Skip to content

Arrested UK national hacked executives’ emails to engage in hack-and-trade

  • by
  • 3 min read

Illustration: Supimol Kumying | Shutterstock

Federal prosecutors have charged Robert B. Westbrook, a UK national, with a sophisticated ‘hack-to-trade’ scheme that allegedly earned him millions of dollars by breaching the Office365 accounts of high-ranking executives at publicly traded U.S. companies. The charges stem from Westbrook’s illicit access to sensitive financial information via email hacking, which allowed him to profit from stock trades based on insider knowledge before the information was made public.

According to the U.S. Attorney’s Office for the District of New Jersey, Westbrook earned approximately $3.75 million in 2019 and 2020 by exploiting quarterly earnings reports.

Prosecutors allege that after gaining access to executives’ email accounts, Westbrook executed stock trades in advance of earnings releases, capitalising on the non-public information.

Parallel to the criminal proceedings, Westbrook faces a civil lawsuit from the Securities and Exchange Commission (SEC). The regulatory body aims to recover unlawful gains and impose additional financial penalties.

The indictment details how Westbrook allegedly gained access to executives’ email accounts at five publicly traded U.S. companies by exploiting password reset mechanisms in Microsoft’s Office365 system.

In some instances, he is accused of creating forwarding rules to automatically send all incoming emails to an account he controlled, ensuring a steady flow of confidential information.

In one such breach on January 26, 2019, Westbrook is said to have gained unauthorised access to the Office365 account of a finance director at a U.S. company.

Westbrook’s trades followed a predictable pattern. Armed with confidential financial reports, he would purchase ‘put’ options if the information suggested a decline in stock value, profiting when the stock price sold after the earnings were made public.

Conversely, if the financial outlook appeared positive, Westbrook would buy shares before the announcement and sell them later at a higher price after the stock value surged.

The prosecutors noted that the defendant’s ability to exploit the password reset feature remains unclear. While these mechanisms typically require access to a user’s phone or email, some services also allow password resets through security questions, which were commonly used then but have since become less favoured due to security risks.

Westbrook faces one count each of securities fraud and wire fraud and five counts of computer fraud. Federal prosecutors have not disclosed whether Westbrook has appeared in court or entered a plea in the case.

Ars Technica reports that the securities fraud charge carries a maximum sentence of 20 years in prison and a fine of up to $5 million. The wire fraud could result in a 20-year sentence and a $250,000 fine or twice the financial gain or loss from the offence. Each count of computer fraud carries a five-year sentence and a $250,000 fine.

In the News: New RCE vulnerability in Zimbra Postjournal being actively targeted

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>