The United Kingdom national Nathan Wyatt (39), a member of ‘The Dark Overlord’ hacking group, was extradited to the United States in December 2019. The man was charged by U.S. authorities on six counts of aggravated identity theft, threatening to damage a protected computer, and conspiracy.
The Dark Overlord threat group hacked multiple US and UK companies and organizations to steal data and threaten them to leak them. Victims of the group operated in several sectors, including in the healthcare, financial, legal, film, and others.
On Monday, in a U.S. district court in St. Louis, Wyatt pleaded guilty to participating in activities associated with The Dark Overlord
Wyatt admitted that starting in 2016, he operated as a member of the popular hacking group and stole sensitive data from its victims. The group then threatened the victims to leak the stolen data unless a ransom (ranging between $75,000 and $350,000 worth of Bitcoin) was paid.
“U.S. District Judge Ronnie White for the Eastern District of Missouri sentenced Nathan Wyatt, 39, who participated in a computer hacking collective known as “The Dark Overlord,” which targeted victims in the St. Louis area beginning in 2016.” reads the press release published by DoJ. ” Wyatt was extradited from the United Kingdom to the Eastern District of Missouri in December 2019. Judge White also ordered Wyatt to pay $1,467,048 in restitution.”
According to the 2017 indictment, Wyatt used email and telephone accounts to send messages used to threaten the hacked companies of releasing their information.
“a. WYATT registered a telephone account (Account A) used in the course of the conspiracy to register a virtual private network account and Twitter account used by conspirators to conduct the scheme.” reads the indictment.
“b. WYATT registered a telephone account (Account B) used in the course of the conspiracy to send threatening and extortionate text messages to victims.“
The indictment provides details about the criminal activities conducted by Wyatt from February 2016 to June 2017. Wyatt has been arrested in the United Kingdom in 2017 after pleading guilty to separate charges, including blackmail and using stolen payment card data.
Wyatt also admitted that he participated in the conspiracy by creating, validating, and maintaining communication, payment, and VPN accounts that were employed by The Dark Overlord in its attacks.
Wyatt already served 14 months in a UK prison after he pled guilty in a separate indictment related to blackmail, the use of stolen card data, and possession of a fake passport.
According to Wyatt lawyer, Brocca Morrison, the British citizen was not the leader of the group even is he is the only member of the group to have been identified.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain. Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located,” Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division said.
(SecurityAffairs – hacking, The Dark Overlord)