A jury found Oriyomi Sadiq Aloba, 33, a Texas man, guilty of hacking into the Los Angeles Superior Court (LASC) computer system, using the system to send approximately 2 million malicious phishing emails, and fraudulently obtaining hundreds of credit card numbers. The judge gave him 45 months in federal prison. Aloba also must pay back $47,479 in restitution.
In July 2017, Aloba and his co-conspirators targeted the LASC for a phishing attack. During the attack, the email account of one court employee was compromised and used to send phishing emails to co-workers purporting to be from the file-hosting service Dropbox. The email contained a link to a bogus website that asked for the users’ LASC email addresses and passwords. Thousands of court employees received the Dropbox email, and hundreds disclosed their email credentials to the attacker. The compromised email accounts then were used to send the roughly 2 million phishing emails.
These additional phishing emails purported to be from American Express, Wells Fargo, and other companies. Hyperlinks in the fraudulent emails led victims to a webpage that asked for their banking login credentials, personal identifying information, and credit card information. The link for the fake American Express website used source code that designated Aloba’s email account as the delivery address for the information that the victims input into the fake website.
After linking Aloba to the attack, investigators executed a search warrant at Aloba’s residence, which revealed a thumb drive in a toilet, a damaged iPhone in a bathroom sink, and a laptop computer with a smashed screen that was smeared with fresh blood. Nearby, agents found a broken mug, which apparently was used to smash the laptop computer, and observed blood on Aloba’s hands.
The jury found Aloba was found guilty of conspiracy to commit wire fraud, 15 counts of wire fraud, attempted wire fraud, unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft.
A co-defendant, 28 year old Robert Charles Nicholson, aka “Million$Menace”, used stolen credit card information to make purchases. He pleaded guilty in June to one count of conspiracy to commit wire fraud and will be sentenced in November. Three other defendants allegedly hired by Aloba to create the “phishing kits” remain at large outside the United States.