British hacker IntelBroker faces years in a US prison cell
A 25-year-old British national named as Kai West faces a lengthy prison term in the US after a series of charges against him were unsealed by the US authorities, alleging his involvement in multiple cyber attacks.
West is alleged to have been behind the IntelBroker identity. Working with a group of hackers, he is accused of conducting approximately 40 hacks against US targets over a two-year period, and probably many more, from which he stole and then tried to sell data on an underground hacking forum. The Americans did not name the forum in their indictment, but it is an open secret that it was BreachForums.
The Department of Justice said West and his cohorts caused in excess of $25m of damages to their various victims.
Some of the higher profile attacks to which he was linked include a March 2023 incident at American health insurance marketplace DC Health Link which exposed the data of members of the US Congress; an October 2024 incident at Cisco in which data was stolen from a public-facing DevHub environment; and a January 2025 attack on Hewlett-Packard Enterprise (HPE) in which data was supposedly stolen form its networks.
Jay Clauton, US attorney for the Southern District of New York, said: “The IntelBroker alias has caused millions in damages to victims around the world. This action reflects the FBI’s commitment to pursuing cyber criminals around the world. New Yorkers are all too often the victims of intentional cyber schemes and our office is committed to bringing these remote actors to justice.”
FBI assistant director in charge Christopher Raia added: “Kai West, an alleged serial hacker, is charged for a nefarious, years-long scheme to steal victim’s data and sell it for millions in illicit funds, causing more than $25m in damages worldwide.
“Today’s announcement should serve as a warning to anyone thinking they can hide behind a keyboard and commit cyber crime with impunity – the FBI will find and hold you accountable no matter where you are.”
Notoriety
The US’ indictment alleges that West and his co-conspirators sought to collect approximately $2m from the sale of the stolen data through BreachForums. Based on a review of his posts on the dark market, West opened as many as 158 threads offering data for sale, forum credit, or at one time seven for free.
West’s postings and sales gained him a certain notoriety among the forum’s other denizens and around August – according to data shared with Computer Weekly by Sophos Counter Threat Unit (CTU) knowledge manager Rebecca Taylor – he inherited full control of BreachForums, a position he retained until stepping down in January 2025.
West was arrested in France in February, shortly after stepping down, and remains in custody there pending extradition to the US, where he will face charges of conspiracy to commit computer intrusions, accessing a protecting computer, conspiracy to commit wire fraud, and wire fraud.
“We’ve been tracking IntelBroker and the site BreachForums, where much of the data was sold over its many iterations, for several years,” said Taylor. “This is another significant step forward in the continued fight against cyber crime [and] demonstrates that where cyber crime perpetrators are within the jurisdiction of Western law enforcement, they will be brought to justice.”
The fate of BreachForums
The wider history of BreachForums can be dated back a decade when a predecessor underground forum called RaidForums was set up by a hacker going by the handle Omnipotent.
At its peak, RaidForums boasted more than half a million active users, before being disrupted in 2022 by British law enforcement in an action that saw Omnipotent – named as Diego Santos Coelho – arrested.
RaidForums subsequently went dark, but barely a month later, a user known as Pompmpurin, aka Conor Fitzpatrick, set up BreachForums as a direct successor. Fitzpatrick ran the service for about a year before being seized in New York during an FBI investigation into the DC Health Link leak.
Its owners being concerned for their own security, BreachForums then shut down for about two months until June 2023, at which point two distinct threat actors – one the ShinyHunters collective, the other known as Baphomet – relaunched it yet again.
The revived BreachForums again lasted a little under a year until it was taken down in a joint action by the FBI and the UK’s National Crime Agency (NCA) in May 2024.
Not ones to be deterred easily, the hackers resurfaced BreachForums on a new domain barely a fortnight later, but behind the scenes leadership changes were already afoot. According to the timeline shared by Sophos, ShinyHunters stepped aside in June 2024, and another individual using the handle Anastasia took control and ran BreachForums for about two months, until being supplanted by IntelBroker.
Following IntelBroker’s arrest and removal as forum leader in favour of Anastasia, BreachForums subsequently went dark at the end of April 2025. According to Sophos, there may have been some internal suspicions among the hackers that law enforcement was taking advantage of vulnerabilities in the forum’s software. Nevertheless, they were able to relaunch it again on 4 June 2025, with the forum once more under the control of ShinyHunters,
This comeback was shortlived, as the forum went up for sale on 9 June for the sum of $2,500. Then, on 22 June, the French authorities arrested another ShinyHunters member and other BreachForums-linked hackers.
Whether or not this action will mark the end of the dark web forum remains to be seen.
Source link
