In a chilling reminder of how digital tools can be weaponized for harassment and extortion, two members of the cybercrime group “ViLE” have been sentenced to federal prison after breaching a U.S. law enforcement portal and using stolen data to terrorize victims.
Sagar Steven Singh, a 21-year-old from Rhode Island who operated under the alias “Weep,” and Nicholas Ceraolo, a 27-year-old from New York known online as “Convict,” “Anon,” and “Ominous,” were both sentenced in June 2025 after pleading guilty to computer intrusion and aggravated identity theft.
Who Are the ViLE Gang?
ViLE, short for “Victims Left Exposed,” is a cybercriminal collective that gained notoriety for its aggressive doxxing operations. The group specialized in gathering and leaking personal information (such as home addresses, phone numbers, and social security data) to harass, intimidate, or blackmail victims. Often, these victims were coerced into handing over social media accounts or paying a fee to have their information removed from ViLE-run websites.
Rather than operating in the shadows, the group flaunted its tactics. In private messages obtained by investigators, Singh and Ceraolo were seen joking about their exploits, underscoring the calculated and remorseless nature of their activities.
The Breach: A Federal Portal Compromised
In May 2022, Singh and Ceraolo gained unauthorized access to a federal law enforcement portal, allegedly maintained by the U.S. Drug Enforcement Administration (DEA). Using stolen credentials, the duo tapped into a system containing highly sensitive information, including records related to narcotics investigations, seizures, and possibly surveillance targets.
Authorities revealed that the hackers used multiple methods to obtain access:
- Impersonating law enforcement officers
- Submitting fraudulent emergency data requests (EDRs) to platforms like social media companies
- Bribing insiders
- Mining public and private databases
With this access, ViLE was able to extract data on individuals and use it for blackmail. Victims were told that unless they complied, either by paying money or surrendering account access, their private information would be leaked publicly.
Digital Extortion and Public Doxxing
What set ViLE apart from other cybercrime gangs was its brazen use of intimidation and exposure. The group maintained an online platform where stolen data was published for public consumption. Victims could only have their information removed by paying a fee, effectively a pay-for-privacy racket.
This extortion scheme not only violated personal privacy on a massive scale but also jeopardized the integrity of law enforcement databases, which are supposed to be safeguarded by multiple layers of cybersecurity and access controls.
Sentencing and Legal Ramifications
Both Singh and Ceraolo pleaded guilty in federal court. Singh received a 27-month prison sentence, while Ceraolo was sentenced to 25 months. The relatively young age of the offenders drew attention, but prosecutors emphasized the sophistication and severity of their crimes.
The FBI and DOJ stressed that these charges should serve as a warning to would-be hackers. Breaching government systems and exploiting private data will be met with serious consequences.
Lessons Learned and Future Threats
This case raises serious concerns about the vulnerabilities of law enforcement and corporate portals. It demonstrates how cybercriminals can exploit trust-based systems to impersonate officials and gain access to confidential data.
It also highlights the growing problem of “EDR abuse,” in which bad actors fake urgent requests to obtain user data from platforms that usually comply without a court order in emergency situations.
To mitigate such risks, cybersecurity experts recommend:
- Stricter verification processes for EDRs
- Multi-factor authentication and access logging for sensitive portals
- Internal training to prevent insider bribery and credential leaks
Final Thoughts
The two members of ViLE being sentenced marks a victory for law enforcement. But it is also a sobering moment for the cybersecurity community. It reveals just how easily systems meant to protect society can be turned into tools of exploitation when adequate safeguards are not in place.
As cybercrime tactics evolve, so too must our defenses – technical, procedural, and legal. The ViLE case is not just a story of digital intrusion; it’s also a call to action for institutions to harden their systems against the next inevitable attack.
