Federal prosecutors have charged Robert B. Westbrook, a UK national, for his alleged involvement in a “hack-to-trade” scheme that reportedly generated $3.75 million in illicit stock trades. This operation involved unauthorized access to the Office365 email accounts of various executives at publicly traded companies, allowing Westbrook to acquire confidential quarterly financial reports prior to their public release. The case was brought forward by the U.S. Attorney’s Office for the District of New Jersey, highlighting the risks of cyber vulnerabilities within corporate communications systems.
The prosecution highlights that between 2019 and 2020, Westbrook capitalized on insider information to execute trades, effectively profiting off material non-public disclosures. By obtaining access to these accounts, he was able to trade stocks based on financial data that had yet to be disclosed to the market, thereby gaining an unfair advantage. The U.S. Securities and Exchange Commission has also filed a separate civil action against him, seeking financial penalties and the return of his profits from these transactions.
According to a federal indictment filed in the U.S. District Court for the District of New Jersey, Westbrook executed these breaches by exploiting Microsoft’s password reset feature for Office365. Once he compromised the email accounts of five executives, he allegedly set up automatic email forwarding rules to direct incoming correspondence to an email address he controlled, facilitating ongoing access to confidential information.
A specific incident highlighted in the indictment illustrates how Westbrook accessed an executive’s email account by initiating an unauthorized password reset. During this breach, he established a rule that automatically forwarded all emails from the compromised account to his own, which included sensitive financial information revealing a decline in quarterly sales for one of the companies. This demonstrates the severity of the threat posed by unauthorized access to corporate email accounts and the sophisticated methods employed by cybercriminals to maintain their foothold.
The tactics employed by Westbrook resonate with several adversary techniques documented in the MITRE ATT&CK framework. Initially, he achieved access through exploiting the password reset mechanism, showcasing the tactic of initial access. Furthermore, his establishment of email forwarding rules indicates persistence, allowing him to continue harvesting data without being detected. The potential for privilege escalation is also present, as accessing high-level executives’ communications can lead to further breaches across the organization.
This case underscores the critical need for robust cybersecurity measures among organizations, particularly those handling sensitive financial data. The ongoing efforts by regulatory bodies, such as the SEC, reflect a commitment to protecting investors and markets from cyber fraud. By utilizing advanced data analytics and technology, these organizations are enhancing their capabilities to detect and combat sophisticated cyber threats.
As cyber threats become increasingly sophisticated, business owners must remain vigilant and proactive in safeguarding their digital infrastructures. The Westbrook case serves as a reminder of the potential vulnerabilities that can exist within corporate email systems and the devastating financial implications of insider trading based on hacked data.
