A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court and then using it to send two million phishing emails.
Thirty-three-year-old Oriyomi Sadiq Aloba, of Katy, Texas, received a 145 month federal prison sentence for an attack which ultimately saw hundreds of credit card numbers stolen from unsuspecting computer users.
Aloba and his co-conspirators launched their attack in July 2017, successfully breaking into the email account of an employee of Los Angeles Superior Court. They then exploited their access to send convincing phishing attacks to thousands of co-workers pretending to come from Dropbox that asked for recipients’ email passwords.
Such a criminal scheme would have been made considerably more difficult if additional layers of authentication had been used to protect the accounts rather than just usernames and passwords.
Unfortunately, hundreds of court employees fell for the bogus emails and unwittingly handed their passwords to the attacker. Once their passwords had been revealed, more court email accounts were compromised and used to send approximately two million phishing emails.
The emails which purported to be from companies such as Wells Fargo and American Express pointed unsuspecting users to phishing webpages that asked for their online banking passwords, personal identifying information and credit card details.
However, inside the code of a fake American Express website, Aloba used his email account as a delivery address for the stolen information, providing the authorities with a key clue regarding who might be responsible.
Police searched Aloba’s residence on November 15, 2017. They found a USB stick in his lavatory, a damaged iPhone in the bathroom sink and a smashed laptop smeared with what appeared to be fresh blood.
The riddle of how the laptop screen might have ended up smashed and smeared with blood did not remain a mystery for long as authorities found a broken mug, apparently used to hit the laptop, and noticed the fresh blood on Aolba’s hands.
Later examination of computing devices from Aloba found that they contained hacking software.
Perhaps unsurprisingly, the attack on and abuse of the Los Angeles Superior Court was not treated lightly by the authorities.
According to prosecutors, Aloba’s “conduct resulted in a substantial disruption to the administration of the LASC, including taking hundreds of employees offline for hours, at a minimum, and possibly days. His conduct diverted substantial resources from the critical tasks LASC personnel undertake daily, resulting in over $45,000 in losses to the LASC. And perhaps most importantly, he compromised the integrity of the LASC, which is a court system that thousands of people rely on to administer justice.”
Aloba’s denied his guilt and promised to appeal, claiming that prosecutors had committed “fraud.”
One of Aloba’s co-conspirators, a 28-year-old man named Robert Charles Nicholson who used the online handle “Million$Menace” and made fraudulent purchases with stolen credit card details, pleaded guilty earlier this year and is scheduled to be sentenced on November 4.
Three other defendants, who are alleged to have been hired by Aloba to create “phishing kits,” remain at large overseas.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.