Wellingborough criminal facing extradition to the US

Nathan Wyatt leaves court.
Nathan Wyatt leaves court.

A stay-at-home Wellingborough dad once accused of hacking Pippa Middleton is facing extradition to America.

Nathan Wyatt, 37, was arrested but cleared of hacking the iCloud account of the Duchess of Cambridge’s sister in 2016.

Nathan Wyatt leaves court.

Nathan Wyatt leaves court.

Wyatt was accused of taking thousands of images of the Duchess and her children, Prince George and Princess Charlotte.

Pippa and now-husband James Matthews took the case to the High Court in 2016 to obtain an order barring publication of any photos or material leaked from her iCloud account.

Having seized Wyatt’s electronic devices during the 2016 investigation, officers then found evidence he had blackmailed a law firm by hacking into their computer network and sending a €10,000 ransom note signed The Dark Overlords.

Now father-of-three Wyatt is wanted in the United States after being linked to similar activity in Missouri.

At least three healthcare providers and an accounting company are said to have been affected, Westminster Magistrates’ Court heard.

Wyatt was jailed for three years for blackmailing the law firm in this country - alongside other unrelated credit card fraud charges - in September 2017.

On his early release from jail last August, he was immediately charged with one count of conspiracy to blackmail healthcare providers in the USA, two counts of aggravated identity theft and three counts of threatening damage to a protected computer.

The court heard yesterday that Wyatt extorted the American healthcare providers out of thousands of dollars in cryptocurrency under the moniker of ‘The Dark Overlords’.

Daniel Sternberg, prosecuting, said: “In terms of the domestic proceedings in this jurisdiction, Mr Wyatt was arrested on August 7 last year at the gates of HMP Wandsworth where he was serving a domestic custodial sentence.

“He declined to consent to extradition.

“An arrest warrant was issued by the US district of Missouri on November 8, 2017.

“It is said he threatened the owners of the data in those computers that they would release it.”

The first of these blackmails allegedly occurred in April 2016 - with the hacker group demanding a ransom paid to a Paypal account in the cryptocurrency Bitcoin.

Mr Sternberg said: “Threatening and exterminate emails to the victims were sent.

“The healthcare provider was located in the eastern district of Missouri in the United States of America.

“On the 23 April 2016, the victim, a health care records company in Missouri received various threats from a Gmail email address.

“The victim was informed their Dropbox and Paypal accounts had been hacked and that their funds had been paid out on Paypal.

“They were told to respond or they would be publicly named as the source of their client’s suffering.”

Another victim, also a health care provider in Missouri, received threats in June 2016.

The prosecutor said: “The Dark Overlords demanded Bitcoins to satisfy its demands.

“Attached to emails was various personal information about the owner of the company and his family.

“On July 17 threatening text messages were sent to the daughter of the owner.

“They were informed its network had been hacked and they were asked to pay $75,000 in Bitcoins in order to meet The Dark Overlords demands.”

A healthcare provider in Athens, Georgia, had its database hacked and was threatened with illegal data being reported to the US Department of Health and Human Services.

They were told to make payments in Bitcoin to the hackers, who released 500 records belonging to the company onto a website called ‘Paste Bin’.

On July 27, The Dark Overlords sent an email saying they would accept a payment of £400,000 to be sent in £100,000 increments to four different bank accounts.”

A final victim is said to be a public accounting firm in Missouri. It was hacked in July 2016.

The Department of Justice want to extradite the convicted fraudster to face trial in the eastern district of Missouri - where the majority companies and individuals affected by the hacking and blackmail are located.

The court heard that Wyatt was linked to the hacking attacks in respect of the blackmail attempts to the healthcare provider in Georgia.

Mr Sternberg said: “One of the bank accounts to be paid the demand into was that of Mr Wyatt, and that of his girlfriend in Wellingborough in the UK.

“That clearly connected Mr Wyatt in the conduct against companies and persons in the US.

“Mr Wyatt’s IP address was used to register a telephone number that was used to send threatening messages. It was used to register an email address in the name of ‘Lauren Bowler’, the alias used by Mr Wyatt.

“The Gmail account was used in this name and also used to search for one of the victim’s president.

“The same phone number was used to register a WhatsApp account in November 2016, which used Mr Wyatt’s picture as the avatar.

“The same number was used to log-in to a Paypal account that received stolen funds from one of the victims.

“Another phone number was used to set up a Twitter amount used by The Dark Overlords on July 1 2016 and to register a VPN in April 2016.

“That VPN was used to log-in to Mr Wyatt’s Facebook account.

“Another email address Mr Wyatt is connected to has been abbreviated to ‘...2”@gmail.com’ was used to register The Dark Overlords Twitter account.

“In short he set up multiple accounts to set up and extort the companies. He’s therefore charged in the conspiracy.”

District Judge Nina Tempia adjourned the hearing until her judgment later this month.

Wyatt was bailed to appear at Westminster Magistrates’ Court for that judgment.

As part of his bail conditions he is not able to possess or order new travel documents and is electronically tagged. He also has to report to a police station every day.