Mutt
Professional
- Messages
- 1,201
- Reaction score
- 857
- Points
- 113
What if you knew which stocks were going to fall — before the market knew it?
He knew company reports 6 hours before they were published.
He didn't write viruses. He just found a vulnerability.
He turned hacking into an investment machine.
And then he made a mistake that got him busted by the SEC.
In this thread:
— How Westbrook beat the market by the minute
— The vulnerabilities he exploited
— Why no one noticed the leaks
— How the SEC caught him in one trade
— And the big question: genius or criminal?
Contents:
What if you knew the market in advance?
Imagine for a moment that you could predict how the market would behave long before the algorithms were triggered, or important news came out, and millions of traders rushed to click buy or sell. Not based on intuition, not with the help of lucky forecasts, but down to the minute, down to the number, down to the specific reaction. Imagine knowing, not guessing, but knowing exactly which stocks will rise, which will fall, and when it will happen.
For some, this sounds like science fiction or a script for a popular science movie about the stock market machines of the future.
He is not an analyst. He is a hacker.
But for one man, it became reality. His name was Robert Westbrook. He was not a billionaire, did not work for the government, and had no connections at major investment banks. He did not buy information from insiders or trade on rumors from Twitter. All he had was a laptop, access to the Internet, a cold calculation, and rage at the system that squeezed him out of the elite circle.
He was an analyst, a mathematician, and a trader in the past. But soon he became a hacker who found a way to bypass Wall Street.
How one vulnerability opened up millions.
Westbrook didn’t forge documents, didn’t blackmail, didn’t steal money outright. All he did was read other people’s emails. But the emails of very specific people, at very specific times. Those who received quarterly reports a few hours before publication.
He didn’t hack servers, didn’t infect computers with viruses, didn’t use supercomputers or artificial intelligence. He simply found vulnerabilities that had gone undetected for years, not because they were complex, but because they were too simple to seem like a real threat. He could restore access to the work email of a major company’s CFO by answering a secret question: “What’s your favorite vacation destination?”
He found the answer “Barbados” on the CFO’s Instagram page. A few minutes after logging into his email, he received a file with an internal report that no investor, no Bloomberg analyst, and no journalist had ever seen. He opened it, read it, and acted. He bet strictly on the numbers. If he saw a loss in the report, he opened a fall option. If growth, he bet on the rise. A regular deal through a regular broker.
Legal, absolutely clean in appearance. In the coming months, he turned this vulnerability, a banal restoration of access to corporate email, into a full-fledged cyber-financial system bringing in millions of dollars. He will create an invisible network that will make him a legend. This is the story of how one man, deceived by the system, decided to use its rules against it and won, albeit briefly.
Who is Robert Westbrook: the beginning of the journey.
Before his name appeared in the SEC cases and news about Robert Westbrook's financial crimes, he was unknown to anyone.
Just a guy with outstanding grades and a heavy folder of diplomas. He got a degree in mathematics and economics from Oxford. Not because he wanted to be a banker, but because these disciplines seemed the most honest to him. Numbers don’t lie, spreadsheets don’t play politics, and the market, as he then believed, is the perfect competition in which the one who does the math wins.
After graduating, he got into one of the big hedge funds. The working week was typical for such a place. Bloomberg on two monitors, coffee at 6.30 in the morning, Excel, corporate forecasts, reports, strategy meetings where senior partners bet on billion-dollar deals. And he followed the macroeconomy and tried to get to the top.
The financial industry is a game without rules.
But Westburk soon realized what many people guess, but prefer not to admit.
In the financial world, the winners are not those who are smarter. The winners are those who have access. Access to information, to insider information, to those files that appear on the screen an hour before publication, to calls from the CFO, to correspondence, before the press release was sent out. He found himself in the second echelon. He saw how decisions were made not based on a model, not on analysis, but on a call. He saw how profits came not to those who predicted the market, but to those who knew the outcome in advance.
