# Federal Prosecutors Indict UK Citizen in “Hack-to-Trade” Operation
In a noteworthy case illuminating the convergence of cybersecurity and finance, federal prosecutors have indicted a UK citizen, Robert B. Westbrook, for his purported role in an elaborate “hack-to-trade” operation. Westbrook stands accused of infiltrating Office365 email accounts belonging to executives at publicly listed firms, acquiring confidential quarterly financial disclosures, and leveraging the private information to conduct stock transactions that yielded him millions. Reports indicate that Westbrook reaped about $3.75 million between 2019 and 2020 from this scheme.
The charges originated from the US Attorney’s office for the District of New Jersey, and the US Securities and Exchange Commission (SEC) has concurrently launched a separate civil suit aiming to enforce civil sanctions and reclaim the illicit earnings. This case emphasizes the escalating danger of cyber fraud within financial markets and the extreme measures unscrupulous individuals will take to misuse sensitive data for personal enrichment.
## The Operation: Hacking for Gain
As stated in the federal indictment, Westbrook directed his attention to the email accounts of executives at five publicly traded firms in the United States. The indictment claims he exploited weaknesses in the password reset system of Microsoft Office365 accounts to unlawfully access these executives’ emails. After gaining entry, Westbrook purportedly established auto-forwarding rules that rerouted incoming emails from the breached accounts to an email address he managed, thereby allowing him to surveil confidential communications undetected.
In a specific instance cited by prosecutors, it is asserted that on January 26, 2019, Westbrook illicitly accessed the Office365 email account of the Director of Finance and Accounting at a firm designated as “Company-1.” During this intrusion, Westbrook allegedly configured an auto-forwarding rule to extract emails containing undisclosed information regarding the company’s quarterly earnings, revealing a downturn in Company-1’s sales. Equipped with this insider intelligence, Westbrook is said to have executed stock trades that allowed him to benefit from the expected market response once the earnings report became public.
By capitalizing on the time gap between the acquisition of financial data and its public disclosure, Westbrook was able to conduct what is termed “insider trading”—the illegal act of buying or selling stocks based on material, non-public information. Such trading is illegal as it undermines the integrity and transparency of financial markets, granting an unfair advantage to those privy to confidential information.
## SEC’s Reaction: A Spotlight on Cyber Fraud
The SEC, tasked with the regulation of securities markets and safeguarding investors, has adopted a rigorous approach towards cyber fraud. In a statement, Jorge G. Tenreiro, acting chief of the SEC’s Crypto Assets and Cyber Unit, underlined the agency’s dedication to countering cyber-enabled financial crimes.
“The SEC continues to work actively to shield markets and investors from the ramifications of cyber fraud,” Tenreiro asserted. “As illustrated in this case, despite Westbrook taking numerous measures to hide his identity—such as utilizing anonymous email accounts, VPNs, and bitcoin—the Commission’s sophisticated data analytics, crypto asset tracking, and technology can unearth fraud, even in instances involving complex international hacking.”
The SEC’s civil lawsuit against Westbrook aims not merely to impose monetary penalties but also to compel him to return all illegally derived profits. This strategy is standard in insider trading cases, where regulators seek to “disgorge” earnings obtained through unlawful practices.
## How the Hack Functioned: Capitalizing on Office365 Vulnerabilities
The indictment offers an in-depth description of how Westbrook allegedly executed the breaches. By misusing the password reset mechanism for Office365 accounts, Westbrook managed to unlawfully access the email accounts of high-ranking executives. In certain instances, he allegedly deactivated or removed password reset notifications to evade detection. Furthermore, by establishing auto-forwarding rules, he ensured that all incoming emails were automatically directed to an email address he controlled, permitting him to continually surveil the breached accounts without raising any alarms.
This approach to attack is particularly alarming due to its potential for concealment. Once a hacker gains access to an email account, they can alter account settings in ways that make it difficult for the owner to realize they have been compromised. For instance, password reset alerts can be turned off, and forwarding rules can be hidden deep within account settings, complicating victims’ ability to detect any unusual behavior.
## The Wider Consequences: Cybersecurity and Financial Markets
This case accentuates the rising threat of cyber fraud in financial markets, where hackers increasingly target sensitive, confidential information to secure an unfair edge. As companies become more dependent on digital communication avenues like Office365, the threat of cyberattacks aimed at email accounts and other digital assets has surged dramatically.
The SEC and various regulatory authorities have intensified their initiatives to tackle these threats. In recent years, the SEC has launched specialized units, such as the Crypto Assets and Cyber Unit, to focus on cyber-enabled financial crimes. These units employ
