British man gets 5 years for hacking US companies, including some in St. Louis area

Subscribe for $5 for 5 months

ST. LOUIS — A British man was sentenced Monday to five years in prison for helping a hacking group steal information from multiple U.S. companies that cost those entities nearly $1.5 million.

Nathan Francis Wyatt, 39, pleaded guilty in U.S. District Court in St. Louis to a conspiracy charge and was then immediately sentenced.

Wyatt worked on behalf of the hacking group known as The Dark Overlord, which remotely accessed multiple U.S. companies and stole medical records, client files and personal information, federal prosecutor Laura Kathleen Bernstein said during the hearing. He set up a phone account and accounts on Twitter and PayPal that were used to communicate and receive money, she said.

The hackers demanded between $75,000 and $300,000 worth of Bitcoin to return the stolen information, she said. Among the victims were health care companies in the St. Louis area and a CPA in St. Louis County. None paid the ransom but suffered from the intrusion and release of data, she said. The effect on patients and clients whose information was stolen is unknown, she said. 

Wyatt apologized during the hearing, held via Zoom, saying that he suffered from mental problems that led him to make bad decisions but was now on medication. “I can promise you that I’m out of that world,” he said, voice breaking. “I don’t want to see another computer for the rest of my life.”

His lawyer, Brocca Morrison, pointed out that Wyatt did not orchestrate the hacks but did participate. She said he is the only hacker identified so far.

Bernstein said Wyatt’s actions allowed other hackers to maintain some anonymity, and his phone account was used to send threatening text messages to relatives of victims. The teenage daughter of one company owner received a text that read, in part, “weve all had a look and we all think your hot. soon some really evil men will be looking at you..possibly thru your window.”

Wyatt also penned an obscene and mocking rap song targeting one victim, Bernstein wrote in court documents.

From February 2016 to June 2017, the hackers exploited vulnerabilities in remote access to computers used by vendors or employees to steal the information, Wyatt’s indictment said.

The hackers stole information on about 200,000 former patients of the Athens Orthopedic Clinic in 2016, according to an appeals court ruling in a lawsuit filed by patients.

Nathan Wyatt

Nathan Wyatt is shown in an undated photo issued after his sentencing at Southwark Crown Court in London to three years in prison on multiple counts of fraud, possessing a false passport, and blackmail in 2017. He now faces charges in St. Louis alleging he threatened to release data stolen from four health care companies and an accounting firm. Photo: London Metropolitan Police

Wyatt was indicted in 2017 on charges of conspiracy, aggravated identity theft and threatening damage to a computer. He was extradited to the U.S. last year after an 11-month battle by British lawyers to block the move. 

He had served 14 months in a British prison after pleading guilty to 20 counts of fraud, one count of possession of an identity document with an improper intention and one count of blackmail. He was accused of demanding money from the owner of a hacked computer and using stolen credit cards.

In 2016, he was arrested but not charged on suspicion of hacking into the iCloud account of Pippa Middleton, sister of the Duchess of Cambridge, Kate Middleton.

#pu-email-form-email-business { clear: both; background-color: #fff; color: #222; background-position: bottom; background-repeat: no-repeat; padding: 15px 20px; margin-bottom: 40px; box-shadow: 0px 2px 0px 0px rgba(0,0,0,.05); border-top: 4px solid rgba(0,0,0,.8); border-bottom: 1px solid rgba(0,0,0,.2); } #pu-email-form-email-business, #pu-email-form-email-business p { font-family: -apple-system, BlinkMacSystemFont, “Segoe UI”, Helvetica, Arial, sans-serif, “Apple Color Emoji”, “Segoe UI Emoji”, “Segoe UI Symbol”; } #pu-email-form-email-business h1 { font-size: 24px; margin: 15px 0 5px 0; font-family: “serif-ds”, Times, “Times New Roman”, serif; } #pu-email-form-email-business .lead { margin-bottom: 5px; } #pu-email-form-email-business .email-desc { font-size: 16px; line-height: 20px; margin-bottom: 5px; opacity: 0.7; } #pu-email-form-email-business form { padding: 10px 30px 5px 30px; } #pu-email-form-email-business .disclaimer { opacity: 0.5; margin-bottom: 0; line-height: 100%; } #pu-email-form-email-business .disclaimer a { color: #222; text-decoration: underline; } #pu-email-form-email-business .email-hammer { border-bottom: 3px solid #222; opacity: .5; display: inline-block; padding: 0 10px 5px 10px; margin-bottom: -5px; font-size: 16px; }

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.