Share this article on:
The U.S. Department of Justice has announced that a member of the notorious hacking group, The Dark Overlord, has been sentenced to 5 years in jail and has been ordered to pay $1.4 million in restitution.
The Dark Overlord hacking group started targeting U.S. organizations in 2016. The hackers gained access to the networks of companies via brute force attacks on Remote Desktop Protocol, then stole data from victim companies and threatened to sell the stolen data on criminal marketplaces if the ransom demand was not paid. The hackers issued ransom demands of between $75,000 and $350,000 in Bitcoin and issued multiple threats if the ransom was not paid. In some instances, individuals in the victim companies received personal threats against them and their family members via the telephone, email, and text messages.
Victims of The Dark Overlord included accounting firms, healthcare providers, and other companies. Healthcare provider victims included Farmington, MO-based Midwest Orthopedic Group, Swansea, IL-based Quest Records, Prosthetics & Orthotics Care in St. Louis, and Athens, GA-based Athens Orthopedic Clinic. Athens Orthopedic Clinic was recently fined $1.5 million for HIPAA failures discovered by the HHS’ Office for Civil Rights when investigating The Dark Overlord hacking incident.
The UK national, Nathan Wyatt, 39, was arrested by UK police in September 2017 over the hacking of the iCloud account of Pippa Middleton, the sister of the Duchess of Cambridge. Around 3,000 photographs were stolen and a ransom demand of £50,000 was issued for their return. He was released without charge but was later charged on 20 counts of fraud by false representation, two counts of blackmail, and one count of possession of an identity document with intent to deceive. One of the attacks involved the blackmailing a law firm in the UK as part of the Dark Overlord hacking group. Wyatt was sentenced to 3 years in jail in the UK for the offenses.
Wyatt was then indicted by a grand jury in November 2017 over his role in the Dark Overlord attacks on 5 victim companies in the United States and was extradited to the United States in December 2019 where he has remained in custody.
Wyatt was indicted on 6 counts. 1 count of conspiracy, 2 counts of aggravated identity theft, and 3 counts of threatening to damage a protected computer. Wyatt entered into a plea arrangement and agreed to plead guilty to the conspiracy charge if the remaining five counts were dropped.
Wyatt admitted being part of The Dark Overlord hacking group and that he and his co-conspirators obtained sensitive data from victim companies, including patient medical records, and threatened to publish or sell the data if the ransom demand was not paid.
Wyatt did not orchestrate the attacks and was not one of the leaders of the group. Wyatt’s role was “creating, validating, and maintaining communication, payment, and virtual private network accounts that were used in the course of the scheme to, among other things, send threatening and extortionate messages to victims,” according to the Department of Justice.
U.S. District Judge Ronnie White, of the Eastern District of Missouri, sentenced Wyatt to 60 months in jail less time already served and ordered Wyatt to pay $1,467,048 in restitution to the victim companies.
“Nathan Wyatt used his technical skills to prey on Americans’ private data and exploited the sensitive nature of their medical and financial records for his own personal gain,” said Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division. “Today’s guilty plea and sentence demonstrate the department’s commitment to ensuring that hackers who seek to profit by illegally invading the privacy of Americans will be found and held accountable, no matter where they may be located.”