, New York, pleaded
guilty last month to one count of conspiracy to commit wire fraud. His
sentencing hearing is scheduled for September 30. Aloba’s other three
co-defendants remain at large outside the United States.
This matter
was investigated by the Federal Bureau of Investigation and the Los Angeles
County District Attorney’s Office.
This case is
being prosecuted by Assistant United States Attorneys Robyn K. Bacon and Ryan
White of the Cyber and Intellectual Property Crimes Section.
Posts
No comments:
Post a Comment