Hacker Charged for Stealing Lawmaker Data from Insurance Market

A hacker who operated under the alias “IntelBroker,” known for leaking sensitive information, is facing a criminal indictment consisting of four charges in the United States. This follows his arrest by French authorities in February.

See Also: Why Cyberattackers Favor ‘Living Off the Land’

The individual behind the IntelBroker persona has been identified as British national Kai West, with U.S. federal prosecutors in Manhattan seeking his extradition for conspiracy to commit hacking, wire fraud, and related conspiracies.

West’s indictment was announced shortly after French authorities arrested several individuals linked to BreachForums, a notorious and now-defunct marketplace for stolen data (see: French Police Reportedly Bust Five BreachForums Administrators).

As a prominent figure within BreachForums,West was regarded as the site’s owner from last August to January when he declared his retirement via social media. Furthermore, West has led a hacking group named “CyberN******.”

In March 2023, IntelBroker took responsibility for breaching the online health insurance platform used by U.S. legislators and D.C. residents (see: Hackers Sell U.S. Lawmaker Data Stolen From Insurance Market).

West’s criminal activities, which spanned from January 2023 until his arrest, reportedly resulted in an estimated $25 million in damages, according to the indictment. Among these activities was the theft of customer data from U.S. telecom company UScellular and an attack on a federal contractor in April 2024 (see: U.S. State Department Investigating Hacking Claims).

Investigators uncovered West’s identity by purchasing stolen data from him with Bitcoin, leading them to trace the transaction to the Ramp crypto trading platform. West was linked to this platform as he registered using his driver’s license. The ongoing investigation revealed IP address overlaps between his transactions and hacking activities, further tightening the case against him. Notably, West was linked to the same email used for multiple accounts, including his social media presence.

Interestingly, West’s viewing history on YouTube revealed a fascination with his own activities, as he frequently watched videos about his exploits, including a segment discussing his linguistic capabilities. This included content that mistakenly claimed he spoke Serbian and Russian but not English.

West’s case is part of a broader crackdown on cybercrime, as New York federal courts are preparing for the prosecution of additional individuals involved in similar activities. The indictment indicates that other co-conspirators may soon face arrest, suggesting an expanded effort by authorities to dismantle networks engaged in cybercrime.

As businesses continue to grapple with the repercussions of cyber threats, understanding the methodologies used by criminals, such as the tactics identified in the MITRE ATT&CK framework—initial access, persistence, and privilege escalation—can provide essential insights for developing effective cybersecurity strategies.