Nathan Wyatt, pictured outside Westminster Magistrates’ Court with partner Kelly Howell, is fighting extradition to the US after being charged with cyber crimes against healthcare firms
A stay-at-home father once accused of hacking Pippa Middleton is now fighting extradition to the US over cyber attacks on healthcare firms.
Nathan Wyatt, 37, was arrested in 2016 after the Duchess of Cambridge’s sister had 3,000 images stolen from her iCloud account.
He was later released without charge due to lack of evidence, but during their investigation police found he had hacked a US law firm and demanded 10,000 euros to fix the damage.
Wyatt was then jailed in September 2017 over the blackmail and other credit card fraud before being released last August.
But he was then immediately seized over similar blackmail schemes against healthcare and accountancy firms in Missouri after authorities in the US issued a warrant for his arrest.
He has been charged with one count of conspiracy to blackmail healthcare providers in the USA, two counts of aggravated identity theft and three counts of threatening damage to a protected computer.
Westminster Magistrates’ Court heard today that Wyatt, a house-husband from Northamptonshire, extorted the American healthcare providers out of thousands of dollars in cryptocurrency under the moniker of ‘The Dark Overlords’.
Daniel Sternberg, prosecuting, said: ‘In terms of the domestic proceedings in this jurisdiction, Mr Wyatt was arrested on August 7 last year at the gates of HMP Wandsworth where he was serving a domestic custodial sentence.
‘He declined to consent to extradition.
‘An arrest warrant was issued by the US district of Missouri on November 8th, 2017.
‘It is said he threatened the owners of the data in those computers that they would release it.’
The first of these blackmails allegedly occurred in April 2016 – with the hacker group demanding a ransom paid to a Paypal account in the cryptocurrency Bitcoin.
Mr Sternberg said: ‘Threatening emails to the victims were sent. The healthcare provider was located in the eastern district of Missouri in the United States of America.
‘On the April 23, 2016, the victim, a healthcare records company in Missouri received various threats from a Gmail email address.
Wyatt, pictured at court with his partner, allegedly hacked into the networks of businesses in Missouri and demanded ransom money in Bitcoin to fix the damage. Authorities say he called himself ‘The Dark Overlords’
‘The victim was informed their Dropbox and Paypal accounts had been hacked and that their funds had been paid out on Paypal.
‘They were told to respond or they would be publicly named as the source of their client’s suffering.’
Another victim, also a health care provider in Missouri, received threats in June 2016.
The prosecutor said: ‘The Dark Overlords demanded Bitcoins to satisfy its demands. Attached to emails was various personal information about the owner of the company and his family.
‘On July 17 threatening text messages were sent to the daughter of the owner.
‘They were informed its network had been hacked and they were asked to pay $75,000 in Bitcoins in order to meet The Dark Overlords demands.’
The court heard another healthcare provider in Athens, Georgia, had its database hacked and was threatened with illegal data being reported to the US Department of Health and Human Services.
They were told to make payments in Bitcoin to the hackers, who released 500 records belonging to the company onto a website called ‘Paste Bin’.
Mr Sternberg added: ‘On July 27, The Dark Overlords sent an email saying they would accept a payment of £400,000 to be sent in £100,000 increments to four different bank accounts.’
A final victim is said to be a public accounting firm in Missouri which was hacked in July 2016.
The Department of Justice want to extradite the convicted fraudster to face trial in the eastern district of Missouri – where the majority companies and individuals affected by the hacking and blackmail are located.
Wyatt, pictured with Ms Howell, was previously jailed for a similar crime against a US law firm in 2016 that was uncovered after he was investigated over an alleged hack on Pippa Middleton
The court heard that Wyatt was linked to the hacking attacks in respect of the blackmail attempts to the healthcare provider in Georgia.
Mr Sternberg said: ‘One of the bank accounts to be paid the demand into was that of Mr Wyatt, and that of his girlfriend in Wellingborough in the UK.
‘That clearly connected Mr Wyatt in the conduct against companies and persons in the US.
‘Mr Wyatt’s IP address was used to register a telephone number that was used to send threatening messages. It was used to register an email address in the name of ‘Lauren Bowler’, the alias used by Mr Wyatt.
‘The Gmail account was used in this name and also used to search for one of the victim’s president.
‘The same phone number was used to register a WhatsApp account in November 2016, which used Mr Wyatt’s picture as the avatar.
‘The same number was used to log-in to a Paypal account that received stolen funds from one of the victims.
‘Another phone number was used to set up a Twitter amount used by The Dark Overlords on July 1 2016 and to register a VPN in April 2016.
‘That VPN was used to log-in to Mr Wyatt’s Facebook account.
‘Another email address Mr Wyatt is connected to has been abbreviated to ‘….2’@gmail.com’ was used to register The Dark Overlords Twitter account.
‘In short he set up multiple accounts to set up and extort the companies. He’s therefore charged in the conspiracy.’
District Judge Nina Tempia adjourned the hearing until her judgment later this month.
Wyatt, of Wellingborough, Northamptonshire, was bailed to appear at Westminster Magistrates’ Court for that judgment.
As part of his bail conditions he is not able to possess or order new travel documents and is electronically tagged. He also has to report to a police station every day.
The court heard he was a ‘house husband’ and stayed at home to look after his youngest two children, aged six and 12, in an application to vary his bail conditions.
Kate O’Raghallaigh, defending, said Wyatt wanted to check in at a police station at a later time at the weekends so he could spend time with his children.
Wyatt was previously accused of taking thousands of images of the Duchess and her children, Prince George and Princess Charlotte, with police claiming the pictures were then offered for sale for £50,000.
Pippa and now-husband James Matthews took the case to the High Court in 2016 to obtain an order barring publication of any photos or material leaked from her iCloud account.