Nathan Wyatt, a resident of Wellingborough, Northamptonshire, has been sentenced to five years in prison in the US and fined over £1 million for carrying out several hacking attacks as a member of the prolific hacker group The Dark Overlord.
Wyatt was extradited from the UK to the US in December last year to face several charges concerning the hacking of computer networks and blackmailing victims into paying a ransom. He was arrested by UK police in September 2017 for hacking into Pippa Middleton's iCloud account, stealing 3,000 of Pippa's personal pictures and pictures of her relatives, and for blackmailing her into paying £50,000 to recover their pictures.
According to the US Department of Justice, Wyatt's extradition took place in response to an indictment issued by a federal grand jury in November 2017 concerning the hacking of computer systems belonging to victims in the St. Louis, Missouri, area.
"Wyatt was a member of The Dark Overlord, a hacking group that was responsible for remotely accessing the computer networks of multiple U.S. companies without authorisation, obtaining sensitive records and information from those companies, and then threatening to release the companies’ stolen data unless the companies paid a ransom in bitcoin.
"Victims in the Eastern District of Missouri included healthcare providers, accounting firms, and others. Among other things, Wyatt is alleged to have participated in the conspiracy by creating email and phone accounts that he used to send threatening and extortionate emails and text messages to certain victims, including victims in the Eastern District of Missouri," DOJ said in a press release.
Nathan Wyatt also admitted to a UK Court he had hacked into a law firm's computer to access confidential information which he then used to blackmail the firm to pay him 10,000 euros. In November 2017, he was handed a three-year prison sentence by the Southwark Crown Court for attempting to extort the British law firm and for committing several other computer crimes.
After he was extradited to the United States, Wyatt admitted in court that he was indeed a member of The Dark Overlord and that he and his fellow hackers obtained sensitive data from victim companies, including patient medical records and personal identifying information, and threatened to release the companies’ stolen data unless the companies paid a ransom of between $75,000 and $350,000 in bitcoin.
He also admitted that he created, validated, and maintained communication, payment, and virtual private network accounts that were used to send threatening and extortionate messages to individuals and companies whose data the hacker group had obtained.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain. Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.