A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO).
The alleged TDO member, named Nathan Francis Wyatt, 39, was arraigned in a Saint Louis court today, where he pleaded not guilty. According to court documents, US authorities believe Wyatt was one of the many TDO members who, since 2016, have been hacking US companies, stealing their data, and asking for huge ransoms.
If victims didn’t pay, the group would put the data up for sale on hacking forums, leak it on the public internet, or tip journalists about the breach in order to generate negative press coverage for the hacked company.
The official indictment claims that Wyatt and the other TDO members have been behind hacks at healthcare providers and accounting firms in the state of Missouri between the start of 2016 and late 2017 when the indictment was formally filed with a local court.
However, the group’s hacking activity is way broader. Since early 2016, TDO has claimed responsibility for tens of hacks. Below is a list of breaches for which the group has publicly taken credit, and which received media coverage. Here are just a few of the ‘Hacks’ he perpetrated;
- Hacked three healthcare organizations and sold 651,894 patient records on the Dark Web
- Sold over 3 million patient records from an unnamed healthcare insurance provider
- Hacked and extorted the Cancer Services of East Central Indiana-Little Red Doorcentre
- Hacked Netflix and leaked episodes from season 5 of “Orange Is The New Black”
- Hacked ABC and leaked episodes from “Steve Harvey’s Funderdome” TV show
- Hacked Larson Studios, Inc.a Hollywood audio post-production studio, and stole a large collection of unreleased TV show episodes
AGGRESSIVE AND UNORTHODOX EXTORTION CAMPAIGNS
The group was also known for its unorthodox and aggressive extortion campaigns. For example, in late 2018, TDO members started sending bomb threats to schools in Montana which refused to pay ransom demands. When that failed, TDO members began sending death threats to students.
In many other cases, the group also made fun of victims by forcing them to sign legal contracts. These contracts included terms of the extortion demand, and the hackers’ and the victim’s responsibilities. In another case, TDO members left rap-like extortion demands on a victim’s voice mail.
Even the US indictment filed in 2017 includes one case where TDO took extortion demands a tad bit too far. In this case, Wyatt allegedly sent threatening SMS texts to the daughter of one of the hacked companies’ CEO. Prior to being charged in the US, Wyatt already had a history of hacking in the UK. He was previously arrested by British police in September 2016 on suspicion of hacking the iCloud account of Pippa Middleton, the sister of the Duchess of Cambridge.
A formal case was never brought forward, and Wyatt was set free, only to be arrested again in 2017, when he pleaded guilty to 20 counts of fraud, holding a fake passport and blackmail.
After being charged in the US indictment, Wyatt has spent the past few months fighting his extradition. More to follow soon!