Summary
A U.K. hacker, Robert Westbrook, has been charged with a sophisticated email hacking scheme that allegedly generated approximately $3.75 million through insider trading by breaching Microsoft Office 365 accounts of corporate executives. Between January 2019 and May 2020, Westbrook gained unauthorized access to these accounts, allowing him to obtain confidential earnings information before it was publicly released.
Westbrook’s hacking method involved resetting the passwords of senior executives’ email accounts, enabling him to access sensitive financial documents and emails. He is accused of using this nonpublic information to trade stocks ahead of earnings announcements, profiting from both positive and negative market movements. The U.S. Securities and Exchange Commission (SEC) and the U.S. Attorney’s Office have filed charges against him, which include securities fraud, wire fraud, and multiple counts of computer fraud. If convicted, Westbrook faces significant prison time and hefty fines. His case highlights vulnerabilities in corporate email security and the potential for cybercriminals to exploit them for financial gain.
Hacking Methodology
- Password Resets: Westbrook allegedly exploited the password reset feature of Microsoft Office 365 to gain access to executives’ email accounts.
- Auto-Forwarding Rules: He created rules to automatically forward emails from compromised accounts to his own, allowing him to monitor sensitive information without detection.
Legal Consequences
- Charges Filed: Westbrook faces multiple charges, including securities fraud and wire fraud, which could lead to up to 20 years in prison for each count.
- Financial Penalties: The charges also include potential fines that could exceed the profits he made from the insider trading activities, reflecting the seriousness of the offenses.
Implications for Corporate Security
This case underscores the importance of robust cybersecurity measures for companies, particularly those handling sensitive financial information. The ability of a hacker to exploit weaknesses in email security not only poses risks to individual companies but also threatens the integrity of financial markets as a whole.
Crook made millions by breaking into execs’ Office365 inboxes, feds say
Oct. 1 / Ars Technica / Delves into the technicalities of Westbrook's hacking techniques, including password resets and auto-forwarding rules. The writing is engaging, and it emphasizes the SEC's capabilities in tracking cyber fraud. “ Enlarge Getty Images reader comments 11 Federal prosecutors have charged a man for an alleged “hack-to-trade” scheme that earned him millions of dollars by...
Hacker charged for breaching 5 companies for insider trading
Sep. 30 / Bleepingcomputer / Offers a concise summary of the SEC's charges against Westbrook, with a solid focus on the insider trading aspect. It effectively outlines the methods used in the breaches, making it informative yet accessible. “ The U.S. Securities and Exchange Commission (SEC) charged Robert B. Westbrook, a U.K. citizen, with hacking into the computer systems of five U.S. public...
Microsoft Office 365 Email Hacker Made Millions—Here’s How
Oct. 2 / Forbes / Highlights the intricate details of Westbrook's hacking methods and the legal implications, providing a thorough overview of the charges and potential consequences. The authoritative tone enhances credibility. “ An Office 365 hacker has been charged with $3.75 million fraud A 39-year-old U.K. resident has been arrested and charged with operating a hack-to-trade...