Feeds

How police busted UK's biggest cybercrime case

Sumitomo unpicked

Build a business case: developing custom apps

Sand dunes and cyberfraud

Accomplices to the scam turned up at a bank in Abu Dhabi with screenshots of the attempted transaction and demands to receive their money. The copy of the transaction was sent from a fax from a shop in Cheltenham. Shop staff created a video fit of the customer who sent the fax. Kirby considered appearing on Crimewatch to make an appeal requesting information on the suspect, but rejected the idea over concerns it might cause the gang he already had in his sights to destroy evidence and go to ground.

The Abu Dhabi accomplices for the gang have never been identified. Kirby explained that the assistance he had from overseas forces varied enormously. He singled out French and Belgian police for particular praise for expediting his requests. Without this help it would have been impossible to identify Osselaer and Poelvoorde, neither of whom was known to British police.

"There were no prints or DNA on record," Kirby told El Reg. Nothing was overlooked in the investigation - Kirby's team even went through Sumitomo's wastepaper baskets for the weekend before the botched transfers in a failed attempt to find fingerprint evidence.

Other strands of the investigation allowed police to identify Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, as suspects in setting up an international network of bank accounts used in the scam. Phone records of the two hacking suspects were key to this along with subsequent police surveillance.

"Overlapping pieces of evidence was a feature of the case. There was lots of traditional evidence alongside the electronic and travel records," Kirby explained. "When questioned, nobody admitted anything, but the evidence was strong enough for the hackers to confess and to secure other convictions."

Case closed

The investigation led to guilty pleas by O'Donoghue and the two hackers, and a trial against the other fraudsters implicated in the scam that led to two guilty verdicts last week.

Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while O'Donoghue was ordered to serve four years and four months behind bars. Rodley, found guilty of conspiracy to defraud and conspiracy to transfer criminal property, was sent away for eight years.

Nash was jailed for three years after a jury found him guilty of conspiring to transfer criminal property. Rodley's alleged business partner Bernard Davies, 74, killed himself just before the trial was due to begin. Swedish national was accused of fraud but cleared on all charges.

The successful conclusion to the case has allowed Kirby to reflect on its outcome and what lessons might be learnt.

"The bank was very helpful. Their assistance saved months of work. They had the social responsibility to report the case in the first place, knowing it would generate adverse publicity," Kirby explained. "Bank staff were subjected to sometimes robust questioning.

"I was very proud of the team that worked for me. They never lost sight of the ultimate goal, never wavered in their enthusiasm and were selfless in pursuit of the crooks. They should be proud."

The case ought to serve as a wake-up call to banks, according to Kirby, who said it illustrated the need to place security under constant review and to "minimise exposure to third parties" as well as the dangers posed by key-logging software. ®

Next gen security for virtualised datacentres

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?