Pierluigi Paganini September 30, 2024

The Department of Justice charged a British national for hacking into the systems of five U.S. organizations.

The Department of Justice charged the British national Robert Westbrook (39) for hacking into the systems of five U.S. companies.

Westbrook was arrested in the United Kingdom this week with is awaiting extradition to the United States.

“Robert Westbrook, 39, of London, United Kingdom, was arrested in the United Kingdom this week with a view towards extradition to the United States so that he can face an indictment charging him with securities fraud, wire fraud, and five counts of computer fraud.” reads the press release published by DoJ.  “From January 2019 through May 2020, Westbrook executed a hack-to-trade scheme through which he generated millions of dollars in profits.”

Westbrook hacked into the email accounts of corporate executives at five US companies, by resetting their passwords.

From January 2019 to May 2020, the man carried out a hack-to-trade scheme, earning over $3 million in profits. Westbrook breached the corporate executives’ Office365 email accounts to obtain non-public information, such as upcoming earnings announcements. Then he used the insider information to buy securities and sold them quickly after the information was made public, profiting significantly. He also set up auto-forwarding rules to send emails from compromised accounts to his own.

The U.S. Securities and Exchange Commission (SEC) also filed a civil complaint against the British national based on his illegal activities.

“As a result of these hacks, Westbrook deceptively obtained material nonpublic information that he used to trade in the securities of the five public companies prior to the release of at least 14 earnings announcements.” reads the press release published by SEC. “The SEC’s complaint charges Westbrook with violating the antifraud provisions of the Securities Exchange Act of 1934. The complaint seeks a final judgment ordering Westbrook to pay civil penalties, ordering him to return his ill-gotten gains with prejudgment interest, and enjoining him from committing future violations of the charged provisions of the federal securities laws.”

The securities fraud charge carries up to 20 years in prison and a $5 million fine. The wire fraud charge also carries up to 20 years, with a fine of $250,000 or twice the gain/loss. Each computer fraud charge has a maximum penalty of 5 years in prison and a fine of $250,000 or twice the gain/loss.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, British national)