The first hacking attempt: SQL injection.
He felt like he was working in a game with no rules. And then he did what analysts rarely do. He tried to hack the system literally. In 2021, he makes his first attempt. Ill-conceived, not technically complex, but symbolic. He uses a simple SQL injection, one of the most common vulnerabilities in old client portals.
Just to see if it works or not. Not for money. To prove that the system is really leaky.
Dismissal and going into the shadows.
It worked. But this success was followed by failure. He was identified. And fired. Without noise and scandal. His name was on an unofficial blacklist. His career was over before it had really begun. But instead of looking for a new job, he made a choice that became a turning point.
Learning hacking: a year in isolation.
He did not leave the market, he went into the shadows. In the following months, he hardly left the house, bought books on cybersecurity, read manuals that were written long before hacking became mainstream.
He studied SMTP protocols, vulnerabilities, TUK files, email encryption, digital substitutions, logical vulnerabilities.
Return: not as a trader, but as a data hunter.
And exactly one year later, he returned to the market, but not as a trader, he became a hacker. Westbrook did not return to play by the rules. He came to prove that the system can be hacked not through codes, but through its complacency.
First target: Tupperware.
His first target was Tupperware. A well-known brand, unstable reports, constant rumors about restructuring and change of top management. The CFO was new, which meant that the security system was most likely not yet configured properly.
How he restored access to mail.
He was not looking for a complex login. On the contrary, it all started with the simplest thing - a password recovery form for Outlook 365.
He entered the corporate e-mail of the director, which he found on the company's website, clicked "Forgot your password" and saw a familiar secret question "Your favorite city for vacation?" He found the answer in one evening. The old Instagram account had a geotargeted photo, a beach, a glass and the caption "Finally back in Barbados." He returned to the form and entered "Barbados."
First report. First deal. First success.
Access restored. Mail open. In 18 minutes, an email arrived in the CFO's inbox.
Subject: Q4 Preliminary Report, Confidential, for internal review only. PDF attachment. He opened it. The forecast was clear – losses, a sharp decline in revenue, an alarming comment about upcoming staff reductions. He didn’t think long. He simply went into his personal brokerage account, opened options on Tapware stock and bought PUT options for $125,000.
All through a regular platform, no masks, he looked like any other market participant, just with excellent intuition. A few hours later, Tupperware published that very report. The stock fell by 27 percent, he sold the options, locked in a profit of more than $320,000. Tupperware, like everyone else, didn’t notice. The email password remained the same, he didn’t change a single character, didn’t delete a single email. Everything looked clean, as if he had never been there.
Even the broker didn’t ask any questions. The trades were technically flawless. It was a perfect test. The entry is simple, the result is fast, the profit is six-figure. And most importantly, no noise. At that moment, Westbrook understood that if one report gave him $320,000, what would happen if there was not one such report, but 20, 50 or 100. But he decided not to stop, because now he had not just a plan, he had a system.
For most people, such success is already the pinnacle. $320,000 in profit from one transaction and a complete lack of risk of exposure. But Westbrook was not a gambler, not a naive romantic dreaming of easy money. He was an engineer who thought in the logic of processes. And one successful hack for him was not the finish line, but only proof that his method works.
Which means it can be scaled. He realized that manually repeating the process is long and ineffective. Each company means new employees, new questions, addresses, risks. But if you automate the work, you can turn hacking into a structure that can bring in millions quietly, quickly and with virtually no human intervention.
$3.7 million in profit in 3 months.
He wrote a simple Python script that automatically scanned incoming emails after gaining access to the mail.
He looked for specific words - revenue, quarter, confidential, internal, memo to the board of directors, investor relations, everything that could potentially contain the key to the stock movement was automatically forwarded to an anonymous mailbox on protonmail. He set up an autoforward for each hacked account, all letters with the specified keys were sent to him. The owner of the mail did not notice this, everything remained in place. And while SFO was drinking his morning coffee or preparing for a presentation, Wesburg was already reading his letters on his screen.
