Feeds

Gang jailed over failed Sumitomo cyberheist

Commercial software used in multi-million scam

Providing a secure and efficient Helpdesk

The gang behind the failed multi-million pound cyberheist at Sumitomo bank were each sentenced to a lengthy spell behind bars on Thursday.

The plot, which brought together two hackers and a corrupt insider with other fraudsters, conspired to steal £229m ($423m) from the London offices of the Japanese bank Sumitomo Mitsui, was foiled in 2004. Hackers were smuggled into the building and used commercial keystroke logging software1 to capture login credentials before making an unsuccessful attempt to transfer money to a series of ten accounts overseas.

Belgian hacker Jan van Osselaer, 32, and Frenchman Gilles Poelvoorde, 35, were smuggled into Sumitomo's London office by corrupt security supervisor Kevin O'Donoghue, who tampered with CCTV systems in a bid to disguise the crime. When challenged by other workers, O'Donoghue claimed the group were there for a game of late night poker.

Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, set up an international network of bank accounts. But the scam fell apart after the crooks made attempts at using the SWIFT money transfer system and bank officials called in police from the former National Hi-Tech Crime Unit to investigate the failed transfers.

A long-running investigation led to guilty pleas by three of the conspirators, O'Donoghue and the two hackers, and a trial against the two allegedly masterminds of the scheme that resulted in a guilty verdicts earlier this week.

Rodley, who was convicted of conspiracy to defraud and conspiracy to transfer criminal property, was jailed for eight years. Nash was found guilty of conspiring to transfer criminal property, and sentenced to three years behind bars. Rodley's business partner Bernard Davies, 74, from Walton-on-Thames, Surrey, committed suicide on the eve of the trial.

Rodley was described in court as a serial conman. Investigators suspect he got involved in the Sumitomo scam because of liquidity problems and that this was among his first forays into electronic crime.

Hackers Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while 34-year-old O'Donoghue of Birmingham faces four years and four months behind bars.

Poelvoorde was arrested in possession of a USB stick containing a key-logging programme and instructions about how to carry out a similar offence involving a bank in another country. ®

1 The group misused commercial software designed to allow parents to keep an eye on what their children are doing online to mount the attempted Sumitomo scam, Marc Kirby, the retired detective who led the investigation told El Reg. Previous reports have suggested spyware was involved but in fact the gang misused software from a commercial developer, partly to avoid detection by conventional anti-virus defences.

We'll have more from this exclusive interview on Monday.

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.