Stay Updated Icon

Subscribe to Our Tech & Career Digest

Join thousands of readers getting the latest insights on tech trends, career tips, and exclusive updates delivered straight to their inbox.

British Hacker 'IntelBroker' Charged in $25M Cybercrime Spree, US Seeks Extradition

1:43 PM   |   29 June 2025

British Hacker 'IntelBroker' Charged in $25M Cybercrime Spree, US Seeks Extradition

British Hacker 'IntelBroker' Charged in $25M Cybercrime Spree, US Seeks Extradition

Person using a laptop with FBI written on the arm sleeve.
Image: iStockphoto/domoyega

In a significant development in the ongoing global fight against cybercrime, U.S. federal prosecutors have brought charges against a 25-year-old British man, Kai West, alleging he was the mastermind behind a vast international hacking operation. Operating under the notorious online monikers “IntelBroker” and “Kyle Northern,” West is accused of causing damages exceeding $25 million through widespread data breaches and the subsequent sale of stolen confidential information.

The charges against West represent a major victory for law enforcement agencies collaborating across international borders to dismantle sophisticated cybercriminal networks. His alleged activities spanned more than two years, impacting dozens of organizations and highlighting the persistent threat posed by individuals who exploit digital vulnerabilities for financial gain and notoriety.

West was apprehended in February 2025 by French authorities, acting on information and cooperation from U.S. investigators. He currently faces four federal counts in the United States, including conspiracy to commit wire fraud and unauthorized access to protected networks. These charges carry potentially lengthy prison sentences, underscoring the severity with which such cyber offenses are viewed by prosecutors.

The Rise of IntelBroker: A Digital Crime Spree

According to the indictment unsealed by the U.S. Attorney’s Office for the Southern District of New York, the hacking campaign attributed to IntelBroker commenced in December 2022. For over two years, the individual behind this alias allegedly engaged in a systematic effort to infiltrate the computer systems of numerous entities, extracting sensitive data for illicit purposes.

The scope of the alleged operation was extensive. Court documents indicate that West, under the IntelBroker name, coordinated activities with a group referred to as “CyberN[——]” and successfully breached the systems of more than 40 victims. These targets were diverse, ranging from a major U.S. telecommunications provider to a municipal healthcare organization and an internet service provider. The selection of victims appears to have been opportunistic, focusing on entities possessing valuable data that could be monetized on underground markets.

The primary motivation behind these breaches, according to prosecutors, was financial profit. IntelBroker is alleged to have sold stolen data on at least 41 separate occasions. Furthermore, between 2023 and 2025, the data was shared for free or exchanged for forum credits in another 117 instances. This dual approach of selling high-value data and distributing other information freely or in exchange for reputation points is common in the underground world of hacking marketplaces, where reputation and access to exclusive communities are as valuable as direct monetary gain.

Investigators noted that West primarily accepted payments for his illicit activities in Monero (XMR), a cryptocurrency known for its enhanced privacy features. Unlike Bitcoin, where transactions are recorded on a public ledger, Monero is designed to obscure transaction details, including sender, recipient, and amount, making it significantly harder to trace. This choice of currency reflects a deliberate attempt to evade detection by law enforcement agencies that have become increasingly adept at tracing cryptocurrency transactions.

Tracing the Digital Footprints: How Investigators Connected the Dots

Despite the efforts to maintain anonymity through aliases and privacy-focused cryptocurrencies, investigators were ultimately able to link the IntelBroker identity to Kai West. Court records detail a meticulous process of tracing digital footprints left behind by the alleged hacker.

A crucial step in the investigation involved an undercover operation. FBI agents reportedly paid $250 in Bitcoin to acquire stolen data through BreachForums, a prominent online marketplace for buying and selling breached data. While Bitcoin offers less privacy than Monero, tracing its flow can still be complex. However, investigators successfully traced the Bitcoin wallet used in this transaction to an account on Ramp, a platform facilitating cryptocurrency purchases.

