A UK man allegedly used genealogy sites to hack execs’ email accounts and make millions on stock trades
Authorities charged Robert Westbrook on Friday with multiple counts of fraud after evidence showed he allegedly hacked the emails of senior executives from at least five U.S.-based companies and read their inboxes. Westbrook, 39, is accused of then trading ahead of the companies’ earnings results, reaping millions in illicit profits.
According to a U.S. district court indictment and a concurrent complaint filed by the Securities and Exchange Commission, the hack-to-trade scheme followed a similar pattern at each of the five targets he chose. The London-based executive—who claimed to have attended the University of Oxford—would first reset a senior executive’s computer system password, then use the new login to hack their Microsoft Office 365 account and Microsoft Outlook email box.
Westbrook’s ploy relied on being able to crack executives’ passwords based on correctly guessing the answers to reset questions, according to the SEC. He maintained active subscriptions to VPN service providers that he allegedly used to conceal his identity, and subscriptions to online genealogy services to help him answer the security questions that pop up in a password reset.
He also subscribed to at least five Captcha-solving services to help him bypass verification requirements and purchased “five highly technical hacker manuals,” the SEC claimed, including The Hacker Playbook 3: Practical Guide to Penetration Testing and Tribe of Hackers: Cybersecurity Advice from the Best Hackers in the World. Four of the five companies Westbrook is accused of hacking used the same password reset portal software, said the SEC. He made payments in Bitcoin to cover his tracks in obtaining the subscriptions, the complaint states.(Authorities declined to name the companies.)
“As this case demonstrates, even though Westbrook took multiple steps to conceal his identity—including using anonymous email accounts, VPN services, and utilizing bitcoin—the Commission’s advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking,” said Acting Chief of the SEC’s Crypto Assets and Cyber Unit Jorge Tenreiro in the agency’s statement.
Once he accessed their computers, Westbrook set up—or then tried to set up— automatic forwarding commands to several anonymous email accounts he controlled that served as a repository for the forwarded emails from executives. At one company, Westbrook set emails to forward if they contained attachments, were sent by the company president, or if they came from an audit partner at an outside accounting firm. His attempts to forward those emails weren’t successful but he was still able to poke around the executive’s inbox, delete certain emails and read about upcoming financial results, the SEC said.
Westbrook allegedly set up the accounts using a mix of fake names, including one dubbed, “Aleksandrdubois1.” The alias is a near match to French portrait painter Alexandre-Jean Dubois-Drahonet, an artist known for paintings of young military soldiers in uniform, and who died in Versailles in 1834. He used that same account to set up a VPN to conceal his identity, the SEC alleged. Westbrook also set up Gmail accounts associated with the names “Harris Slama,” “Loraine Ranos,” and “Barnesbainesbjorn,” according to the SEC.
All told, Westbrook hacked a CFO, a chief accounting officer, a director of finance and accounting, an associate controller, and a director of marketing communications, the indictment states. Each hacking incident yielded emails and juicy nonpublic information about the hacked companies’ upcoming earnings releases, and he either bought stock or options in the company based on what he read in their emails.
He liquidated his positions soon after the companies announced results, with his illicit trades reaping hundreds of thousands of dollars to more than $1 million, regulators said. But his access to the insider emails sometimes spanned months; in the CFO hack, Westbrook read the executive’s emails from January 2019 to February 2020, when the CFO left the company. He made about $1.5 million trading in the stock while he had access to CFO’s insider information, according to the indictment.
Overall, Westbrook made $3.75 million in profits trading ahead of 14 earnings announcements, even though four of the 14 trades were ultimately unprofitable. In total, he faces up to 65 years in prison and more than double what he earned from his trades in fines and penalties.
Attempts to reach Westbrook were unsuccessful.