Blog
Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims
Kai West, a British national, is charged with operating the “IntelBroker” online identity, infiltrating victim computer networks, stealing data, selling it, and causing millions in damages to dozens of victims around the world.
“The United States Attorney for the Southern District of New York, Jay Clayton, and the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (‘FBI’), Christopher G. Raia, announced the unsealing of a four-count criminal Indictment and Complaint charging KAI WEST, a/k/a ‘IntelBroker,’ a/k/a ‘Kyle Northern,’ with a years-long hacking scheme committed through the online identity ‘IntelBroker.’ WEST, using the IntelBroker identity, conspired with an online group named the CyberN[——], to steal data from a telecommunications company, municipal health care provider, an Internet service provider, and more than 40 other victims. WEST, and his online co-conspirators, took that stolen data, and offered it for sale online for more than $2 million. Collectively, WEST, through the ‘IntelBroker’ identity and his online co-conspirators, caused in excess of $25 million in damages to victims. WEST was arrested in France in February 2025, and the United States is seeking his extradition. The case has been assigned to U.S. District Judge Katherine Polk Failla.”
“As alleged in the Indictment and Complaint:
‘IntelBroker’ is the online moniker of WEST, who, in concert with his co-conspirators, compromised victims’ (typically companies) computer systems, exfiltrated data from those systems (e.g. customer lists and company marketing data), and then sold the stolen data for profit. WEST accomplished his scheme in connection with his leadership of an online hacking group called the ‘CyberN[——],’ which frequented a particular internet forum (‘Forum-1’).”
“Between approximately 2023 to 2025, WEST offered hacked data for sale approximately 41 times; and offered to distribute hacked data for free (or for Forum-1 credits) approximately 117 times. WEST, and his co-conspirators, have sought to collect at least approximately $2,000,000 by selling the stolen data. Based on information received from the victims of these breaches, WEST and his co-conspirators have cumulatively caused victim losses of at least $25,000,000.”
“Based on a review of WEST’s IntelBroker Forum-1 posts, approximately 158 threads started by WEST offered stolen data for sale, for Forum-1 credit, or for free, since in or about January 2023 through in or about February 2025. At least 41 of those 158 public messages sell data from companies based in the United States. Of those 158 messages, approximately 16 provided a specific asking price for the stolen data, which cumulatively totals at least $2,467,000. At least 25 of the 158 public messages invited Forum‑1 users to private message IntelBroker (i.e. WEST) to negotiate a sales price. The remaining 117 public messages offer hacked data for free to Forum-1 users or in exchange for Forum-1 credits. At least 46 of the 158 public messages indicate that WEST worked in concert with a particular Forum-1 user (‘CC-1’) to obtain the data through a “breach” (i.e. ‘hack’). WEST’s public messages (as IntelBroker) indicate that he accepts payment via Monero, which is a cryptocurrency that uses a blockchain with privacy-enhancing technologies to attempt to obfuscate transactions and seek to achieve anonymity and fungibility.”
“WEST’s prolific posting (as IntelBroker), and his sales of stolen data, have generated notoriety for the IntelBroker identity within the Forum-1 community. Indeed, from in or about August 2024 through in or about January 2025, ‘IntelBroker’ was identified on Forum-1 as the site’s ‘owner.’ To further his username’s notoriety, WEST has associated different images with IntelBroker but primarily uses the following image as his calling card:
“WEST’s victims include a U.S.-based telecommunications provider. WEST, using the IntelBroker moniker, sold data from that telecommunications company, which included information about its customers. That data was accessed by WEST by illegally accessing a server which was improperly configured. On or about March 6, 2023, WEST, using the IntelBroker moniker, authored a public message on Forum-1 titled ‘CyberN[——] [redacted reference to Victim] Database.’ In that post, WEST offered for sale data from a municipal healthcare provider which included patient data such as names, Social Security numbers, dates of birth, genders, health plan information, employer information, among other information, from the victim’s patients.” (Source: US Department of Justice)