LOS ANGELES – A Texas man who was found guilty
of hacking into the Los Angeles Superior Court (LASC) computer system, using
the system to send approximately 2 million malicious phishing emails, and
fraudulently obtaining hundreds of credit card numbers was sentenced this
afternoon to 145 months in federal prison.
Oriyomi
Sadiq Aloba, 33, of Katy, Texas, was sentenced by United States District Judge
R. Gary Klausner, who also ordered Aloba to pay $47,479 in restitution.
In July
2017, Aloba and his co-conspirators targeted the LASC for a phishing attack.
During the attack, the email account of one court employee was compromised and
used to send phishing emails to co-workers purporting to be from the
file-hosting service Dropbox. The email contained a link to a bogus website
that asked for the users’ LASC email addresses and passwords. Thousands of
court employees received the Dropbox email, and hundreds disclosed their email
credentials to the attacker. The compromised email accounts then were used to
send the roughly 2 million phishing emails.
These
additional phishing emails purported to be from American Express, Wells Fargo,
and other companies. Hyperlinks in the fraudulent emails led victims to a
webpage that asked for their banking login credentials, personal identifying
information, and credit card information. The link for the fake American
Express website used source code that designated Aloba’s email account as the
delivery address for the information that the victims input into the fake
website.
After
linking Aloba to the attack, investigators executed a search warrant at Aloba’s
residence, which revealed a thumb drive in a toilet, a damaged iPhone in a
bathroom sink, and a laptop computer with a smashed screen that was smeared
with fresh blood. Nearby, agents found a broken mug, which apparently was used
to smash the laptop computer, and observed blood on Aloba’s hands.
Following a
three-day jury trial in July, Aloba was found guilty of one count of conspiracy
to commit wire fraud, 15 counts of wire fraud, one count of attempted wire
fraud, one count of unauthorized impairment of a protected computer, five
counts of unauthorized access to a protected computer to obtain information,
and four counts of aggravated identity theft. Aloba was remanded into custody
after the verdicts were read.
Aloba’s
targeting of the “largest court system in the world… merits special attention,”
prosecutors wrote in a sentencing memorandum filed with the court. Aloba’s
“conduct resulted in a substantial disruption to the administration of the
LASC, including taking hundreds of employees offline for hours, at a minimum,
and possibly days. His conduct diverted substantial resources from the critical
tasks LASC personnel undertake daily, resulting in over $45,000 in losses to
the LASC. And perhaps most importantly, he compromised the integrity of the
LASC, which is a court system that thousands of people rely on to administer
justice.”
Aloba was
initially charged by the Los Angeles County District Attorney, but the matter
was referred to the United States Attorney’s Office for federal prosecution.
A
co-defendant, Robert Charles Nicholson, who used the online moniker
“Million$Menace” and used stolen credit card information to make purchases, a
28-year-old resident of Brooklyn, New York, pleaded guilty in June to one count
of conspiracy to commit wire fraud. Nicholson is scheduled to be sentenced by
Judge Klausner on November 4. Three other defendants allegedly hired by Aloba
to create the “phishing kits” remain at large outside the United States.
This matter
was investigated by the Federal Bureau of Investigation and the Los Angeles
County District Attorney’s Office.
This case is
being prosecuted by Assistant United States Attorney Ryan White, Chief of the
Cyber and Intellectual Property Crimes Section.
Posts
No comments:
Post a Comment