A UK man who threatened to publicly release stolen confidential information unless the victims agreed to fulfill his digital extortion demands has finally pleaded guilty on Monday at U.S. federal district court in St. Louis, Missouri.
Nathan Francis Wyatt , 39, who is a key member of the infamous international hacking group 'The Dark Overlord,' has been sentenced to five years in prison and ordered to pay $1,467,048 in restitution to his victims.
Wyatt, who was extradited to the United States late last year after being held for over two years in the United Kingdom, has pleaded guilty to conspiring to commit aggravated identity theft and computer fraud.
Discover how application detection, response, and automated behavior modeling can revolutionize your defense against insider threats.Join Now
U.K. police first arrested Wyatt in September 2016 during an investigation into the hacking of an iCloud account belonging to Pippa Middleton, the younger sister of the British royal family member Duchess of Cambridge, and stealing 3,000 images of her.
Though he was released in that case without charge due to lack of evidence, Wyatt was again arrested in September 2017 over hacking companies, credit card frauds, and blackmailing schemes to extort money from the victims.
According to court documents, Wyatt has attacked multiple healthcare providers and accounting firms in Missouri, Illinois, and Georgia states as a member of The Dark Overlord since February 2016, but the court documents do not name the companies.
The Dark Overlord (TDO) is infamous for remotely accessing the computer networks of victim companies in the United States and then stealing sensitive data, like patient medical records and personal identifying information.
"The Dark Overlord has victimized innumerable employers in the United States, many of them repeatedly," said U.S Attorney Jeff Jensen. "I am grateful to the victims who came forward despite ransom threats and to the prosecutors and agents who were the first to catch and punish a member of The Dark Overlord in the United States."
Wyatt admitted that his hacking gang members typically worked by obtaining sensitive data from victim companies and then threatening them to release the stolen data unless they paid a ransom of between $75,000 and $350,000 in bitcoin.
Wyatt's role at TDO was directly contacting victims and maintaining communication, payment, and virtual private network accounts that he used to send threatening and extortionate messages to victims and their family and friends.
In one such threatening message, Wyatt sent to the victims involved the daughter of one of the owners of the Farmington company, asking her, "hi ... you look peaceful ... by the way did your daddy tell you he refused to pay us when we stole his company files?," adding that "In four days we will be releasing for sale thousands of patient info. including yours."
"Nathan Wyatt used his technical skills to prey on Americans' private data and exploited the sensitive nature of their medical and financial records for his own personal gain," said Acting Assistant Attorney General Brian C. Rabbitt of the DOJ's Criminal Division.
"Today's guilty plea and sentence demonstrate the department's commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located."
The Dark Overload has previously been attributed to several hacking events, including leaking ten unreleased episodes of the 5th season of ' Orange Is The New Black' series from Netflix and hacking Gorilla Glue , Little Red Door cancer service agency, among others.