Feeds

How police busted UK's biggest cybercrime case

Sumitomo unpicked

The Power of One eBook: Top reasons to choose HP BladeSystem

Sand dunes and cyberfraud

Accomplices to the scam turned up at a bank in Abu Dhabi with screenshots of the attempted transaction and demands to receive their money. The copy of the transaction was sent from a fax from a shop in Cheltenham. Shop staff created a video fit of the customer who sent the fax. Kirby considered appearing on Crimewatch to make an appeal requesting information on the suspect, but rejected the idea over concerns it might cause the gang he already had in his sights to destroy evidence and go to ground.

The Abu Dhabi accomplices for the gang have never been identified. Kirby explained that the assistance he had from overseas forces varied enormously. He singled out French and Belgian police for particular praise for expediting his requests. Without this help it would have been impossible to identify Osselaer and Poelvoorde, neither of whom was known to British police.

"There were no prints or DNA on record," Kirby told El Reg. Nothing was overlooked in the investigation - Kirby's team even went through Sumitomo's wastepaper baskets for the weekend before the botched transfers in a failed attempt to find fingerprint evidence.

Other strands of the investigation allowed police to identify Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, as suspects in setting up an international network of bank accounts used in the scam. Phone records of the two hacking suspects were key to this along with subsequent police surveillance.

"Overlapping pieces of evidence was a feature of the case. There was lots of traditional evidence alongside the electronic and travel records," Kirby explained. "When questioned, nobody admitted anything, but the evidence was strong enough for the hackers to confess and to secure other convictions."

Case closed

The investigation led to guilty pleas by O'Donoghue and the two hackers, and a trial against the other fraudsters implicated in the scam that led to two guilty verdicts last week.

Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while O'Donoghue was ordered to serve four years and four months behind bars. Rodley, found guilty of conspiracy to defraud and conspiracy to transfer criminal property, was sent away for eight years.

Nash was jailed for three years after a jury found him guilty of conspiring to transfer criminal property. Rodley's alleged business partner Bernard Davies, 74, killed himself just before the trial was due to begin. Swedish national was accused of fraud but cleared on all charges.

The successful conclusion to the case has allowed Kirby to reflect on its outcome and what lessons might be learnt.

"The bank was very helpful. Their assistance saved months of work. They had the social responsibility to report the case in the first place, knowing it would generate adverse publicity," Kirby explained. "Bank staff were subjected to sometimes robust questioning.

"I was very proud of the team that worked for me. They never lost sight of the ultimate goal, never wavered in their enthusiasm and were selfless in pursuit of the crooks. They should be proud."

The case ought to serve as a wake-up call to banks, according to Kirby, who said it illustrated the need to place security under constant review and to "minimise exposure to third parties" as well as the dangers posed by key-logging software. ®

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.