Invisibility is the main rule. He didn’t change passwords, didn’t leave suspicious logins, didn’t use email during working hours. All the actions took place at night, through VPN, TOR, using session cookies to simulate access from the corporate network. He even created fake trades with losses to confuse broker monitoring systems and not get into the top ratings too quickly.
Three months after the first hack, his statistics looked like this. 17 companies hacked, 13 successful trades, total profit of $3.7 million. His trades were so accurate that platforms began to include him in the lists of the most effective private investors. And the forums began to speculate. Who is Robert X Capital and how does he predict the market with such purity? His system worked like a clock. So smoothly that it might have continued to work to this day, if one day he hadn’t made a bet that everyone noticed.
Like any well-functioning system, Westbrook's scheme had only one truly dangerous element: Westbrook himself. His precision, his rationality, made him virtually elusive, but at the same time, the longer he went unpunished, the more he felt untouchable. He
could have stopped, bought himself a new life somewhere in Portugal, Asia, or the islands, but instead he made what should have been his most profitable bet, but turned out to be his last.
The deal that ruined everything.
His focus was on a large retail chain of gas stations, which was about to release its quarterly report. He received a copy of the report via his chief accountant's email hours before it was published. There were deep losses, rising debt, a collapse in revenue.
He had no doubt that the stock would collapse and makes a bet, but not like before for 100 thousand or even 300 thousand dollars, but for 1.4 million dollars at once. In one day, on one ticket. A few hours later, the report is published. As expected, the stock collapses. The deal brings him more than a million dollars in net profit. Westbrook becomes visible for the first time.
How the SEC noticed the perfect trader.
The SEC's monitoring system is designed to find exactly these cases - sharp, unnatural, suspiciously accurate.
The volume of option trading increased 85 times. 90% of the total volume was accounted for by one trader. The deal was opened exactly 4 hours before the report and played out perfectly. The SEC starts digging, they compare everything, account data, IP addresses, trader history, they find that the trader uses a proton mail address registered to the same person as the account in the brokerage system.
This email had previously been used to restore access to several corporate mailboxes. The same VPN address periodically pops up, sometimes on the platform, sometimes on the cryptocurrency exchange. He became too good, and that’s what gave him away. The SEC employees acted through the British intelligence services. They involved digital security units in the case and conducted a full collection of network traces.
The operation received a high priority, and it was not just an insider who was involved, but a person capable of systematically bypassing control over the US financial markets. On September 3, 2024, at 6.40 am, Robert Westbrook was detained on one of the quiet streets of London. Without resistance, without attempting to escape. He simply nodded in response to the officer’s words, as if he had long known how it would all end. Two months later, he was extradited to the United States.
What he faces: up to 65 years.
The indictment was ready. The trial was held behind closed doors. Westbrook partially admitted guilt. He did not deny the facts, but argued that his actions were a response to an unfair system in which information is a currency that is not available to everyone. His lawyers made two key arguments. The first was that he did not hack servers, but used publicly available vulnerabilities that companies themselves left open. And the second was that he did not steal assets, but simply beat the market, relying on information that no one was protecting.
Robert Westbrook faces a maximum sentence of up to 65 years, confiscation of about $3 million 750 thousand plus interest, and fines of up to $10 million. The trial is still ongoing. Westbrook was not a man who wanted to destroy the system. He was someone who understood how it works. He saw how the exchanges work, saw how the most profitable trades are made not thanks to analytics, not thanks to ingenious strategies, but thanks to access to information.
He saw that the market was not a competition of wits, but of connections, speed, and who could push the button first. He simply decided to level the playing field. His way.
He knew company reports 6 hours before they were published.
He didn't write viruses. He just found a vulnerability.
He turned hacking into an investment machine.
And then he made a mistake that got him busted by the SEC.
