A 33-year-old man faces a likely federal prison term Monday for hacking into the Los Angeles Superior Court computer system and then using it to send 2 million malicious phishing emails.
Oriyomi Sadiq Aloba was found guilty in July in Los Angeles of 27 federal counts, including conspiracy, wire fraud, unauthorized access to a protected computer, and aggravated identity theft. The Katy, Texas, man was taken into federal custody immediately after the verdict was read.
Prosecutors are asking for a dozen years behind bars, plus restitution and a special assessment totaling $50,000, and a fine to be determined by the court. The defense recommends the mandatory two-year prison sentence for the aggravated identity theft convictions, plus two days.
Aloba and his co-conspirators targeted the court system in July 2017. During the attack, one court employee’s email account was compromised and used to send an email to co-workers purporting to be from the file hosting service Dropbox. In fact, it was a phishing email that contained a link to a phishing website that asked for the users’ Superior Court email addresses and passwords, evidence showed.
Thousands of court employees received the Dropbox email and hundreds disclosed their email credentials to the attacker. Multiple employees’ emails then were used by the attacker to send out millions of phishing emails.
These additional phishing emails purported to be communications from American Express, Wells Fargo, and other companies, and led victims to a web page that asked for their banking login credentials, personal identifying information, and credit card information. The link for the fake American Express website used source code that designated Aloba’s email account as the delivery address for the information that the victims input into the website, according to court documents.
A search of Aloba’s home in Texas revealed a thumb drive in a toilet, a damaged iPhone in a bathroom sink, and — in the closet of a spare bedroom — a laptop computer with a smashed screen that was smeared with fresh blood. Nearby, agents found a broken mug, which apparently was used to smash the laptop computer. At the time of his arrest, Aloba had blood on his hands and agents saw him picking something out of his hands, evidence showed.
During the search, agents retrieved from the thumb drive and bloody laptop dozens of phishing kits, which is software designed to facilitate a phishing attack, including the American Express phishing kit used in the court attack.
As a result of the attack, the court suffered monetary losses, including more than $45,000 in employee time paid to respond to the attack that would have otherwise been spent on ordinary work activities. Additionally, there were more than $15,000 in combined actual and intended losses to credit card victims, according to court documents.
Aloba was initially charged by the L.A. County District Attorney, but the matter was referred to the U.S. Attorney’s Office for federal prosecution.
A co-defendant, Robert Nicholson, 28, of Brooklyn, New York, pleaded guilty to one count of conspiracy to commit wire fraud. His sentencing hearing is scheduled for Nov. 4. Aloba’s other three co-defendants remain at large outside the United States.
>> Want to read more stories like this? Get our Free Daily Newsletters Here!Follow us: