The US Department of Justice has unsealed a detailed federal complaint against Kai West, also known online as “IntelBroker,” a prolific cybercriminal accused of orchestrating dozens of high-profile data breaches and serving as a key administrator of BreachForums, a notorious hub for trading stolen data.
West was apprehended in France in February 2025 and is now facing multiple felony charges in the Southern District of New York.
Filed by FBI Special Agent Carson Hughes, the 25-page complaint outlines a sweeping cybercrime conspiracy that spanned from December 2022 to February 2025, involving the theft and sale of sensitive data from companies across sectors, including telecommunications, healthcare, finance, and manufacturing. West is charged with conspiracy to commit computer intrusions and wire fraud, unauthorized access to protected systems, and the sale of exfiltrated data for cryptocurrency.
IntelBroker’s arrest predates the June 23, 2025, roundup of four additional BreachForums administrators, collectively known as “ShinyHunters,” by French cybercrime authorities, as announced this week by the Paris public prosecutor’s office. That operation marked a major escalation in the global crackdown on BreachForums and its administrators, who had helped revive the platform after its original founder, “Pompompurin,” was arrested by US authorities in 2023.
According to the DOJ complaint, West and his associates ran a tight operation. Using the alias “IntelBroker,” he sold or distributed stolen data in at least 158 public messages on BreachForums, seeking Monero cryptocurrency in return. His signature block identified him as the leader of a hacking group dubbed “Cyber Niggers,” and investigators say he functioned as the site’s administrator between August 2024 and January 2025.
Victims of the attacks allegedly coordinated by IntelBroker include a US telecommunications provider, a municipal healthcare system, and several internet service firms. For instance, on January 6, 2023, IntelBroker offered a trove of exfiltrated telecom marketing data for a “five-digit sum” in Monero, which investigators traced back to unauthorized access on a misconfigured server belonging to a New York-based infrastructure provider. In March 2023, he listed sensitive health data from over 56,000 patients belonging to a government healthcare agency, later sold to an undercover FBI agent.
In all, US authorities estimate West caused more than $25 million in damages and sought to collect $2 million in illicit profits. He offered data for sale or for free to boost his status on the forum, which awarded credits and elevated privileges to prolific contributors.
The complaint further links West to several high-profile breaches that made headlines in recent years. Among them were attacks on Acuity, Ford, Nokia, Dell, Apple, AMD, HSBC, and Barclays Bank, all campaigns previously claimed or attributed to IntelBroker in separate disclosures. Prosecutors say West maintained several overlapping online identities, including “Kyle Northern,” and used VPNs, Monero transactions, and forum reputation mechanics to mask his real-world identity.
The identification of West as IntelBroker was enabled by a mix of undercover operations, blockchain analysis, and email surveillance. Investigators connected cryptocurrency wallets and Ramp account data to a provisional UK driver’s license under his real name and later matched activity across email and social media platforms to his known online behaviors, including specific video views and forum postings.
BreachForums itself had seen repeated shutdowns and revivals following US-led enforcement actions in 2023 and 2024. Despite infrastructure takedowns and domain seizures, it continued to resurface under new leadership until the recent French arrests. Authorities hope that the coordinated dismantling of its leadership and the seizure of forum infrastructure will lead to a permanent disruption.
Leave a Reply