Advertisement

The Dark Overlord hacking suspect who’s fighting extradition to the U.S. is running out of options

Nathan Wyatt could be on his way to the U.S. before the end of the year. The group known as the Dark Overlord has been tied to a series of attacks on U.S. schools, health care providers and Netflix.
Hacker
(Getty Images)

An alleged member of the Dark Overlord hacking crew could be extradited to the U.S. before the end of the year.

Nathan Wyatt, a 39-year-old U.K. resident, has been charged with conspiracy, two counts of aggravated identity theft and three counts of threatening damage to a computer in connection with a U.S. investigation into the Dark Overlord, according to British court documents. He’s nearing the end of a yearlong legal battle in which his attorneys have argued he shouldn’t be sent to the U.S. The opportunities to continue the fight, however, are becoming scarce.

The Dark Overlord is a well-known gang that specializes in stealing sensitive material, then threatening victims with exposure unless they pay an extortion fee. The group is perhaps best known for leaking unreleased episodes of the Netflix show “Orange Is the New Black,” though it also has forced the closure of U.S. schools by threatening students’ families and this year published stolen documents related to the 9/11 terrorist attacks.

British police first arrested Wyatt in September 2016 on suspicion that he hacked the iCloud account of Pippa Middleton, the socialite and sister of the Duchess of Cambridge, to access private images. He was released without charge in that case, but in 2017 pleaded guilty to 20 counts of fraud, holding a fake passport and blackmail.

Advertisement

The U.S. charges relate to an incident in which the Dark Overlord breached healthcare and accounting companies, then threatened to publish that information unless the victim paid a ransom. It remains unclear what role in the hacking ring U.S. prosecutors believe Wyatt played.

After months of legal wrangling over his extradition, a British judge on Nov. 6 ruled against Wyatt in an appeal hearing where he asked the court to overturn a prior decision authorizing his extradition to the U.S. Under British law, Wyatt has until Nov. 20 to submit an application to appeal to the U.K. Supreme Court. If that application is refused, or if there’s no application at all, Wyatt will be sent to the U.S. within 28 days of Nov. 20.

Normally, when the appeal process is exhausted, the U.K. secretary of state must approve the extradition. That’s already happened in this case.

Neither Wyatt’s defense counsel nor the U.S. Department of Justice responded to requests for comment from CyberScoop. The DOJ typically does not comment on extradition-related matters until a suspect arrives in the U.S. An email address long used by the Dark Overlord did not immediately respond Friday.

British prosecutors did not identify the victims the Dark Overlord allegedly hacked, but its clear the activity Wyatt is accused of participating in occurred years ago. The extradition requests relates to attacks against four unnamed healthcare companies and a public accounting firm “whose owner received an email that contained personal information about his family and business, with a threat to publish unless 250 bitcoins were paid,” according to the court files.

Advertisement

The attacks against the health care companies used more personal attacks to convince victims to send money.

In one case, the scammers combined corporate data with information about the company owner’s family to request a payment. They also sent threatening messages to the owner’s daughter, prosecutors say. Another victim was asked to pay $75,000 to avoid its confidential information from being spread around the web, though it was posted on Twitter.

The extradition documents don’t name any co-defendants, though others do appear to be under investigation, according to the U.K. court filing.

Wyatt appears to be a different suspect than another accused member of the Dark Overlord, identified only as S.S., who was arrested by Serbian police in May 2018. Months after that news, the Dark Overlord, already a prolific hacking group, posted job listings on gated forums seeking to hire new members. The recruitment campaign sought to fill four vacancies, and the Dark Overlord later said three positions had been filled.

“If you’re goal-oriented and used to objectives and achieving them, then you’re perfect for us,” the ad said. “Must have a winning attitude. Life’s too short not to be rich.”

Jeff Stone

Written by Jeff Stone

Jeff Stone is the editor-in-chief of CyberScoop, with a special interest in cybercrime, disinformation and the U.S. justice system. He previously worked as an editor at the Wall Street Journal, and covered technology policy for sites including the Christian Science Monitor and the International Business Times.

Latest Podcasts