U.S. and international authorities have arrested a British national who allegedly was the notorious hacker “IntelBroker” and four other individuals believed to be operators of the BreachForums online marketplace for stolen data.
The hacker IntelBroker, identified in an indictment as 25-year-old Kai Logan West, was arrested in France in February but the details of the case were only released this week by the by the U.S. Justice Department (DOJ). In addition, French authorities this week announced they detained four people who were identified by their online handles – “ShinyHunters,” “Noct,” “Depressed,” and “Hollow.”
All are accused of being involved in a range of data breaches involving high-profile targets around the world that resulted in tens of millions of dollars in losses to the companies and using the BreachForums dark web site to advertise and sell the stolen data. BreachForums’ operations were disrupted in 2023, though ShinyHunters regained control of the domain a year later. The site went dark again in April 2024, with authorities speculating it was hit by a MyBB zero-day vulnerability.
The arrests of IntelBroker and the other hackers is the latest in an ongoing string of international law enforcement initiatives that are targeting global cybercrime operations. With the arrest of West – aka Kyle Northern – U.S. authorities say they’ve captured someone who with co-conspirators in an online group calling themselves CyberN[——] – caused more than $25 million in damages to his more than 40 victims and offered the stolen data online for more than $2 million.
Prolific Hacker
West’s alleged crime spree ran from late 2022 to earlier this year. According to the indictment released this week, West is charged with wire fraud, access a protected computer to obtain information, and conspiracy to commit computer intrusions and wire fraud. He was arrested in France and is being held there while U.S. prosecutors seek his extradition to the United States.
He’s accused of going onto BreachForums – which the indictment refers to as Forum-1 – 41 times offering to sell stolen data, and another 117 times offering hacked data for free in attempts to bolster his credibility. He also was highly active on BreachForums, posting about 335 public messages and 2,126 comments or responses on online threads.
The list of victims of West and his conspirators is lengthy and varied and includes tech companies (AMD, Apple, Cisco, HPE, and Nokia), commercial entities like Home Depot, T-Mobile, and AT&T, government agencies (U.S. Defense Department and Europol), and financial companies, including HSBC and Barclays Bank.
Telecom, ISP, Health Care Facility Among Victims
In the indictment, investigators listed several instances, including allegations of stealing data from U.S. telecom company and then offering the information for sale. The same year, he is accused of infiltrating an internet service provider.
Later in 2023, he allegedly breached a municipal government health care facility and stealing patient data, including names, name, Social Security Numbers, dates of birth, gender, health plan information – including the plan and carrier names, premium amounts, employer contribution, and coverage dates – employer information, and enrollee information that included addresses, emails, phone numbers, race, ethnicity, and citizenship status.
Leaving a Trail
West was tracked down during a two-year investigation into IntelBroker, according to the indictment. The investigation included search warrants, document reviews, information from the Bitcoin blockchain, and conversations with IntelBroker by undercover law enforcement officers acting as a buyer of stolen data starting in January 2023, when an undercover officer contacted IntelBroker about stolen data he was offering for sale. They linked a crypto wallet and an account on online payment processor Ramp to West, both of which were registered to an personal email account belonging to West.
They also linked another email account with a username of Kyle Northern that included a driver’s license photo of West. In addition, investigators were able to tie public messages posted under YouTube videos to West and IntelBroker.