In this thread:
— How Westbrook beat the market by the minute
— The vulnerabilities he exploited
— Why no one noticed the leaks
— How the SEC caught him in one trade
— And the big question: genius or criminal?
Contents:
- What if you knew the market in advance?
- He's not an analyst. He's a hacker.
- How One Vulnerability Exposed Millions
- Who is Robert Westbrook: The Beginning of the Journey
- The financial industry is a game without rules
- First hack attempt: SQL injection
- Dismissal and transition into the shadows
- Learning Hacking: A Year in Isolation
- Return: Not as a trader, but as a data hunter
- First target: Tupperware
- How he regained access to his mail
- First report. First deal. First success.
- $3.7 million in profit in 3 months
- The deal that ruined everything
- How the SEC Spotted the Perfect Trader
- What he faces: up to 65 years
What if you knew the market in advance?
Imagine for a moment that you could predict how the market would behave long before the algorithms were triggered, or important news came out, and millions of traders rushed to click buy or sell. Not based on intuition, not with the help of lucky forecasts, but down to the minute, down to the number, down to the specific reaction. Imagine knowing, not guessing, but knowing exactly which stocks will rise, which will fall, and when it will happen.
For some, this sounds like science fiction or a script for a popular science movie about the stock market machines of the future.
He is not an analyst. He is a hacker.
But for one man, it became reality. His name was Robert Westbrook. He was not a billionaire, did not work for the government, and had no connections at major investment banks. He did not buy information from insiders or trade on rumors from Twitter. All he had was a laptop, access to the Internet, a cold calculation, and rage at the system that squeezed him out of the elite circle.
He was an analyst, a mathematician, and a trader in the past. But soon he became a hacker who found a way to bypass Wall Street.
How one vulnerability opened up millions.
Westbrook didn’t forge documents, didn’t blackmail, didn’t steal money outright. All he did was read other people’s emails. But the emails of very specific people, at very specific times. Those who received quarterly reports a few hours before publication.
He didn’t hack servers, didn’t infect computers with viruses, didn’t use supercomputers or artificial intelligence. He simply found vulnerabilities that had gone undetected for years, not because they were complex, but because they were too simple to seem like a real threat. He could restore access to the work email of a major company’s CFO by answering a secret question: “What’s your favorite vacation destination?”
He found the answer “Barbados” on the CFO’s Instagram page. A few minutes after logging into his email, he received a file with an internal report that no investor, no Bloomberg analyst, and no journalist had ever seen. He opened it, read it, and acted. He bet strictly on the numbers. If he saw a loss in the report, he opened a fall option. If growth, he bet on the rise. A regular deal through a regular broker.
Legal, absolutely clean in appearance. In the coming months, he turned this vulnerability, a banal restoration of access to corporate email, into a full-fledged cyber-financial system bringing in millions of dollars. He will create an invisible network that will make him a legend. This is the story of how one man, deceived by the system, decided to use its rules against it and won, albeit briefly.
Who is Robert Westbrook: the beginning of the journey.
Before his name appeared in the SEC cases and news about Robert Westbrook's financial crimes, he was unknown to anyone.
Just a guy with outstanding grades and a heavy folder of diplomas. He got a degree in mathematics and economics from Oxford. Not because he wanted to be a banker, but because these disciplines seemed the most honest to him. Numbers don’t lie, spreadsheets don’t play politics, and the market, as he then believed, is the perfect competition in which the one who does the math wins.
After graduating, he got into one of the big hedge funds. The working week was typical for such a place. Bloomberg on two monitors, coffee at 6.30 in the morning, Excel, corporate forecasts, reports, strategy meetings where senior partners bet on billion-dollar deals. And he followed the macroeconomy and tried to get to the top.
The financial industry is a game without rules.
But Westburk soon realized what many people guess, but prefer not to admit.
