Federal prosecutors in the Southern District of New York have charged 25-year-old British national Kai West, known online as IntelBroker, with orchestrating a sophisticated cybercriminal operation that resulted in approximately $25 million in damages across multiple sectors, including telecommunications, healthcare, and internet service providers.
Background and Allegations
Operating under the aliases IntelBroker and Kyle Northern, West allegedly led the hacking collective CyberN[——], previously known as The Boys. The group is accused of infiltrating various computer networks worldwide, stealing sensitive data, and selling it on cybercriminal marketplaces.
Criminal Charges
West faces four federal charges:
1. Conspiracy to commit computer intrusions
2. Conspiracy to commit wire fraud
3. Accessing protected computers to defraud
4. Wire fraud
Each charge carries significant penalties, reflecting the severity of the alleged offenses.
Cybercriminal Activities
The FBI’s investigation revealed that West utilized Forum-1, a specialized cybercriminal marketplace focused on computer network intrusions. Under the IntelBroker persona, West initiated 335 public threads and posted 2,126 individual comments, with approximately 158 threads offering stolen data for sale, free distribution, or Forum-1 credits.
The operation sought to collect at least $2 million through illegal data sales, with specific asking prices totaling approximately $2.47 million across documented incidents. Payments were primarily accepted in Monero (XMR), a privacy-focused cryptocurrency designed to obfuscate transaction trails and maintain anonymity.
Technical Methods and Targets
West’s group employed advanced technical methods, including exploiting software vulnerabilities, stealing API keys, infiltrating servers, and systematically exfiltrating data. Documented breaches affected:
– A telecommunications provider (Victim-1)
– A municipal healthcare provider (Victim-3) containing data from 56,415 individuals
– Multiple internet service providers
Identification and Arrest
Investigators traced West’s identity through sophisticated blockchain analysis of Bitcoin wallet transactions, connecting BTC Wallet-1 to his Ramp Account-1 and Coinbase accounts registered under his UK provisional driving license. Additional evidence included correlational analysis showing West’s personal email accounts viewing YouTube videos minutes before the IntelBroker persona posted identical content to Forum-1, and IP address matching during active breach periods.
West was arrested in France in February 2025, and the United States is seeking his extradition to face charges.
Implications and Broader Context
This case highlights the evolving threat landscape where cybercriminal groups operate as organized enterprises, complete with recruitment drives, signature branding, and systematic monetization strategies. The successful identification and charging of West demonstrate law enforcement’s capability to penetrate sophisticated anonymization techniques used by modern cybercriminals.
