Los Angeles, California - A Texas man who was found guilty of hacking into the Los Angeles Superior Court (LASC) computer system, using the system to send approximately 2 million malicious phishing emails, and fraudulently obtaining hundreds of credit card numbers was sentenced this afternoon to 145 months in federal prison.
Oriyomi Sadiq Aloba, 33, of Katy, Texas, was sentenced by United States District Judge R. Gary Klausner, who also ordered Aloba to pay $47,479 in restitution.
In July 2017, Aloba and his co-conspirators targeted the LASC for a phishing attack. During the attack, the email account of one court employee was compromised and used to send phishing emails to co-workers purporting to be from the file-hosting service Dropbox. The email contained a link to a bogus website that asked for the users’ LASC email addresses and passwords. Thousands of court employees received the Dropbox email, and hundreds disclosed their email credentials to the attacker. The compromised email accounts then were used to send the roughly 2 million phishing emails.
These additional phishing emails purported to be from American Express, Wells Fargo, and other companies. Hyperlinks in the fraudulent emails led victims to a webpage that asked for their banking login credentials, personal identifying information, and credit card information. The link for the fake American Express website used source code that designated Aloba’s email account as the delivery address for the information that the victims input into the fake website.
After linking Aloba to the attack, investigators executed a search warrant at Aloba’s residence, which revealed a thumb drive in a toilet, a damaged iPhone in a bathroom sink, and a laptop computer with a smashed screen that was smeared with fresh blood. Nearby, agents found a broken mug, which apparently was used to smash the laptop computer, and observed blood on Aloba’s hands.
Following a three-day jury trial in July, Aloba was found guilty of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft. Aloba was remanded into custody after the verdicts were read.
Aloba’s targeting of the “largest court system in the world… merits special attention,” prosecutors wrote in a sentencing memorandum filed with the court. Aloba’s “conduct resulted in a substantial disruption to the administration of the LASC, including taking hundreds of employees offline for hours, at a minimum, and possibly days. His conduct diverted substantial resources from the critical tasks LASC personnel undertake daily, resulting in over $45,000 in losses to the LASC. And perhaps most importantly, he compromised the integrity of the LASC, which is a court system that thousands of people rely on to administer justice.”
Aloba was initially charged by the Los Angeles County District Attorney, but the matter was referred to the United States Attorney’s Office for federal prosecution.
A co-defendant, Robert Charles Nicholson, who used the online moniker “Million$Menace” and used stolen credit card information to make purchases, a 28-year-old resident of Brooklyn, New York, pleaded guilty in June to one count of conspiracy to commit wire fraud. Nicholson is scheduled to be sentenced by Judge Klausner on November 4. Three other defendants allegedly hired by Aloba to create the “phishing kits” remain at large outside the United States.
This matter was investigated by the Federal Bureau of Investigation and the Los Angeles County District Attorney’s Office.
This case is being prosecuted by Assistant United States Attorney Ryan White, Chief of the Cyber and Intellectual Property Crimes Section.