Tuesday: UK High Court will hear extradition appeal from alleged member of thedarkoverlord

It has been more than three years since a threat actor or group calling themselves thedarkoverlord (TDO) dramatically announced that they were hacking medical practices and demanding large amounts of bitcoin to not dump or sell patient data.

Tomorrow, one man allegedly associated with TDO will be hoping that his lawyers can successfully appeal a District Judge’s decision to extradite him to the U.S. His appeal will be heard by a panel of High Court judges.

Nathan Wyatt, a 38 year-old man from Wellingborough who is also known as “Crafty Cockney,” faces six counts in an indictment issued by a grand jury in the Eastern District of Missouri:

• One count of conspiracy against the U.S. (18 USC 371 )
• Two counts of aggravated identity theft (18 USC 1028)
• Three counts of threatening damage to a protected computer (18 USC 1030)

The affidavit filed by DOJ lists five victim companies — four in Missouri and 1 in Atlanta. The affidavit links all five victims and extortion attempts to Wyatt in various ways. There is a lot of detail about the evidence the prosecution will be presenting at trial — IP addresses, email addresses, bank account information, phone numbers, and other information that they claim can be traced directly to Wyatt. Based on their detailed affidavit, Wyatt seems to have been stunningly sloppy in his operational security or overconfident as he allegedly used his unmasked personal details to register for accounts that were used to register for other accounts used as part of criminal operations. He left what appears to be a very compelling trail linking him to thedarkoverlord (TDO) activities. Of course, these are just unproven allegations at this point.

But even if Wyatt is not the brains/leader of TDO (and anyone who uses their own details and their fiancee’s personal details to set up bank accounts to receive extortion payments does not strike me as likely to be the brains of a criminal enterprise), the government appears to have built a convincing case that he was a conspirator in this organized hacking and extortion ring.

Wyatt’s appeal of the extradition ruling will likely focus on the argument that the crimes that he allegedly committed would have been committed in the U.K., even though their impact might be in the U.S. His solicitors will  likely also argue that because Wyatt has no ties to the U.S., but has children in the U.K. and a fiancee with whom he lives and co-parents, the interests of justice would be better served by having him stand trial in the U.K.

The DOJ’s filings, which are not public at this point, describe, but do not name the five victim entities, but here’s who I think the filings are describing:

• Victim 1 is described, in part, as an entity in Farmington, Missouri. The description and dates of emails suggests that Victim 1 is likely Midwest Pain & Spine.
• Victim 2 is described as a health records management firm. That one would be Quest Health Information Management Solutions. Of note, the government filing indicates that Victim 2 did pay ransom.
• Victim 3 was described as having multiple locations in Missouri. That sounds like Prosthetic & Orthotic Care.
• Victim 4 was described as a public accounting firm in St. Louis, whose owner’s first name is “David.” Although I never reported on this one publicly, it sounds like they are describing Smith Patrick LLC. TDO had informed me of that one and shown me some screenshots as proof. He had also tweeted something about this one but then removed the tweets.
• Victim 5 is a medical clinic in Atlanta. For multiple reasons in the description of this victim, it seems clear that they are referring to the Athens Orthopedic Clinic case that I have reported on numerous times on this site.

These five victims are just a drop in the bucket for what TDO did while they were active (and I do not know if they are still active). We do not know how many other grand juries around the U.S. have also indicted Wyatt or what other charges he may face in the U.S.

The Eastern Missouri indictment does not indict any other individuals. If Wyatt is extradited and winds up facing a lot of time in a U.S. federal prison, will he flip on others?  TDO disappeared from public view in January 2019 after KickAss Forum shuttered its doors. Wyatt learned at the end of January that he would be extradited to the U.S. Is TDO’s continued disappearance since then connected to Wyatt’s extradition situation?

To be clear: Wyatt has not been charged with actually doing any hacking (at least not in this indictment). But he doesn’t have to be charged or convicted for actual hacking to face a lot of prison time. Think of Barrett Brown’s case to realize that conspiracy can be a serious matter.

One curious note:  Wyatt is being represented by Tucker Solicitors. That is a law firm that he is unlikely to be able to afford. In the past, Wyatt told this blogger that the royal family had retained those solicitors to represent him as they didn’t want the hacked pictures of Pippa Middleton coming out. This site could not confirm or refute Wyatt’s claim about that, but if he was telling the truth back then, is the royal family still paying Tucker Solicitors’ fees? DataBreaches.net reached out to the solicitors to ask them some other questions, but got no response at all, so that question hasn’t been put to them. [UPDATED Oct. 22:  Wyatt’s fiancee says that the royals are not paying the fees (see her comment below this post).

Tomorrow, the lawyers will argue their positions. The High Court panel can then issue a decision immediately or they may reserve judgment until a later date. It will be interesting to see what they decide and why.