The U.S. Department of Justice issued an advisory that an associate of the well known hacking group, The Dark Overlord, obtained his sentence to 5 years imprisonment and has been required to pay off $1.4 million in indemnification.
The Dark Overlord started off targeting U.S. companies in 2016. The hackers obtained access to the computer networks of organizations by using brute force attacks on Remote Desktop Protocol and they stole information from victim firms and threatened to market the stolen data files on criminal marketplaces whenever no ransom is paid. The attackers set ransom demands of $75,000 up to $350,000 in Bitcoin and gave a number of threats when the ransom wasn’t paid. On certain occasions, folks in the victim organizations were given personal threats including their family via email, telephone, and texting.
The Dark Overlord’s targeted victims included accounting agencies, healthcare companies, and other corporations. Healthcare organization victims included Farmington, Quest Records, Midwest Orthopedic Group, Athens, Athens Orthopedic Clinic, and Prosthetics & Orthotics Care in St. Louis. The HHS’ Office for Civil Rights recently fined Athens Orthopedic Clinic in the amount of $1.5 million for its HIPAA failures, which was determined when investigating The Dark Overlord hacking case.
Nathan Wyatt, age 39, a UK national, was charged by the British authorities in September 2017 in association with the attack on the iCloud account of Pippa Middleton, the sister of the Duchess of Cambridge. Approximately 3,000 images were stolen and the attacker set a ransom payment of £50,000. He was discharged but was eventually charged on 20 counts of fraud by false representation, two counts of blackmail, and one count of possessing an identity record with the motive of deception. One attack involved blackmailing a law practice in Great Britain linked to the Dark Overlord hacking group. Wyatt is going to serve his sentence of 3 years in prison in the United Kingdom for his criminal acts.
In November 2017, Wyatt was afterward indicted by a grand jury regarding his part in the Dark Overlord attacks that involve 5 victim firms in the US and was extradited to the USA in December 2019 where he was kept in custody.
Wyatt was accused of 6 counts. 1 count of conspiracy, 2 counts of aggravated identity theft, and 3 counts of threatening to ruin a secured computer system. Wyatt went into a plea arrangement and consented to plead guilty to the conspiracy charge in exchange for the dropping of the other five counts.
Wyatt publicly stated being a member of The Dark Overlord hacking group. He additionally mentioned that he and his co-conspirators acquired sensitive information from victim organizations, which include patient medical information, and threatened to post or sell the data files in case there is no ransom paid.
The Department of Justice stated that Wyatt never plan the attacks and wasn’t one of the group’s leaders. Wyatt’s job was “creating, verifying, and retaining payment, communication, and virtual private network accounts that were utilized in the duration of the plan to give frightening and extortionate announcements to victims.
U.S. District Judge Ronnie White, of the Eastern District of Missouri, pronounced a sentence on Wyatt to serve 60 months imprisonment less the time actually served and directed Wyatt to pay $1,467,048 in indemnification to the victim firms.
Nathan Wyatt made use of his technical skills to attack the private data of US citizens and exploit the sensitive nature of their healthcare and financial data for his own benefit. Acting Assistant Attorney General Brian C. Rabbitt of the Justice Department’s Criminal Division said that the guilty plea and sentence prove the department’s determination to making certain that hackers who try to profit by illegally meddling with the privacy of Americans will be identified and held liable, irrespective of where they may be residing.