An Office 365 hacker has been charged with a $3.75 million fraud
A 39-year-old UK resident has been arrested and charged with a hack-to-trade scam that made millions of dollars by hacking Microsoft Office 365 email accounts. The alleged hacker, Robert Westbrook, a London resident, was arrested in the UK “with the intent to version in the United States,” where he faces charges of securities fraud, wire fraud and five counts of computer fraud.
The charges against the London-based Office 365 hacker
According to a statement released by Philip R. Sellinger, through the U.S. Attorney for the District of New Jersey, Westbrook allegedly gained unauthorized access to Microsoft Office 365 email accounts at least five times between January 2019 and May 2020. Those accounts are said to that they have belonged to company executives who gave the hacker access to confidential information about nonpublic earnings announcements. This information was then used, the indictment he said, to “execute profitable trades in securities on the NYSE and NASDAQ exchanges.”
In other words, the hacker is said to have bought securities using confidential earnings information that were then quickly sold after the earnings data was released. According to the New Jersey District Attorney’s Office, Westbrook is believed to have made substantial profits, more than $3 million in total.
How Hacker Hacked Office 365 Email Account
While the full details of how the alleged hacker managed to compromise the Microsoft Office 365 accounts of the five executives have not been released at this time, there are many indications that it was likely a targeted phishing or spoofing attack against them. primacy. The first indication is that Westbrook is resetting the passwords of senior executives’ accounts, according to statement published by the US Securities and Exchange Commission. “Westbrook took many steps to conceal his identity,” said Jorge G. Tenreiro, deputy head of the SEC’s Crypto Assets and Cyber Unit, “including the use of anonymous email accounts, VPN services, and the use of bitcoin.”
The New Jersey Attorney General’s office also said that, on several occasions, the hacker “implemented auto-forwarding rules designed to automatically push content from the compromised email accounts of corporate executives to email accounts controlled by Westbrook.”
Office 365 email hacker faces $5 million fine and 20 years in prison
If successfully extradited from the UK and convicted of the securities fraud charges, Westbrook faces a maximum sentence of up to 20 years in prison and a $5 million fine. The wire fraud charge also carries a sentence of 20 years in prison, with a fine of up to $250,000. The lesser charges of computer fraud carry a potential sentence of five years in prison and $250,000 in fines. Both $250,000 fines could be significantly higher, as the charges allow the fine to be twice the profit from the violation, estimated at $3 million.
However, it is important to remember that the charges and allegations in the indictment are just that, charges, at this time. The accused is presumed innocent unless and until proven guilty in a court of law.
I contacted Microsoft for a statement.
