Serial Hacker “IntelBroker” Charged For Causing $25 Million In Damages To Victims

The United States Attorney for the Southern District of New York, Jay Clayton, and the Assistant Director in Charge of the New York Field Office of the Federal Bureau of Investigation (“FBI”), Christopher G. Raia, announced the unsealing of a four-count criminal Indictment and Complaint charging KAI WEST, a/k/a “IntelBroker,” a/k/a “Kyle Northern,” with a years-long hacking scheme committed through the online identity “IntelBroker.”  WEST, using the IntelBroker identity, conspired with an online group named the CyberN[------], to steal data from a telecommunications company, municipal health care provider, an Internet service provider, and more than 40 other victims.  WEST, and his online co-conspirators, took that stolen data, and offered it for sale online for more than $2 million.  Collectively, WEST, through the “IntelBroker” identity and his online co-conspirators, caused in excess of $25 million in damages to victims.  WEST was arrested in France in February 2025, and the United States is seeking his extradition.  The case has been assigned to U.S. District Judge Katherine Polk Failla.

“The IntelBroker alias has caused millions in damages to victims around the world,” said U.S. Attorney Jay Clayton.  “This action reflects the FBI’s commitment to pursuing cybercriminals around the world.  New Yorkers are all too often the victims of intentional cyber schemes and our office is committed to bringing these remote actors to justice.”

“Kai West, an alleged serial hacker, is charged for a nefarious, years-long scheme to steal victim’s data and sell it for millions in illicit funds, causing more than $25 million in damages worldwide,” said FBI Assistant Director in Charge Christopher G. Raia.  “Today’s announcement should serve as a warning to anyone thinking they can hide behind a keyboard and commit cyber-crime with impunity; the FBI will find and hold you accountable no matter where you are.”

As alleged in the Indictment and Complaint:[1]

“IntelBroker” is the online moniker of WEST, who, in concert with his co-conspirators, compromised victims’ (typically companies) computer systems, exfiltrated data from those systems (e.g. customer lists and company marketing data), and then sold the stolen data for profit.  WEST accomplished his scheme in connection with his leadership of an online hacking group called the “CyberN[------],” which frequented a particular internet forum (“Forum-1”).

Between approximately 2023 to 2025, WEST offered hacked data for sale approximately 41 times; and offered to distribute hacked data for free (or for Forum-1 credits) approximately 117 times. WEST, and his co-conspirators, have sought to collect at least approximately $2,000,000 by selling the stolen data.  Based on information received from the victims of these breaches, WEST and his co-conspirators have cumulatively caused victim losses of at least $25,000,000.

Based on a review of WEST’s IntelBroker Forum-1 posts, approximately 158 threads started by WEST offered stolen data for sale, for Forum-1 credit, or for free, since in or about January 2023 through in or about February 2025.  At least 41 of those 158 public messages sell data from companies based in the United States.  Of those 158 messages, approximately 16 provided a specific asking price for the stolen data, which cumulatively totals at least $2,467,000. At least 25 of the 158 public messages invited Forum‑1 users to private message IntelBroker (i.e. WEST) to negotiate a sales price.  The remaining 117 public messages offer hacked data for free to Forum-1 users or in exchange for Forum-1 credits.  At least 46 of the 158 public messages indicate that WEST worked in concert with a particular Forum-1 user (“CC-1”) to obtain the data through a “breach” (i.e. “hack”).  WEST’s public messages (as IntelBroker) indicate that he accepts payment via Monero, which is a cryptocurrency that uses a blockchain with privacy-enhancing technologies to attempt to obfuscate transactions and seek to achieve anonymity and fungibility.

WEST’s prolific posting (as IntelBroker), and his sales of stolen data, have generated notoriety for the IntelBroker identity within the Forum-1 community. Indeed, from in or about August 2024 through in or about January 2025, “IntelBroker” was identified on Forum-1 as the site’s “owner.”  To further his username’s notoriety, WEST has associated different images with IntelBroker but primarily uses the following image as his calling card:

WEST’s victims include a U.S.-based telecommunications provider.  WEST, using the IntelBroker moniker, sold data from that telecommunications company, which included information about its customers.  That data was accessed by WEST by illegally accessing a server which was improperly configured.  On or about March 6, 2023, WEST, using the IntelBroker moniker, authored a public message on Forum-1 titled “CyberN[------] [redacted reference to Victim] Database.”  In that post, WEST offered for sale data from a municipal healthcare provider which included patient data such as names, Social Security numbers, dates of birth, genders, health plan information, employer information, among other information, from the victim’s patients. 

*               *                *

WEST, 25, a British national, is charged with conspiracy to commit computer intrusions, which carries a maximum sentence of five years in prison; conspiracy to commit wire fraud, which carries a maximum sentence of 20 years in prison; accessing a protected computer to obtain information, which carries a maximum sentence of five years in prison; and wire fraud, which carries a maximum sentence of 20 years in prison.

The maximum potential sentences are prescribed by Congress and provided here for informational purposes only, as any sentencing of the defendant will be determined by a judge.

Mr. Clayton praised the outstanding work of the FBI and the Office of International Affairs of the Department of Justice’s Criminal Division.  He also thanked the French, Spanish, British, and Dutch authorities for their assistance. 

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit. Assistant U.S. Attorney Ryan B. Finkel is in charge of the prosecution.

The charges contained in the Indictment and Complaint are merely accusations, and the defendant is presumed innocent unless and until proven guilty.