The Ramp account was registered to Kai West and verified using a UK driver’s license. This provided a direct link between the online alias and the real-world identity. Further investigation revealed that the same email address associated with the verified Ramp profile was later found linked to a Coinbase account created under the “Kyle Northern” alias. The contents of this email account proved invaluable, containing personal details, including university emails and a copy of his driver’s license, solidifying the connection between the two aliases and West.

Beyond financial transactions, investigators also leveraged other online activities. According to the FBI, West allegedly viewed YouTube videos that showcased his own attacks and even shared these videos through his IntelBroker profile on hacking forums. This behavior, common among cybercriminals seeking recognition within their community, inadvertently provided additional evidence linking him to the IntelBroker persona and the specific breaches.

The Role of Hacking Marketplaces: BreachForums and Related Arrests

The case against IntelBroker is intertwined with the broader ecosystem of online hacking marketplaces, particularly BreachForums. These platforms serve as digital bazaars where stolen data, hacking tools, and illicit services are traded, facilitating cybercrime on a massive scale.

BreachForums gained prominence after the shutdown of its predecessor, RaidForums. It quickly became a go-to destination for threat actors like IntelBroker to monetize their illicit gains. The platform provided the infrastructure and audience necessary for selling or distributing the vast amounts of data allegedly stolen by West.

In a separate but related development, French law enforcement arrested four individuals suspected of managing BreachForums. These individuals, known online as “ShinyHunters,” “Hollow,” “Depressed,” and “Noct,” allegedly played a crucial role in facilitating many of the transactions conducted by IntelBroker and other cybercriminals. The takedown of such platforms and the arrest of their operators are critical steps in disrupting the cybercrime ecosystem, cutting off avenues for criminals to profit from their activities.

The arrests in France, coupled with the charges against West, demonstrate the increasing effectiveness of international cooperation in combating cybercrime. Law enforcement agencies worldwide are sharing intelligence and coordinating operations to pursue individuals and groups who believe they can operate with impunity from across borders.

International Cooperation and the Extradition Process

The fact that Kai West was arrested in France and is facing charges in the United States highlights the complex nature of prosecuting cybercrime, which often transcends national boundaries. Cybercriminals frequently operate from one country, target victims in another, and use infrastructure located in multiple jurisdictions. This necessitates strong international partnerships between law enforcement agencies.

The cooperation between U.S. and French authorities in this case was instrumental in West’s apprehension. Once arrested in France, the process of bringing him to the United States to face charges involves extradition proceedings. Extradition is a formal process governed by treaties between countries, allowing for the transfer of an individual accused or convicted of a crime from one jurisdiction to another.

West is currently being held in France pending a decision on his extradition to the U.S. The extradition process can be lengthy, involving legal challenges and reviews in the courts of the arresting country. If the French courts approve the extradition request, West will be transferred to the United States to stand trial in the Southern District of New York.

U.S. Attorney Jay Clayton emphasized the commitment of his office to pursuing cybercriminals regardless of their location. “This action reflects the FBI’s commitment to pursuing cybercriminals around the world,” said Clayton. “New Yorkers are all too often the victims of intentional cyber schemes and our office is committed to bringing these remote actors to justice.”

FBI Assistant Director Christopher G. Raia echoed this sentiment, issuing a stern warning to potential cybercriminals. “Today’s announcement should serve as a warning to anyone thinking they can hide behind a keyboard and commit cyber-crime with impunity,” Raia stated. These statements underscore the determination of U.S. authorities to hold individuals accountable for cyber offenses that impact American citizens and businesses, even when the perpetrators are located abroad.

The Impact of Data Breaches and the Cost of Cybercrime

The alleged activities of IntelBroker resulted in over $25 million in damages to victims. This figure likely encompasses a range of costs, including direct financial losses from fraud, the expense of investigating and remediating breaches, legal fees, reputational damage, and the cost of notifying affected individuals and providing credit monitoring services. The impact of a major data breach extends far beyond the initial intrusion, creating long-term challenges for the victim organizations and potentially exposing millions of individuals to identity theft and other forms of fraud.

