A Texas man has been sentenced to over 12 years in prison after being found guilty of hacking into the computer system of the Los Angeles Superior Court, and then using it to send two million phishing emails.

33-year-old Oriyomi Sadiq Aloba, of Katy, Texas, received a 145 month federal prison sentence for an attack which ultimately saw hundreds of credit card numbers stolen from unsuspecting computer users.

Aloba and his co-conspirators launched their attack in July 2017, successfully breaking into the email account of an employee of Los Angeles Superior Court, and exploiting their access to launch convincing phishing attacks to thousands of co-workers pretending to come from Dropbox that asked for recipients’ email passwords.

Such a criminal scheme would have been made considerably more difficult if additional layers of authentication had been used to protect the accounts – rather than just usernames and passwords.

Unfortunately, hundreds of court employees fell for the bogus emails, and unwittingly handed their passwords to the attacker. Once their passwords had been revealed, more court email accounts were compromised and used to send approximately two million phishing emails.

The emails which purported to be from companies such as Wells Fargo and American Express pointed unsuspecting users to phishing webpages that asked for their online banking passwords, personal identifying information, and credit card details.

However, inside the code of a fake American Express website, Aloba used his email account as a delivery address for the stolen information – providing the authorities with a key clue regarding who might be responsible.

Police searched Aloba’s residence on November 15 2017, finding a USB stick in his lavatory, a damaged iPhone in the bathroom sink, and a smashed laptop smeared with what appeared to be fresh blood.

The riddle of how the laptop screen might have ended (Read more...)