Virtual Event Today: Supply Chain Security Summit - Join Event In-Progress

Security Experts:

Connect with us

Hi, what are you looking for?



‘Dark Overlord’ Hacker Sentenced to 5 Years in Prison

A United Kingdom national who was a member of ‘The Dark Overlord’ hacking group was sentenced to five years in federal prison, the United States Department of Justice announced this week.

A United Kingdom national who was a member of ‘The Dark Overlord’ hacking group was sentenced to five years in federal prison, the United States Department of Justice announced this week.

The man, Nathan Wyatt, 39, was extradited to the United States in December 2019. On Monday, he pleaded guilty to participating in activities associated with The Dark Overlord, a threat group that hacked US and UK companies to steal data and hold it for ransom.

Wyatt admitted in a U.S. district court in St. Louis that, starting 2016, he operated as a member of the hacking group known as The Dark Overlord, which compromised the networks of multiple companies, including those in the financial, healthcare, legal, film, and other sectors.

The group, Wyatt admitted, stole sensitive data from the targeted companies, including personal information and patient medical records. The hackers then threatened to make the data public unless ransom amounts ranging between $75,000 and $350,000 were paid, in Bitcoin.

In a 2017 indictment, Wyatt was charged with setting up phone and email accounts that The Dark Overlord group used to send threatening messages to victim companies.

Wyatt admitted in court to “creating, validating, and maintaining communication, payment, and virtual private network accounts” that the hacking group used as part of their scheme.

Prior to being extradited to the US, Wyatt served 14 months in a UK prison, after he pled guilty in a separate indictment related to blackmail, the use of stolen card data, and possession of a fake passport.

Wyatt, St. Louis local media reports, apologized during the Zoom-held hearing, saying he suffered from mental problems. He also said he is now on medication.

Brocca Morrison, his lawyer, pointed out that, although he participated in the scheme, he did not orchestrate it and is the only hacker to have been identified so far.

“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain. Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located,” Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division said.

Related: Moderator of AlphaBay Dark Web Marketplace Gets 11 Years in Prison

Related: Man Sentenced to 5 Years in Prison for DDoS Attacks

Related: Developer of DDoS Botnets Based on Mirai Code Sentenced to Prison

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.