The front man for the notorious Dark Overlord hacker gang, which threatened to leak stolen confidential information unless paid off, has been sentenced to five years behind bars in America.
Nathan Wyatt, 39, formerly of London, England, was sent down on Monday by a judge in a federal district court in eastern Missouri. He was also told to pay $1,467,048 in restitution to his victims. The Brit had pleaded guilty to conspiracy to commit computer fraud and aggravated identity theft.
The father-of-three has been stateside since he was extradited in December last year. Prior to that, Wyatt was in a British cooler for crimes involving stolen credit card details and blackmail. He enjoyed a brief bout of fame when he claimed he had hacked the iCloud account of Pippa Middleton, though he was later cleared in a police probe.
Wyatt was among a crew of miscreants who since 2016 operated under the Dark Overlord brand: they would hack people and organizations, and threaten to dump their victims' private documents onto the web unless payment – typically between $75,000 and $350,000 in Bitcoin – was coughed up.
His role in the gang was particularly nasty. As the point man of the operation, he was tasked with directly contacting victims, and acting as the go-between. This included making threats against the friends and family of those the gang was trying to extort.
Did your daddy tell you he refused to pay us when we stole his company files?
Court filings detail how, while trying to strong-arm hacked businesses into paying, Wyatt would send creepy, intimidating messages with detailed information about the spouses, parents, and children of those at the companies Dark Overlord was targeting. In one case he went so far as to directly contact a victim's daughter.
"You look peaceful… by the way did your daddy tell you he refused to pay us when we stole his company files," the teen girl was told. "In four days we will be releasing for sale thousands of patient info. including yours."
Among the companies targeted were doctors' offices, accountants, a medical records company, and banks in the US.
"He created, validated, and maintained phone accounts, a PayPal account, virtual private networks, and a Twitter account that were used to maliciously hack and extort multiple US companies," American prosecutors noted in their sentencing letter [PDF]. "These attacks unscrupulously preyed on the sensitivity of personal medical and financial records to stoke fear and seek ransom payments."
By contrast, it is reported Wyatt was contrite during his sentencing, held via a Zoom call, breaking down in tears and claiming he struggles with mental illness.
“I’d like to apologize for the role that I played in this,” Wyatt sobbed. “I can promise you that I just want to go home to my family. I’m out of that world, and I don’t want to see another computer for the rest of my life.”
The Dept of Justice's Acting Assistant Attorney General Brian Rabbitt said in a statement: “Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain.
“Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”
Judge Ronnie White opted to hand down the five year term, in line with prosecutors' recommendations. ®