Feeds

How police busted UK's biggest cybercrime case

Sumitomo unpicked

High performance access to file storage

Sand dunes and cyberfraud

Accomplices to the scam turned up at a bank in Abu Dhabi with screenshots of the attempted transaction and demands to receive their money. The copy of the transaction was sent from a fax from a shop in Cheltenham. Shop staff created a video fit of the customer who sent the fax. Kirby considered appearing on Crimewatch to make an appeal requesting information on the suspect, but rejected the idea over concerns it might cause the gang he already had in his sights to destroy evidence and go to ground.

The Abu Dhabi accomplices for the gang have never been identified. Kirby explained that the assistance he had from overseas forces varied enormously. He singled out French and Belgian police for particular praise for expediting his requests. Without this help it would have been impossible to identify Osselaer and Poelvoorde, neither of whom was known to British police.

"There were no prints or DNA on record," Kirby told El Reg. Nothing was overlooked in the investigation - Kirby's team even went through Sumitomo's wastepaper baskets for the weekend before the botched transfers in a failed attempt to find fingerprint evidence.

Other strands of the investigation allowed police to identify Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, as suspects in setting up an international network of bank accounts used in the scam. Phone records of the two hacking suspects were key to this along with subsequent police surveillance.

"Overlapping pieces of evidence was a feature of the case. There was lots of traditional evidence alongside the electronic and travel records," Kirby explained. "When questioned, nobody admitted anything, but the evidence was strong enough for the hackers to confess and to secure other convictions."

Case closed

The investigation led to guilty pleas by O'Donoghue and the two hackers, and a trial against the other fraudsters implicated in the scam that led to two guilty verdicts last week.

Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while O'Donoghue was ordered to serve four years and four months behind bars. Rodley, found guilty of conspiracy to defraud and conspiracy to transfer criminal property, was sent away for eight years.

Nash was jailed for three years after a jury found him guilty of conspiring to transfer criminal property. Rodley's alleged business partner Bernard Davies, 74, killed himself just before the trial was due to begin. Swedish national was accused of fraud but cleared on all charges.

The successful conclusion to the case has allowed Kirby to reflect on its outcome and what lessons might be learnt.

"The bank was very helpful. Their assistance saved months of work. They had the social responsibility to report the case in the first place, knowing it would generate adverse publicity," Kirby explained. "Bank staff were subjected to sometimes robust questioning.

"I was very proud of the team that worked for me. They never lost sight of the ultimate goal, never wavered in their enthusiasm and were selfless in pursuit of the crooks. They should be proud."

The case ought to serve as a wake-up call to banks, according to Kirby, who said it illustrated the need to place security under constant review and to "minimise exposure to third parties" as well as the dangers posed by key-logging software. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.