Member of 'The Dark Overlord' hacking group extradited to the US


A British man was extradited to the US this week to face charges of hacking and extorting US companies while part of an infamous hacking group known as The Dark Overlord (TDO).

The alleged TDO member, named Nathan Francis Wyatt, 39, was arraigned in a Saint Louis court today, where he pleaded not guilty.

According to court documents, US authorities believe Wyatt was one of the many TDO members who, since 2016, have been hacking US companies, stealing their data, and asking for huge ransoms.

If victims didn’t pay, the group would put the data up for sale on hacking forums, leak it on the public internet, or tip journalists about the breach in order to generate negative press coverage for the hacked company.

The official indictment claims that Wyatt and the other TDO members have been behind hacks at healthcare providers and accounting firms in the state of Missouri between the start of 2016 and late 2017 when the indictment was formally filed with a local court.

Responsible for tens of hacks

However, the group’s hacking activity is way broader. Since early 2016, TDO has claimed responsibility for tens of hacks. Below is a list of breaches for which the group has publicly taken credit, and which received media coverage.

  • Hacked three healthcare organizations and sold 651,894 patient records on the Dark Web
  • Sold over 9.3 million patient records from an unnamed healthcare insurrance provider
  • Hacked and extorted the Cancer Services of East Central Indiana-Little Red Door center
  • Hacked Netflix and leaked episodes from season 5 of “Orange Is The New Black”
  • Hacked ABC and leaked episodes from “Steve Harvey’s Funderdome” TV show
  • Hacked Larson Studios, Inc. a Hollywood audio post-production studio, and stole a large collection of unreleased TV show episodes
  • Hacked H-E Parts International Morgan
  • Hacked Line 204, a provider of sound stages for Hollywood studios
  • Hacked Austin Manual Therapy Associates
  • Hacked SMART (“Sports Medicine and Rehabilitation Therapy”) Physical Therapy
  • Hacked Hand Rehabilitation Specialists
  • Hacked Gorilla Glue
  • Hacked and released data from multiple companies, such as: Pre-Con Products, G.S. Polymers, PcWorks, International Textiles & Apparel, and UniQoptic.
  • Hacked Caribbean Island Properties, a real estate company
  • Hacked Prime Staff Inc., an HR firm
  • Hacked Channel Ship Services, a sea shipping company
  • Hacked Sterling National Financial Group, an insurrance firm
  • Hacked AZ Plastic Surgery Center

Aggressive and unorthodox extortion campaigns

Many other intrusions went unreported or unverified, based on conversations this reporter had with the hackers in the past. This reporter declined to cover the group’s breaches after it became apparent the hackers were using media outlets and negative coverage to put pressure on the hacked companies to pay extortion demands [1, 2].

The group was also known for its unorthodox and aggressive extortion campaigns. For example, in late 2018, TDO members started sending bomb threats to schools in Montana which refused to pay ransom demands. When that failed, TDO members began sending death threats to students.

In many other cases, the group also made fun of victims by forcing them to sign legal contracts. These contracts included terms of the extortion demand, and the hackers’ and the victim’s responsibilities.

In another case, TDO members left rap-like extortion demands on a victim’s voice mail.

Even the US indictment filed in 2017 includes one case where TDO took extortion demands a tad bit too far. In this case, Wyatt allegedly sent threatening SMS texts to the daughter of one of the hacked companies’ CEO.



The US indictment seems to confirm a 2017 Motherboard report that suggested that Wyatt (under the nickname of Crafty Cockney) was one of the group members who was calling companies to request the ransoms — with his voice being heard on the rap-like extortion demand linked above.

Prior to being charged in the US, Wyatt already had a history of hacking in the UK. He was previously arrested by British police in September 2016 on suspicion of hacking the iCloud account of Pippa Middleton, the sister of the Duchess of Cambridge.

A formal case was never brought forward, and Wyatt was set free, only to be arrested again in 2017, when he pleaded guilty to 20 counts of fraud, holding a fake passport and blackmail.

After being charged in the US indictment, Wyatt has spent the past few months fighting his extradition to the US.

Another TDO member arrested in Serbia

Wyatt is the second TDO member charged and arrested in this scheme. In May 2018, Serbian authorities arrested a 39-year-old man in Belgrade.

Serbian authorities only shared the man’s initials (S.S.) and birth year (1980), which made tracking his case harder. It is unclear if this TDO member has been set free or is still fighting his extradition case.

TDO members often said they were a three-man crew. According to a Digital Shadows report, after the two arrests, the remaining member appears to have created a forum, where he began recruiting new members.

The forum, named KickAss Forum, was taken down a few months later.

The last mention of TDO activity came in January 2019, when TDO leaked data law firm handling cases related to the September 11 attacks.

About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews

Crypto Scams

Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
Beanstalk Farms Loses $80M In A Massive DeFi Governance Flash-Loan Hack
April 23, 2022
Joon Pak Head of Crypto at Prove talks to Us about Crypto Fraud And More
April 11, 2022
Mintable CEO Zach Burks Talks to Us about the Opensea Stolen NFTs and Their Recovery
March 21, 2022
Crypto Crime
Crypto Crime Surges To Record Highs As Thieves Follow Market Buzz – Chainalysis 2022 Report
February 24, 2022
Bots Circumvent 2FA Login At Coinbase And Other Crypto Exchanges In 2022
Bots Have Circumvented 2FA Logins At Coinbase And Other Crypto Exchanges In 2022
February 17, 2022

Automated trading with HaasBot Crypto Trading Bots

Blockchain/Cryptocurrency Questions and Answers

Roundtable Interview-What is the Effect of The Russia-Ukraine War on Cryptocurrency Prices?
March 4, 2022
How Does Bitcoin Casino Work + 2021 Beginner’s Guide
November 8, 2021
How to Buy and Sell Cryptocurrency
November 8, 2021
What Are Bitcoin Futures And How Will They Work In 2022?
November 4, 2021
The Unconventional Guide to Ethereum
October 28, 2021

CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin29,119 0.27 % 1.68 % 0.47 %
Ethereum1,800.8 0.74 % 4.38 % 8.31 %
Tether1.001 0.05 % 0.04 % 0.04 %
USD Coin0.9989 0.16 % 0.08 % 0.04 %
BNB309.48 0.31 % 2.80 % 2.17 %
XRP0.3878 0.58 % 1.35 % 5.76 %
Binance USD1.002 0.13 % 0.13 % 0.03 %
Cardano0.9566 0.22 % 0.68 % 6.96 %
Solana44.56 0.79 % 8.91 % 10.13 %
Dogecoin0.08205 0.52 % 0.73 % 2.93 %

Bitcoin (BTC) $ 29,037.00
Ethereum (ETH) $ 1,786.92
Tether (USDT) $ 1.00
USD Coin (USDC) $ 1.00
BNB (BNB) $ 307.98
XRP (XRP) $ 0.385581
Binance USD (BUSD) $ 1.00
Cardano (ADA) $ 0.463429
Solana (SOL) $ 44.10
Dogecoin (DOGE) $ 0.081475