The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits.
Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud.
According to the court documents, Westbrook is believed to have executed a fraudulent scheme between January 2019 and May 2020 that allowed him to generate millions in profits by gaining unauthorized access to Microsoft 365 accounts belonging to corporate executives.
"On at least five occasions, Westbrook gained unauthorized access to Office 365 email accounts belonging to corporate executives employed by certain U.S.-based companies to obtain non-public information, including information about impending earnings announcements," the DoJ said.
The accused then used that information to purchase securities and made profits by selling them in short order once the details became public knowledge.
"On several occasions, Westbrook implemented auto-forwarding rules designed to automatically forward content from the corporate executives' compromised email accounts to email accounts controlled by Westbrook," the DoJ noted.
The Securities and Exchange Commission (SEC) said Westbrook deceptively obtained the sensitive information from five public companies in advance of at least 14 earnings announcements by resetting the passwords of those executives' accounts.
"Even though Westbrook took multiple steps to conceal his identity – including using anonymous email accounts, VPN services, and utilizing bitcoin – the Commission's advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking," Jorge G. Tenreiro, acting chief of the SEC's Crypto Assets and Cyber Unit, said.
Westbrook's securities fraud count carries a maximum potential penalty of up to 20 years in prison and a fine of $5 million. The wire fraud charges could rack up another maximum sentence of up to 20 years in prison and a fine of either $250,000, or twice the gain or loss from the offense, whichever is greatest.
Each count of computer fraud has a maximum potential penalty of five years in prison and a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest.