The defendant is a U.K. national who pleaded guilty for stealing sensitive user data of ‘innumerable’ U.S. firms and blackmailing victims for ransom.
U.S. District Judge Ronnie White has sentenced a U.K. national and member of The Dark Overlord hacking group, Nathan Wyatt, five years jail time after the defendant pleaded guilty to all the federal charges against him on Monday. Wyatt will also pay $1,467,048 in restitution.
The 39-year old Wyatt is charged for stealing personally identifiable information (PII) of customers of several U.S. firms, conspiring to commit identity theft, and computer fraud. His activities started as far back as 2016.
After stealing sensitive customer data, Wyatt blackmailed the victim companies into paying a ransom in bitcoin. If they refused, the accused threatened them of releasing their customer records on criminal marketplaces.
Wyatt targeted computer networks of numerous U.S. firms in St. Louis, Missouri, and the trial was held in the same city. Most of his victims included healthcare providers and accounting firms.
It is worth noting that in 2018, Serbian authorities also arrested a 38-year-old man from Belgrade suspected of being one of the members of The Dark Overlord or DarkOverlord hacking group.
According to the U.S. Department of Justice (DoJ), Wyatt was an active member of the Dark Overlord hackers collective. He admitted to participating in the group’s cybercrime activities since 2016.
Wyatt was extradited to the U.S. in December 2019, after getting arrested in Britain.
The DoJ’s Criminal Division’s Acting Assistant Attorney General Brian C. Rabbitt said in a press release that Wyatt used his technical expertise to “prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain.”
U.S. Attorney Jeff Jensen added that the Dark Overlord group has already targeted and victimized countless U.S. businesses, some of which were targeted repeatedly.
The FBI’s St. Louis Field Office Special Agent in-charge, Richard Quinn, stated that the FBI demonstrated yet again that it would impose “consequences on cybercriminals” no matter where they are and how long it takes.
Reportedly, Wyatt confessed that he collaborated with the notorious The Dark Overlord group to obtain sensitive data, including patient medical records and PII, and asked for $75,000 to $350,000 as ransom in bitcoin.
He also admitted to participating in the conspiracy against U.S. firms by:
“Creating, validating, and maintaining communication, payment, and virtual private network accounts that were used in the course of the scheme to, among other things, send threatening and extortionate messages to victims within the Eastern District of Missouri.”
The FBI’s St. Louis Field Office and the FBI’s Atlanta Field Office jointly carried out the investigation, and the DoJ’s Office of International Affairs facilitated the extradition of Wyatt.
The Dark Overlord hacked the healthcare industry
The Dark Overlord hackers first made headlines in June 2016 when HackRead exclusively reported on a breach in which the group stole a healthcare insurance database from a Farmington, Missouri based firm containing personal details of 47,864 patients.
The Dark Overlord hacking group also stole a database from a healthcare organization in the Central/Midwest United States containing personal details of 210,000 patients. The same breach included a healthcare database containing personal details of 397,000 patients from Atlanta Georgia.
Other than medical records, these databases contained a trove of personal sensitive data including full names, gender info, social security numbers (SSN), and date of birth. The stolen databases were then sold on the dark web for BTC 300.0000 (197,940.00 US dollars in June 2016 and 2,482,093.50 US Dollars at the time of publishing this article).
Furthermore, in July 2016, The Dark Overlord hackers stole a Bronx, New York-based healthcare clinic and stole a database containing the personal and sensitive information of over 34,000 patients.
The group was able to hack the clinic by exploiting a 0day within the Remote Desktop Protocol (RDP protocol) – In this case, the data was sold on the dark web for BTC 20 (13,173.80 US Dollar in July 2016 – 165,828.70 US Dollar at the time of publishing this article).
In October last year, the group targeted London Bridge Plastic Surgery (LBPS) and held patients data for ransom. The group managed to steal extremely sensitive, graphic pictures of UK celebs and royals and threatened to leak the data if the clinic does not fulfill their demands.
The Dark Overlord held Netflix to ransom
In May 2017, The Dark Overlord hacking group made headlines for hacking into Netflix’s studio and accessing copies of season 5 of Orange Is the New Black TV show. The group then demanded Netflix to pay an undisclosed amount of ransom or face the consequences.
Apparently, both parties could not come to common terms and season 5 of Orange Is the New Black was leaked on The Pirate Bay. Later, it was discovered that hackers managed to compromise the computer system at Netflix’s studio by exploiting a vulnerability in the Windows 7 operating system.
Sending death threats to students
The Dark Overlord did not stop there. In fact, the group went one step further by claiming to hack Johnston Community School District and stealing a trove of data which also included contact and personal details of students.
The group then sent threatening messages to parents via text including physically harming their kids and even killing them. There have been several other cyberattacks conducted by The Dark Overlord including stealing and leaking the first 8 episodes of Steve Harvey’s “Funderdome” TV show.