Man accused of hacking US healthcare organizations pleads not guilty

A suspected member of The Dark Overlord hacking group goes to court

After 11 months of hiding in the U.K hacker faces court in Missouri. Nathan Francis Wyatt has been extradited to the United States after two years of spending in the United Kingdom.^[1] British man, possibly associated with The Dark Overlord hacking group, appeared in federal court in St. Louis, Missouri, to face the charges related to incidents with healthcare and accounting companies in the United States.^[2] Wyatt accused of hacking and threatening to publish stolen information if the demanded amount in Bitcoin is not paid.

Public court documents state that the suspect is charged to one count of conspiracy, two counts of aggravated identity theft and three counts of threatening to damage the protected computer. For 11 months, Wyatt avoided being deported from Britain and has not yet pledged guilty for all those charges in the U.S court, although crimes occurred between June 10 and July 26, 2016.^[3]

British police first arrested Wyat back in September of 2016 when the investigation was started on the hacked iCloud account of Pippa Middleton, which resulted in more than 3,000 images of her stolen.^[4] He was then released due to lack of needed evidence, but a year later got arrested for credit card fraud, blackmailing, and hacking schemes.

Supposed relation to The Dark Overlord Group hackings

According to the official indictment, Nathan Francis Wyatt was working with suspect co-hackers TDO group. Members of the team are responsible for tens of separate hacks that they have already claimed responsibility publicly. This hacking group was previously attributed to attacks that resulted in leaked episodes of TV shows like Orange Is The New Black 5th season before the official release on Netflix, and hacking campaigns among cancer services and companies.^[5]

Many intrusions and attacks were not reported and unverified. Still, it is known that a particular group is using media outlets and creating negative coverage to put pressure on affected companies and push them to pay the extortion demands. Media reporters from various sources decline to cover breaches and make news articles about attacks of the group due to such techniques and aggressive extortion methods.^[6] These similarities and the fact that Wyatt allegedly sent blackmail messages to victims indicate the relation between TDO and Nathan Francis Wyatt.

Wyatt threatened victims and their relatives with demands for money

Even though the official court document is not specifying companies or organizations, it is known that healthcare providers and accounting firms in Missouri, Illinois, and Georgia states were the victims between the start of 2016 and the end of 2017 when the document was filed with the local court.

Despite the supposed association with the hacker group, Wyatt created and operated the email accounts and phones to threaten organizations and blackmail them to get money. When the initial victims were not responsive, the hacker contacted and threatened their relatives. One of the text messages sent to the daughter of one of the Farmington owners stated:

hi … you look peaceful … by the way did your daddy tell you he refused to pay us when we stole his company files?