Jan 142019

Eileen Yu reports:

Two employees have been sacked and five senior management executives, including the CEO, fined for their role in Singapore’s most serious security breach, which compromised personal data of 1.5 million SingHealth patients. Further enhancements also will be made to beef up the organisation’s cyber defence, in line with recommendations dished out by the committee that reviewed the events leading up to the breach, according to Integrated Health Information Systems (IHIS).

The IT agency responsible for the local healthcare sector including SingHealth. IHIS said a lead in its Citrix team and a security incident response manager were found to be negligent and in non-compliance of orders. This had security implications and contributed to the “unprecedented” scale of the SingHealth security breach, the agency said in a statement Monday.

Read more on ZDNet.

Jan 122019

Nate Raymond reports that the Martin Gottesfeld has been sentenced to more than 10 years in prison and $443,000 in restitution for his DDoS attack on Boston Children’s Hospital and another facility in 2014. Gottesfeld had been convicted on August 1, and had shown no remorse for his actions.

According to prosecutors, in late 2013, Gottesfeld, a computer engineer living in Somerville, Massachusetts, learned about a child custody dispute involving a Connecticut teenager, Justina Pelletier.

Pelletier had been taken into state custody in Massachusetts after a dispute over her diagnosis arose between her parents and Boston Children’s Hospital, which determined her health problems were psychiatric in nature and believed her parents were interfering with her treatment.

Her case garnered headlines and drew the attention of religious and political groups who viewed it as an example of government interference with parental rights.

Read more on Computerworld.

So “BestBuy” got a few years for DDoS in the UK and Gottesfeld gets more than 10 years in the U.S.. But was Gottesfeld’s sentencing justifiable in terms of the harm he had done or could have potentially done — and his lack of remorse?  Once again, I think the significant sentencing discrepancies will come into play when Nathan Wyatt, aka “Crafty Cockney,” a member or associate of thedarkoverlord, fights extradition in a UK court.

Jan 112019

Ryan Ross reports:

Health P.E.I.’s response to a privacy breach involving patient health records was reasonable, but steps could have been taken to prevent it, says P.E.I.’s privacy commissioner.

In a report released in December, privacy commissioner Karen Rose reviewed the unauthorized access of electronic health records for 353 people, which she referred to as “snooping”.

Rose found Health P.E.I. had reasonable practices to prevent snooping, but the access credentials for the employee responsible should have been changed prior to the breach because of a change in her responsibilities.

The report said the employee, who is not identified, previously worked as a licensed practical nurse until the province changed the education qualifications in 2014.

Read more on Journal Pioneer.

Jan 102019

Now THIS is very big news on thedarkoverlord front:

Joseph Curtis reports that Nathan Wyatt, who was jailed on fraud charges in the U.K. but has been released from prison there, is now fighting extradition to the U.S. on charges he was involved with hacking and extorting U.S. medical entities as part of  thedarkoverlord. 

Nathan Wyatt, aka “Crafty Cockney.”  File photo.

This journalist had interviewed Wyatt exclusively prior to his first arrest in September, 2016, on charges relating to the hack and attempted sale of pictures of Pippa Middleton.  Wyatt was not jailed on those charges, however, and this journalist had been told by him that the royal family had intervened so as to avert a court case that might lead to the production of embarrassing photos.  Whether that is true or not, this journalist cannot say as lawyers for Wyatt did not respond to inquiries sent at the time.

But Wyatt had also talked extensively with DataBreaches.net about his relationship with thedarkoverlord, which included, he said, teaching thedarkoverlord fraud techniques, and being asked by TDO to make an extortion phone call to a U.S. victim.  That call (you can hear it here) was recorded and uploaded to YouTube. Wyatt subsequently linked to it in a post on the now-shuttered Alpha Bay dark web marketplace. At times, Wyatt claimed that he never actually made the call and that he just recorded it as a joke because TDO was pressuring him to do it. But if you listen to the recording, you can hear someone else at the beginning answering the phone.

When Wyatt was arrested in 2016 and his devices seized, police found evidence of other crimes, including a hack of an unnamed law firm and an attempt to extort the law firm.  It was on those charges that he was ultimately tried and sentenced to prison for 3 years.

But law enforcement had also – according to Curtis’s reporting –  found evidence that Wyatt had used his own details and live-in partner’s details to set up bank accounts in the U.K. to funnel payments to thedarkoverlord from U.S. medical entities that TDO was attempting to extort at the time.  In a copy/paste error by an associate of Wyatt’s, DataBreaches.net had accidentally been shown the bank account numbers in July 2016.  At that time, however, DataBreaches.net did not know that “Nathan Wyatt” was the bad actor known to her as “Crafty Cockney.”  And the TDO spokesperson at the time talked about Crafty Cockney as a low-level person or associate but not one of the core people in TDO.  The new charges suggest that TDO may have been downplaying Wyatt’s role, and that Wyatt’s claims of tutoring TDO and assisting in other ways may have been more accurate.

So now Wyatt is reportedly fighting extradition to the U.S., it seems.  According to Curtis’s reporting:

He has been charged with one count of conspiracy to blackmail healthcare providers in the USA, two counts of aggravated identity theft and three counts of threatening damage to a protected computer.


An arrest warrant was issued by the US district of Missouri on November 8th, 2017.

Curtis provides a lot of other details that will sound familiar to those who have followed my reporting on thedarkoverlord since 2016.  The unnamed health records management firm referred to may be Quest Health Information Management Systems. I had reported how they had been hacked by TDO in 2016, which gave TDO login credentials to Quest’s clients, including medical entities in Missouri and Georgia.

The U.S. government likely has a lot of evidence against Wyatt, but for the benefit of readers who may be a bit confused by this new development, I will state here that Wyatt is almost certainly not the person who was the communicator for TDO back in June – July of 2016.  How do I know that? Because I chatted with that individual while Wyatt was still being detained by law enforcement in the U.K. Then too, Wyatt’s writing, which I had ample opportunity to read in extended chats, was nowhere near the level of the individual who ran TDO’s Twitter account back then, who wrote the extortion demands and lengthy letters, and who communicated with journalists.  Law enforcement may not have apprehended that first “TDO” yet.

Will Wyatt appeal to the U.K. to try him there for charges relating to hacking and extorting U.S. entities because he has three children there?  Probably. But there are so many victims and witnesses in the U.S. and I doubt the U.K. will find him a sympathetic figure, even if he has children.  Wyatt does not have the popular support of someone like Lauri Love.

As I frequently have to say when covering all things TDO:  stay tuned.

Note: I do not know whether the law firm that Wyatt was convicted for hacking and extorting is the same law firm involved in the 9/11 files that thedarkoverlord has recently publicized and tried to sell. It wouldn’t surprise me if it was the same law firm, but I have no proof or information either way.

Jan 102019

Another day, another phishing report from a HIPAA-covered entity.

This time, it’s Sacred Heart Rehabilitation Center in Michigan. The phishing attack itself occurred in early April. It’s not clear when the center first discovered the breach, but they only first discovered PHI was involved in November.  The center’s release did not reveal numbers, and this is not up on HHS’s breach tool at this time.