The U.S. Department of Justice revealed charges against a London man accused of hacking into the computers of U.S. company executives and intercepting emails with private information he used to make illegal trades.
Between January 2019 and May 2020, alleges the DOJ, 39-year-old Robert Westbrook accessed the Office365 email accounts of corporate executives to steal material non-public information, such as details about impending earnings announcements. He allegedly used this information to inform purchases of securities he then immediately sold once the information was made public.
Westbrook was purportedly able to gain access to these accounts through unauthorized means, usually password resets, and auto-forwarding emails to his personal account. According to Forbes, this could have been done through a targeted phishing or spoofing attack.
The trades, according to the indictment, resulted in more than $3 million in profit. Westbrook faces one securities fraud charge, carrying a maximum potential penalty of up to 20 years in prison and a $5 million fine, a wire fraud charge, carrying a maximum potential penalty of up to 20 years in prison and a fine of either $250,000 or twice the gain or loss from the offense, and five computer fraud charges, each carrying a maximum potential penalty of five years in prison and a fine of either $250,000 or twice the gain or loss from the offense. He also faces related U.S. Securities and Exchange Commission civil charges. The SEC seeks a final judgment ordering him to pay civil penalties and return his ill-gotten gains with prejudgment interest, as well as enjoining him from committing future violations.
“Even though Westbrook took multiple steps to conceal his identity – including using anonymous email accounts, VPN services, and utilizing bitcoin – the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking,” said Acting Chief of the SEC’s Crypto Assets and Cyber Unit, Jorge G. Tenreiro
According to Reuters, details in the SEC complaint suggest the target companies may have been Tupperware, Tutor Perini, Guidewire Software, Murphy USA, and Lumentum Holdings.
Additional Reading
Microsoft Office 365 Email Hacked By Hack-To-Trade Fraudster, SEC Says, Forbes (October 2, 2024)
US charges British man over ‘hack-to-trade’ scheme. Reuters (September 27, 2024)
U.K. National Charged with Multimillion-Dollar Hack-to-Trade Fraud Scheme, United States Attorney’s Office, District of New Jersey (September 27, 2024)
SEC Charges U.K. Citizen in Hacking and Trading Scheme Involving Five U.S. Public Companies, U.S. Securities and Exchange Commission (September 27, 2024)
Securities Fraud Laws, Justia
Image Credit: Zakharchuk / Shutterstock.com