A federal grand jury indicted Oriyomi Sadiq Aloba, 32, of Houston on multiple counts related to his alleged attempts to go phishing in the Los Angeles County Superior Court (LASC) computer system.
At least 18 different LASC employee accounts were breached as Aloba sent out approximately 2 million phishing emails.
Aloba faces multiple counts of unauthorized impairment of a protected computer, unauthorized access to obtain information and aggravated identity theft. If found guilty, he faces a maximum sentence of 17 years behind bars.
According to the indictment, over the course of a week in late July 2017, Aloba used the stolen usernames and passwords of LASC employees to log into the court’s servers and send phishing e-mails to e-mail addresses outside the court system. He allegedly also test emails to himself to push the boundaries of the court system’s security features and ensure full access to the account.
“The phishing e-mals included an e-mail purporting to be a communication from American Express that led to a webpage that asked victims to provide their American Express login credentials, personal identifying information, and credit card information,” the Justice Department said. “The link for the fake American Express website used a source code that designated Aloba’s account as the delivery address for the information that the victims input into the website.”
The FBI investigated Aloba, and the case is being prosecuted by Assistant United States Attorney Robyn Bacon of the Cyber and Intellectual Property Crimes Section, National Security Division.
