By Nathan Solis, Courthouse News
A federal grand jury on Friday indicted a 32-year-old Texas man accused of carrying out a five-day, 2 million-email attack on the Los Angeles County Superior Courts computer system in July 2017.
Oriyomi Sadiq Aloba from Houston, Texas was indicted in the hacking attack where he targeted more than 500 employees of the LA County Superior Court, according to the investigators.
According to the indictment, Aloba stole usernames and passwords of multiple employees to log into the LA Superior Court servers and send phishing emails to email addresses outside the system.
The U.S. Attorney’s Office says Aloba also sent emails to himself to test the security features and make sure he had full access to the account.
Prosecutors say Aloba’s phishing emails tricked users into revealing their account credentials by sending them to bogus websites that looked like communication from American Express. The bogus websites asked victims to give their information, including personal and credit card information.
Investigators were able to trace the source code of the bogus website to Aloba’s account. The Justice Department believes Aloba accessed 18 LA Superior Court employee accounts to send out approximately 2 million phishing emails.
Charges against Aloba include unauthorized impairment of a protected computer, unauthorized access to obtain information and aggravated identity theft.
If convicted on all charges, he faces 17 years in federal prison.
In November 2017, authorities arrested Aloba at his home. He was arraigned on state criminal charges in Los Angeles in December.
At the time of Aloba’s arrest, the Los Angeles District Attorney’s Office said Aloba’s phishing scheme cost the court more than $100,000.
Like this:
Like Loading...
Related
REAL NAMES ONLY: All posters must use their real individual or business name. This applies equally to Twitter account holders who use a nickname.
1 Comment
Well now, isn’t that just a fine example of a criminal being caught with his digital fingers in the databank cookie jar?
And yet…just how did this happen? Aren’t the county’s cyber-systems secure from this kind of attack? And if not, then why not?
Were they hacked, or were they so weakly protected/untrained that they could allow a low-tech simp to convince the employees to allow access to their “secure” systems?
Unfortunately, the story doesn’t let us know just how the “problem” occurred. And if you know how large governmental agencies operate, you know just like I do that this will happen again.
And we will never know just what new and improved data control systems were implemented. Or if they ever were.
Until the next breach, anyway.