In the financial world, the winners are not those who are smarter. The winners are those who have access. Access to information, to insider information, to those files that appear on the screen an hour before publication, to calls from the CFO, to correspondence, before the press release was sent out. He found himself in the second echelon. He saw how decisions were made not based on a model, not on analysis, but on a call. He saw how profits came not to those who predicted the market, but to those who knew the outcome in advance.
The first hacking attempt: SQL injection.
He felt like he was working in a game with no rules. And then he did what analysts rarely do. He tried to hack the system literally. In 2021, he makes his first attempt. Ill-conceived, not technically complex, but symbolic. He uses a simple SQL injection, one of the most common vulnerabilities in old client portals.
Just to see if it works or not. Not for money. To prove that the system is really leaky.
Dismissal and going into the shadows.
It worked. But this success was followed by failure. He was identified. And fired. Without noise and scandal. His name was on an unofficial blacklist. His career was over before it had really begun. But instead of looking for a new job, he made a choice that became a turning point.
Learning hacking: a year in isolation.
He did not leave the market, he went into the shadows. In the following months, he hardly left the house, bought books on cybersecurity, read manuals that were written long before hacking became mainstream.
He studied SMTP protocols, vulnerabilities, TUK files, email encryption, digital substitutions, logical vulnerabilities.
Return: not as a trader, but as a data hunter.
And exactly one year later, he returned to the market, but not as a trader, he became a hacker. Westbrook did not return to play by the rules. He came to prove that the system can be hacked not through codes, but through its complacency.
First target: Tupperware.
His first target was Tupperware. A well-known brand, unstable reports, constant rumors about restructuring and change of top management. The CFO was new, which meant that the security system was most likely not yet configured properly.
How he restored access to mail.
He was not looking for a complex login. On the contrary, it all started with the simplest thing - a password recovery form for Outlook 365.
He entered the corporate e-mail of the director, which he found on the company's website, clicked "Forgot your password" and saw a familiar secret question "Your favorite city for vacation?" He found the answer in one evening. The old Instagram account had a geotargeted photo, a beach, a glass and the caption "Finally back in Barbados." He returned to the form and entered "Barbados."
First report. First deal. First success.
Access restored. Mail open. In 18 minutes, an email arrived in the CFO's inbox.
Subject: Q4 Preliminary Report, Confidential, for internal review only. PDF attachment. He opened it. The forecast was clear – losses, a sharp decline in revenue, an alarming comment about upcoming staff reductions. He didn’t think long. He simply went into his personal brokerage account, opened options on Tapware stock and bought PUT options for $125,000.
All through a regular platform, no masks, he looked like any other market participant, just with excellent intuition. A few hours later, Tupperware published that very report. The stock fell by 27 percent, he sold the options, locked in a profit of more than $320,000. Tupperware, like everyone else, didn’t notice. The email password remained the same, he didn’t change a single character, didn’t delete a single email. Everything looked clean, as if he had never been there.
Even the broker didn’t ask any questions. The trades were technically flawless. It was a perfect test. The entry is simple, the result is fast, the profit is six-figure. And most importantly, no noise. At that moment, Westbrook understood that if one report gave him $320,000, what would happen if there was not one such report, but 20, 50 or 100. But he decided not to stop, because now he had not just a plan, he had a system.
For most people, such success is already the pinnacle. $320,000 in profit from one transaction and a complete lack of risk of exposure. But Westbrook was not a gambler, not a naive romantic dreaming of easy money. He was an engineer who thought in the logic of processes. And one successful hack for him was not the finish line, but only proof that his method works.
Which means it can be scaled. He realized that manually repeating the process is long and ineffective. Each company means new employees, new questions, addresses, risks. But if you automate the work, you can turn hacking into a structure that can bring in millions quietly, quickly and with virtually no human intervention.
$3.7 million in profit in 3 months.
He wrote a simple Python script that automatically scanned incoming emails after gaining access to the mail.
