Feeds

How police busted UK's biggest cybercrime case

Sumitomo unpicked

Choosing a cloud hosting partner with confidence

Sand dunes and cyberfraud

Accomplices to the scam turned up at a bank in Abu Dhabi with screenshots of the attempted transaction and demands to receive their money. The copy of the transaction was sent from a fax from a shop in Cheltenham. Shop staff created a video fit of the customer who sent the fax. Kirby considered appearing on Crimewatch to make an appeal requesting information on the suspect, but rejected the idea over concerns it might cause the gang he already had in his sights to destroy evidence and go to ground.

The Abu Dhabi accomplices for the gang have never been identified. Kirby explained that the assistance he had from overseas forces varied enormously. He singled out French and Belgian police for particular praise for expediting his requests. Without this help it would have been impossible to identify Osselaer and Poelvoorde, neither of whom was known to British police.

"There were no prints or DNA on record," Kirby told El Reg. Nothing was overlooked in the investigation - Kirby's team even went through Sumitomo's wastepaper baskets for the weekend before the botched transfers in a failed attempt to find fingerprint evidence.

Other strands of the investigation allowed police to identify Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, as suspects in setting up an international network of bank accounts used in the scam. Phone records of the two hacking suspects were key to this along with subsequent police surveillance.

"Overlapping pieces of evidence was a feature of the case. There was lots of traditional evidence alongside the electronic and travel records," Kirby explained. "When questioned, nobody admitted anything, but the evidence was strong enough for the hackers to confess and to secure other convictions."

Case closed

The investigation led to guilty pleas by O'Donoghue and the two hackers, and a trial against the other fraudsters implicated in the scam that led to two guilty verdicts last week.

Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while O'Donoghue was ordered to serve four years and four months behind bars. Rodley, found guilty of conspiracy to defraud and conspiracy to transfer criminal property, was sent away for eight years.

Nash was jailed for three years after a jury found him guilty of conspiring to transfer criminal property. Rodley's alleged business partner Bernard Davies, 74, killed himself just before the trial was due to begin. Swedish national was accused of fraud but cleared on all charges.

The successful conclusion to the case has allowed Kirby to reflect on its outcome and what lessons might be learnt.

"The bank was very helpful. Their assistance saved months of work. They had the social responsibility to report the case in the first place, knowing it would generate adverse publicity," Kirby explained. "Bank staff were subjected to sometimes robust questioning.

"I was very proud of the team that worked for me. They never lost sight of the ultimate goal, never wavered in their enthusiasm and were selfless in pursuit of the crooks. They should be proud."

The case ought to serve as a wake-up call to banks, according to Kirby, who said it illustrated the need to place security under constant review and to "minimise exposure to third parties" as well as the dangers posed by key-logging software. ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.