Crooks Made Millions By Breaking Into Execs' Office365 Inboxes, Feds Say (arstechnica.com)
(Tuesday October 01, 2024 @05:40PM (BeauHD)
from the insider-trading dept.)
- Reference: 0175174539
- News link: https://yro.slashdot.org/story/24/10/01/2056257/crooks-made-millions-by-breaking-into-execs-office365-inboxes-feds-say
- Source link: https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/
An anonymous reader quotes a report from Ars Technica:
> Federal prosecutors have [1]charged a man for an alleged "hack-to-trade" scheme that earned him millions of dollars by [2]breaking into the Office365 accounts of executives at publicly traded companies and obtaining quarterly financial reports before they were released publicly. The action, taken by the office of the US Attorney for the district of New Jersey, accuses UK national Robert B. Westbrook of earning roughly $3.75 million in 2019 and 2020 from stock trades that capitalized on the illicitly obtained information. After accessing it, prosecutors said, he executed stock trades. The advance notice allowed him to act and profit on the information before the general public could. The US Securities and Exchange Commission filed a separate civil suit against Westbrook seeking an order that he pay civil penalties and return all ill-gotten gains. [...]
>
> By obtaining material information, Westbrook was able to predict how a company's stock would perform once it became public. When results were likely to drive down stock prices, he would place "put" options, which give the purchaser the right to sell shares at a specific price within a specified span of time. The practice allowed Westbrook to profit when shares fell after financial results became public. When positive results were likely to send stock prices higher, Westbrook allegedly bought shares while they were still low and later sold them for a higher price. The prosecutors charged Westbrook with one count each of securities fraud and wire fraud and five counts of computer fraud. The securities fraud count carries a maximum penalty of up to 20 years' prison time and $5 million in fines The wire fraud count carries a maximum penalty of up to 20 years in prison and a fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. Each computer fraud count carries a maximum five years in prison and a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest.
"The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud," Jorge G. Tenreiro, acting chief of the SEC's Crypto Assets and Cyber Unit, [3]said in a statement . "As this case demonstrates, even though Westbrook took multiple steps to conceal his identity -- including using anonymous email accounts, VPN services, and utilizing bitcoin -- the Commission's advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking."
[1] https://www.justice.gov/usao-nj/media/1371196/dl?inline
[2] https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/
[3] https://www.sec.gov/newsroom/press-releases/2024-153
> Federal prosecutors have [1]charged a man for an alleged "hack-to-trade" scheme that earned him millions of dollars by [2]breaking into the Office365 accounts of executives at publicly traded companies and obtaining quarterly financial reports before they were released publicly. The action, taken by the office of the US Attorney for the district of New Jersey, accuses UK national Robert B. Westbrook of earning roughly $3.75 million in 2019 and 2020 from stock trades that capitalized on the illicitly obtained information. After accessing it, prosecutors said, he executed stock trades. The advance notice allowed him to act and profit on the information before the general public could. The US Securities and Exchange Commission filed a separate civil suit against Westbrook seeking an order that he pay civil penalties and return all ill-gotten gains. [...]
>
> By obtaining material information, Westbrook was able to predict how a company's stock would perform once it became public. When results were likely to drive down stock prices, he would place "put" options, which give the purchaser the right to sell shares at a specific price within a specified span of time. The practice allowed Westbrook to profit when shares fell after financial results became public. When positive results were likely to send stock prices higher, Westbrook allegedly bought shares while they were still low and later sold them for a higher price. The prosecutors charged Westbrook with one count each of securities fraud and wire fraud and five counts of computer fraud. The securities fraud count carries a maximum penalty of up to 20 years' prison time and $5 million in fines The wire fraud count carries a maximum penalty of up to 20 years in prison and a fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest. Each computer fraud count carries a maximum five years in prison and a maximum fine of either $250,000 or twice the gain or loss from the offense, whichever is greatest.
"The SEC is engaged in ongoing efforts to protect markets and investors from the consequences of cyber fraud," Jorge G. Tenreiro, acting chief of the SEC's Crypto Assets and Cyber Unit, [3]said in a statement . "As this case demonstrates, even though Westbrook took multiple steps to conceal his identity -- including using anonymous email accounts, VPN services, and utilizing bitcoin -- the Commission's advanced data analytics, crypto asset tracing, and technology can uncover fraud even in cases involving sophisticated international hacking."
[1] https://www.justice.gov/usao-nj/media/1371196/dl?inline
[2] https://arstechnica.com/security/2024/10/crook-made-millions-by-breaking-into-execs-office365-inboxes-feds-say/
[3] https://www.sec.gov/newsroom/press-releases/2024-153
Also seems to be really easy (Score:2)
by gweihir ( 88907 )
I mean, MS does not even get the log-in right, like the bloody amateurs they are. (You should never give feedback whether the password or the 2nd factor was wrong, because that allows guessing the password...). Looks like "standardizing" on 2nd rated and worse solutions is a costly thing.
Third parties (Score:2)
by fluffernutter ( 1411889 )
I said it from the beginning. Why would anyone entrust sensitive corporate data to any third party vendor? In this case it was a person from the outside, but it could have just as easily been someone at Microsoft with inside knowledge of almost every corporation out there.
Scumbag. (Score:2)
by jddj ( 1085169 )
Acting just like a Congressman.
Crooks? (Score:2)
Thomas Crooks?
Coconspirators?
Why would he buy puts or go long instead of buying calls?
Strange case.