A United Kingdom national who was a member of ‘The Dark Overlord’ hacking group was sentenced to five years in federal prison, the United States Department of Justice announced this week.
The man, Nathan Wyatt, 39, was extradited to the United States in December 2019. On Monday, he pleaded guilty to participating in activities associated with The Dark Overlord, a threat group that hacked US and UK companies to steal data and hold it for ransom.
Wyatt admitted in a U.S. district court in St. Louis that, starting 2016, he operated as a member of the hacking group known as The Dark Overlord, which compromised the networks of multiple companies, including those in the financial, healthcare, legal, film, and other sectors.
The group, Wyatt admitted, stole sensitive data from the targeted companies, including personal information and patient medical records. The hackers then threatened to make the data public unless ransom amounts ranging between $75,000 and $350,000 were paid, in Bitcoin.
In a 2017 indictment, Wyatt was charged with setting up phone and email accounts that The Dark Overlord group used to send threatening messages to victim companies.
Wyatt admitted in court to “creating, validating, and maintaining communication, payment, and virtual private network accounts” that the hacking group used as part of their scheme.
Prior to being extradited to the US, Wyatt served 14 months in a UK prison, after he pled guilty in a separate indictment related to blackmail, the use of stolen card data, and possession of a fake passport.
Wyatt, St. Louis local media reports, apologized during the Zoom-held hearing, saying he suffered from mental problems. He also said he is now on medication.
Brocca Morrison, his lawyer, pointed out that, although he participated in the scheme, he did not orchestrate it and is the only hacker to have been identified so far.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain. Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located,” Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division said.