He looked for specific words - revenue, quarter, confidential, internal, memo to the board of directors, investor relations, everything that could potentially contain the key to the stock movement was automatically forwarded to an anonymous mailbox on protonmail. He set up an autoforward for each hacked account, all letters with the specified keys were sent to him. The owner of the mail did not notice this, everything remained in place. And while SFO was drinking his morning coffee or preparing for a presentation, Wesburg was already reading his letters on his screen.
Invisibility is the main rule. He didn’t change passwords, didn’t leave suspicious logins, didn’t use email during working hours. All the actions took place at night, through VPN, TOR, using session cookies to simulate access from the corporate network. He even created fake trades with losses to confuse broker monitoring systems and not get into the top ratings too quickly.
Three months after the first hack, his statistics looked like this. 17 companies hacked, 13 successful trades, total profit of $3.7 million. His trades were so accurate that platforms began to include him in the lists of the most effective private investors. And the forums began to speculate. Who is Robert X Capital and how does he predict the market with such purity? His system worked like a clock. So smoothly that it might have continued to work to this day, if one day he hadn’t made a bet that everyone noticed.
Like any well-functioning system, Westbrook's scheme had only one truly dangerous element: Westbrook himself. His precision, his rationality, made him virtually elusive, but at the same time, the longer he went unpunished, the more he felt untouchable. He
could have stopped, bought himself a new life somewhere in Portugal, Asia, or the islands, but instead he made what should have been his most profitable bet, but turned out to be his last.
The deal that ruined everything.
His focus was on a large retail chain of gas stations, which was about to release its quarterly report. He received a copy of the report via his chief accountant's email hours before it was published. There were deep losses, rising debt, a collapse in revenue.
He had no doubt that the stock would collapse and makes a bet, but not like before for 100 thousand or even 300 thousand dollars, but for 1.4 million dollars at once. In one day, on one ticket. A few hours later, the report is published. As expected, the stock collapses. The deal brings him more than a million dollars in net profit. Westbrook becomes visible for the first time.
How the SEC noticed the perfect trader.
The SEC's monitoring system is designed to find exactly these cases - sharp, unnatural, suspiciously accurate.
The volume of option trading increased 85 times. 90% of the total volume was accounted for by one trader. The deal was opened exactly 4 hours before the report and played out perfectly. The SEC starts digging, they compare everything, account data, IP addresses, trader history, they find that the trader uses a proton mail address registered to the same person as the account in the brokerage system.
This email had previously been used to restore access to several corporate mailboxes. The same VPN address periodically pops up, sometimes on the platform, sometimes on the cryptocurrency exchange. He became too good, and that’s what gave him away. The SEC employees acted through the British intelligence services. They involved digital security units in the case and conducted a full collection of network traces.
The operation received a high priority, and it was not just an insider who was involved, but a person capable of systematically bypassing control over the US financial markets. On September 3, 2024, at 6.40 am, Robert Westbrook was detained on one of the quiet streets of London. Without resistance, without attempting to escape. He simply nodded in response to the officer’s words, as if he had long known how it would all end. Two months later, he was extradited to the United States.
What he faces: up to 65 years.
The indictment was ready. The trial was held behind closed doors. Westbrook partially admitted guilt. He did not deny the facts, but argued that his actions were a response to an unfair system in which information is a currency that is not available to everyone. His lawyers made two key arguments. The first was that he did not hack servers, but used publicly available vulnerabilities that companies themselves left open. And the second was that he did not steal assets, but simply beat the market, relying on information that no one was protecting.
Robert Westbrook faces a maximum sentence of up to 65 years, confiscation of about $3 million 750 thousand plus interest, and fines of up to $10 million. The trial is still ongoing. Westbrook was not a man who wanted to destroy the system. He was someone who understood how it works. He saw how the exchanges work, saw how the most profitable trades are made not thanks to analytics, not thanks to ingenious strategies, but thanks to access to information.
He saw that the market was not a competition of wits, but of connections, speed, and who could push the button first. He simply decided to level the playing field. His way.
