Metropolitan News-Enterprise


Monday, July 29, 2019


Page 1


Texas Man Convicted of Phishing Attack On Los Angeles Superior Court in 2017


By a MetNews Staff Writer




A jury in the U.S. District Court for the Central District of California has found a man guilty on 27 counts relating to hacking into the Los Angeles Superior Court computer system and using it to send approximately two million malicious phishing emails.

The “phishing”—attempting to secure sensitive information by disguishing the sender’s identity— cost the court more than $45,000 in employee time in responding to the attack and court employees, who gave out credit card information, sustained collective actual and intended losses exceeding $15,000.

Oriyomi Sadiq Aloba of Katy, Texas, was found guilty late Thursday afternoon after a three-day trial.

Aloba was convicted of one count of conspiracy to commit wire fraud, 15 counts of wire fraud, one count of attempted wire fraud, one count of unauthorized impairment of a protected computer, five counts of unauthorized access to a protected computer to obtain information, and four counts of aggravated identity theft.

He is scheduled to be sentenced Oct. 21, and faces a potential sentence of 350 years in prison.

Five-Day Attack

A five-day cyberattack in late July, 2017, started with Aloba and his co-conspitators tapping into one court employee’s email account; sending emails from that account to thousands of other court employees seeking email addresss and passwords, with hundreds complying with the request.

Multiple email addresses were then used in sending out the two million phishing emails, ostensibly from American Express, Wells Fargo, and other companies. Those who were duped supplied banking login credentials, personal identifying information, and credit card information.

The link supposedly to the American Express website actually went to Aloba’s email account.

Charges over the cyberattack—18 felony counts—were initially brought by the Los Angeles County District Attorney’s Office, but federal authorities took over the case. Had Aloba been convicted on the state charges, he would have faced a maximum sentence of 14 years, four months.

A co-conspirator, Robert Charles Nicholson, pled guilty last month in U.S. District Court for the Eastern District of New York to one count of conspiracy to commit wire fraud, and faces a Sept. 30 sentencing. Three others suspected of complicity remain at large outside the United States.

Cyberattack on County

A May 13, 2016 phishing attack on the county Department of Health Services resulted in the compromising of information related to an estimated 756,000 persons. It was not until seven months later that the county told of the attack, waiting until an investigation was concluded and an arrest warrant issued. The county announced in September:

““An exhaustive forensic examination by the County has concluded that approximately 756,000 individuals were potentially impacted through their contact with the following departments: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public works”.

It said that names, birth dates, Social Security numbers, driver’s license numbers, credit card numbers, bank account numbers, addresses, home phone numbers, and medical treatment information might have have been compromised.

The Los Angeles Superior Court on Dec. 6, 2017, issued this public warning:

“Please be advised that illicit communications are being made to members of the public warning of a pending case or arrest warrant against the individual or demanding money or personal information for (ailing to appear for jury service. These communications may not be from the court or its authorized collection vendor GC Services.

“Some of these fake communications made by email could contain an attachment or a link that may install a virus or other spyware on the computer. Other communications, some of which are from individuals claiming to represent law enforcement agencies make fraudulent demands to pay a fine or provide personal information, such as a Social Security number.”


Copyright 2019, Metropolitan News Company