The targeting of diverse entities, including a telecommunications provider, a healthcare organization, and an internet service provider, highlights the broad threat landscape. Telecommunications companies hold vast amounts of customer data and control critical infrastructure. Healthcare organizations possess highly sensitive personal health information, making them prime targets for ransomware and data theft. Internet service providers hold detailed records of online activity and customer identities.

The theft and sale of data from such organizations can have cascading effects. Stolen credentials can be used for account takeovers. Personal information can be used for identity theft or targeted phishing attacks. Proprietary business data can be sold to competitors or used for corporate espionage. The alleged scale of IntelBroker's operation suggests a systematic approach to compromising networks and extracting valuable information for maximum profit on the dark web.

Understanding the methods used by cybercriminals, such as the reliance on privacy-focused cryptocurrencies and the use of hacking marketplaces, is crucial for both law enforcement and cybersecurity professionals. It informs investigative techniques and helps organizations develop better defenses against sophisticated attacks.

Legal Process and Presumption of Innocence

It is important to note that the charges against Kai West are currently allegations. Under the legal systems of both France and the United States, a defendant is presumed innocent unless and until proven guilty in a court of law. The extradition process and any subsequent trial in the U.S. will provide West with the opportunity to defend himself against the accusations.

If convicted of the most serious charges, such as conspiracy to commit wire fraud, West could face a maximum sentence of 20 years in prison for each count. The final sentence would depend on various factors, including the specific charges proven, the extent of the damages, and any prior criminal history.

The investigation into IntelBroker's activities is still underway. Authorities continue to analyze the data recovered and identify potential co-conspirators or other victims. The case serves as a reminder that the pursuit of cybercriminals is an ongoing effort, requiring sustained resources, technical expertise, and international collaboration.

Broader Implications for Cybersecurity and Law Enforcement

The IntelBroker case offers several key takeaways for the cybersecurity community and law enforcement agencies worldwide:

  • Persistence of Threat Actors: The case demonstrates the persistent and evolving nature of cybercrime. Individuals and groups continue to find ways to breach networks and profit from stolen data.
  • Importance of Digital Forensics: The successful tracing of West's digital footprint, from Bitcoin transactions to email accounts and online forum activity, highlights the critical role of digital forensics in cybercrime investigations. Even with privacy tools like Monero, criminals often make mistakes or leave traces on other platforms that can be exploited.
  • Role of Hacking Marketplaces: Platforms like BreachForums are central to the cybercrime ecosystem. Disrupting these marketplaces and apprehending their operators is a vital strategy in combating data theft and distribution.
  • Value of International Cooperation: Cybercrime is inherently global. The arrest of West in France and the related arrests of BreachForums operators underscore the necessity of strong international partnerships, intelligence sharing, and coordinated law enforcement actions. International cooperation in combating cybercrime is becoming increasingly sophisticated.
  • Challenges of Cryptocurrency Tracing: While Monero presents challenges, law enforcement agencies are developing increasingly advanced techniques to trace even privacy-focused cryptocurrencies, often by following the flow of funds through exchanges or identifying points where anonymity breaks down.
  • Need for Robust Organizational Security: The fact that over 40 organizations were allegedly breached by a single actor or small group emphasizes the need for all entities, regardless of size or sector, to invest in robust cybersecurity defenses, including patching systems, implementing multi-factor authentication, and training employees.

The case against Kai West, aka IntelBroker, is a significant development in the fight against high-profile cybercriminals. It sends a clear message that law enforcement is actively pursuing individuals responsible for large-scale data breaches and is leveraging international partnerships and advanced investigative techniques to bring them to justice. As the digital landscape continues to evolve, so too must the strategies employed to protect networks, data, and individuals from malicious actors.

For organizations, the case serves as a stark reminder of the potential consequences of inadequate security measures and the importance of staying vigilant against sophisticated threats. Understanding the tactics, techniques, and procedures (TTPs) used by groups like the one IntelBroker allegedly operated within is essential for developing effective defense strategies.

The outcome of the extradition proceedings and the subsequent trial will be closely watched by both the cybersecurity community and the public, as it will further shape the legal precedents and enforcement strategies for combating international cybercrime in the years to come.