A British hacker operating under the alias IntelBroker has been indicted by the U.S. Department of Justice for orchestrating a years-long cybercrime campaign that stole and sold sensitive data from government, corporate, and critical infrastructure networks across the globe. Authorities estimate the damages from his activities exceed $25 million.
British National Behind BreachForums Persona
According to an indictment unsealed by the U.S. Attorney’s Office for the Southern District of New York, 25-year-old Kai West is accused of operating under the pseudonym IntelBroker, which has become infamous within the cybersecurity community for a string of high-profile breaches. These include cyber intrusions at Europol, AMD, General Electric, Weee!, HPE, Nokia, and Washington D.C.’s healthcare exchange, DC Health Link.
The stolen data—ranging from health records and internal business documents to cybersecurity intelligence and API keys—was regularly posted for sale on BreachForums, a notorious online marketplace for cybercriminals.
U.S. House members’ data up for sale (BleepingComputer)
Charges and Investigation
West now faces a four-count federal indictment, including:
- Conspiracy to commit computer intrusions
- Wire fraud
- Conspiracy to conduct wire fraud
- Unauthorized access to protected computers
Each of the top three charges carries a maximum prison sentence of up to 25 years. U.S. prosecutors are now pursuing extradition after reports from French media revealed West was arrested earlier this year in February.
The complaint lays out how FBI investigators traced the IntelBroker identity back to West. In 2023, an undercover FBI agent purchased a stolen API key from the hacker, making a payment to a Bitcoin address linked to a wallet created on the Ramp banking platform. That wallet was registered using West’s UK driver’s license.
Further investigation revealed that the same email address tied to the Ramp wallet was also linked to a Coinbase account registered under the alias “Kyle Northern”—a persona previously associated with IntelBroker. The email account also contained university records, identification images, and invoices, enabling agents to conclusively connect West to his online activities.
Growing List of Arrests Tied to BreachForums
IntelBroker had served as an administrator on BreachForums until stepping down in January. The forum itself has been under intense international scrutiny, and just this week, four individuals allegedly involved in operating BreachForums were arrested in France.
“The IntelBroker alias has caused millions in damages to victims around the world,” stated U.S. Attorney Jay Clayton. “This action reflects the FBI’s commitment to pursuing cybercriminals around the world. New Yorkers are all too often the victims of intentional cyber schemes and our office is committed to bringing these remote actors to justice.”
Rising Threats and the Need for Immutable Recovery
The indictment highlights the growing threat of data theft and cyber extortion targeting critical infrastructure and private organizations alike. As attackers become more elusive and breaches more damaging, the demand for secure and tamper-proof data recovery solutions continues to grow—particularly for industries storing sensitive or regulated information.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
