[BreachExchange] 'Dark Overlord' Hacker Sentenced to 5-Year Prison Term
Destry Winant
destry at riskbasedsecurity.com
Wed Sep 23 10:42:06 EDT 2020
https://www.bankinfosecurity.com/dark-overlord-hacker-sentenced-to-5-year-prison-term-a-15038
A U.K. resident who was a member of The Dark Overlord hacking group
pleaded guilty to federal charges Monday and was sentenced to five
years in prison, according to the U.S. Justice Department.
Nathan Wyatt, who was extradited to the U.S. from Britain in December
2019, pleaded guilty to conspiring to commit aggravated identity theft
and computer fraud.
U.S. District Judge Ronnie White, of the Eastern District of Missouri,
ordered Wyatt to pay $1.4 million in restitution.
In 2016, The Dark Overlord hacking group attacked organizations in the
St. Louis area, targeting healthcare providers, accounting firms and
other companies, stealing data and threatening to release it,
according to the Justice Department.
Wyatt was indicted by a federal grand jury in November 2017. After
being extradited to the U.S., he originally pleaded not guilty before
changing his plea this week (see: Alleged Dark Overlord Member
Extradited, Pleads Not Guilty).
"Nathan Wyatt used his technical skills to prey on Americans' private
data and exploited the sensitive nature of their medical and financial
records for his own personal gain," said Acting Assistant Attorney
General Brian C. Rabbitt, of the Justice Department's Criminal
Division.
The Confession
Wyatt admitted that he became a member of The Dark Overlord hacking
group in 2016 and was responsible for remotely breaching U.S computer
networks and companies, according to the Justice Department. He also
admitted to maintaining virtual private network accounts for
communication between victims and threat actors.
Wyatt also said members of the hacking group obtained sensitive data,
such as patient medical records and personally identifiable
information, from victim organizations and then threatened to release
the information if victims did not pay a ransom of $75,000 to $350,000
in bitcoin, prosecutors say.
The Dark Overlord's victims included a healthcare provider in
Farmington, Mo.; a healthcare records company in St. Louis; a medical
records provider in Swansea, Ill.; a certified public accountant in
St. Louis; and a healthcare provider in Athens, Ga. (see: 4 Stolen
Health Databases Reportedly for Sale on Dark Web).
One of The Dark Overlord's healthcare victims was hit with a $1.5
million HIPAA violation fine Tuesday for security shortcomings.
History of The Dark Overlord
The hacking group, which authorities believe had only a handful of
members, emerged in early 2016. It started out by stealing data from
smaller healthcare organizations and trying to extract bitcoin ransoms
in exchange for not releasing the data.
Analysts believe The Dark Overlord used internetwide scans to find
systems running Microsoft's Remote Desktop Protocol and then executed
brute-force credential attacks.
After compromising an organization, the group would use the harvested
personal data to harass employees via phone calls, intimidating emails
and text messages. The gang also officially claimed responsibility for
some attacks and then issued threats, according to the Justice
Department.
UK Plea
In November 2017, Wyatt was sentenced to three years in a U.K. prison
after pleading guilty to a bevy of crimes related to The Dark
Overlord's operation.
That guilty plea came in a Southwark Crown Court on Sept. 14, 2017,
when Wyatt admitted to 20 counts of fraud by false representation, two
counts of blackmail and one count of possession of an identity
document with intent to deceive. His offenses included using malware
to steal files from a British law firm and then trying to ransom them
back (see: Fraudster Tied to 'The Dark Overlord' Jailed for 3 Years).
In May 2018, Serbian police arrested a man only identified as S.S. in
connection with The Dark Overlord hacking group, but this individual
has not yet faced any charges or been extradited (see: Noose Tightens
Around Dark Overlord Hacking Group).
More information about the BreachExchange
mailing list