British Man Switches to Guilty Plea in Case Tied to Several Healthcare Hacks
A U.K. resident who was a member of The Dark Overlord hacking group pleaded guilty to federal charges Monday and was sentenced to five years in prison, according to the U.S. Justice Department.
Nathan Wyatt, who was extradited to the U.S. from Britain in December 2019, pleaded guilty to conspiring to commit aggravated identity theft and computer fraud.
U.S. District Judge Ronnie White of the Eastern District of Missouri ordered Wyatt to pay $1.4 million in restitution.
In 2016, The Dark Overlord hacking group attacked organizations in the St. Louis area, targeting healthcare providers, accounting firms and other companies, stealing data and threatening to release it, according to the Justice Department.
Wyatt was indicted by a federal grand jury in November 2017. After being extradited to the U.S., he originally pleaded not guilty before changing his plea this week (see: Alleged Dark Overlord Member Extradited, Pleads Not Guilty).
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division.
Wyatt admitted that he became a member of the Dark Overlord hacking group in 2016 and was responsible for remotely breaching U.S computer networks and companies, according to the Justice Department. He also admitted to maintaining virtual private network accounts for communication between victims and threat actors.
Wyatt also said members of the hacking group obtained sensitive data, such as patient medical records and personally identifiable information, from victim organizations and then threatened to release the information if victims did not pay a ransom of $75,000 to $350,000 in bitcoin, prosecutors say.
The Dark Overlord’s victims included a healthcare provider in Farmington, Mo.; a healthcare records company in St. Louis; a medical records provider in Swansea, Ill.; a certified public accountant in St. Louis; and a healthcare provider in Athens, Ga. (see: 4 Stolen Health Databases Reportedly for Sale on Dark Web)
History of The Dark Overlord
The hacking group, which authorities believe had only a handful of members, emerged in early 2016. It started out by stealing data from smaller healthcare organizations and trying to extract bitcoin ransoms in exchange for not releasing the data.
Analysts believe The Dark Overlord used internet-wide scans to find systems running Microsoft’s Remote Desktop protocol and then executed brute-force credential attacks.
After compromising an organization, the group would use the harvested personal data to harass employees via phone calls, intimidating emails and text messages. The gang also officially claimed responsibility for some attacks and then issued threats, according to the Justice Department.
In November 2017, Wyatt was sentenced to three years in a U.K. prison after pleading guilty to a bevy of crimes related to The Dark Overlord’s operation.
That guilty plea came in a Southwark Crown Court on Sept. 14, 2017, when Wyatt admitted to 20 counts of fraud by false representation, two counts of blackmail and one count of possession of an identity document with intent to deceive. His offenses included using malware to steal files from a British law firm then trying to ransom them back (see: Fraudster Tied to ‘The Dark Overlord’ Jailed for 3 Years).
In May 2018, Serbian police arrested a man only identified as S.S. in connection with The Dark Overlord hacking group, but this individual has not yet faced any charges or been extradited (see: Noose Tightens Around Dark Overlord Hacking Group.)