Pippa hacker jailed for three years for blackmail
A website designer once quizzed over the hacking of Pippa Middleton’s iCloud before thousands of intimate snaps were offered for ransom has been jailed for three years for blackmailing a law firm.
Nathan Wyatt, 36, was held after media outlets alerted police about the massive hacking plot in which criminals plundered thousands of intimate photos of Ms Middleton.
Ms Middleton, 34, whose sister is the Duchess of Cambridge, was at the centre of a major security alert after an unidentified man offered to sell 3,000 images of her and her royal relatives for £50,000.
Prosecutors have since confirmed Wyatt will face no further action in relation to that matter.
But when officers searched his home during the Middleton investigation on 24 September 2016 they seized a number of devices which revealed Wyatt was involved in a series of frauds.
He had used credit cards belonging to a handful of men, including his late step-father, to buy a gifts and home appliances including the ‘Guitar Hero’ game as well as Disney toys from Argos between May and December.
Wyatt also admitted making attempts to extort 10,000 Euros from a law firm in the north of England after using stolen passwords to hack his way into their system and steal sensitive unauthorised information.
That data was later attached to two blackmail demands from ‘The Dark Overlords’.
The fraudster had been hoping to use the money to buy further Christmas presents for his three children, Southwark Crown Court heard.
His common law wife Kelly Walker, 39, was also charged with handling some of the purchased items and encouraging the commission of an offence by allowing her credit card to be used in connection with fraud.
But those charges were dropped after Wyatt admitted 20 offences of fraud, one of blackmail and one of possessing identity documents with intent at an earlier hearing.
Jailing Wyatt for three years, Judge Martin Griffith said: ‘This type of blackmail is very much of the 21st Century and differs from cases in the where, in the past, threats would be made to the physical safety and well-being of the victim.
‘Any form of blackmail, even by people in your circumstances who have not been before the court, making a threat to someone in whatever way you did is a serious offence and undoubtedly the court has to impose deterrent sentences.’
Prosecutor Alison Morgan said: ‘The investigation into Mr Wyatt began in late September 2016 and actually arose as a result of other matters.
‘They related to matters relating to Philippa Middleton and those matters were not proceeded with.
‘But that was the reason why Mr Wyatt was under investigation and that led to a search warrant being executed at his home address, at the family home.
‘Mr Wyatt lived there with his partner and child.
‘During the course of the search a number of media devices were seized by police.
‘Mr Wyatt was interviewed in relation to the Philippa Middleton allegations and at that point the police investigation into the wider use of his devices continued.’
She added: ‘Mr Wyatt was released from custody in late September and the police investigation and examination of the devices revealed that prior to that September date, Mr Wyatt had been engaged in fraudulent activity, including the use of his step-father’s bank card.’
Wyatt hijacked the credit card to run up £4,750 worth of unauthorised purchases.
He had also doctored a genuine passport to reflect his name and personal details alongside a stranger’s photo which was used to try and obtain a pre-paid wire card.
Ms Morgan suggested the card could have been intended for use to purchase items over the dark web to further ‘facilitate fraud’.
Interrogations of Wyatt’s computer tower showed that the internet history beyond ten days prior to his arrest could not be traced.
It had also been used to ‘create a considerable number of different online accounts’, including 10 PayPal accounts, five eBay accounts, 13 Amazon accounts and seven with Vodafone.
After he was bailed by police in relation to the Middleton investigation, Wyatt used a further four cards to make purchases from Argos totalling £885.
There were also a string of failed attempts for goods valuing £1,565.
‘The background to this offence is a prolific level of activity,’ added the prosecutor.
‘Whilst it may not be possible to prove Mr Wyatt was responsible for the original level of hacking in this case, we do know that at a secondary level he gained unauthorised access to at least the solicitors firm’s computer.
‘But whilst we accept that it may not be possible to prove that he is the person navigating the dark web to instigate incidents of hacking, we still say he is operating at a high level of sophistication in this case.’
On December 19 2016, the legal firm received an email headed ‘Your Data Breach Return Offer’ alerting them to hacking activity which had taken place earlier in the year.
The message ‘supplied a small amount of proof should you feel that we are not deadly serious of our intention here’ consisting of sensitive passwords and identity documents.
Also included was a demand for the payment of 10,000 Euros in Bitcoin by Christmas Eve or else the data would be sold to fraudsters in Russia and China.
The message was signed: ‘Regards, The Dark Overlords.’
‘That email was sent by this defendant,’ said Ms Morgan.
‘Copies of the scans sent with that email were also found on the defendant’s computer tower.’
The court heard Wyatt appears to have come into possession of the document entitled ‘IDs and passwords’.
From that, he was able to glean log-in details from that document, allowing him access to the confidential data which was later sent with the ransom demand.
When the solicitors firm failed to respond, a second message was sent on December 23 last year from the same group threatening ’24 hours until we sell your data’.
The second threat prompted the firm to report the matter to police who traced Wyatt through the IP address used to send it.
Defending, Mark Gatley described Wyatt as ‘a man bowing to pressure’ in the run-up to Christmas before employing the ‘enormously stupid strategy to approach the law firm’.
He told the court Wyatt and his partner had been given permission to use his step-father’s card to buy gifts for the children while he was still alive and simply carried on as it was still to hand.
‘The purchases from the cards, they were Christmas presents for his children,’ said Mr Gatley.
Wyatt, of Henshaw Road, Wellingborough, Northants, was jailed for a total of three years.