Feeds

How police busted UK's biggest cybercrime case

Sumitomo unpicked

Website security in corporate America

Sand dunes and cyberfraud

Accomplices to the scam turned up at a bank in Abu Dhabi with screenshots of the attempted transaction and demands to receive their money. The copy of the transaction was sent from a fax from a shop in Cheltenham. Shop staff created a video fit of the customer who sent the fax. Kirby considered appearing on Crimewatch to make an appeal requesting information on the suspect, but rejected the idea over concerns it might cause the gang he already had in his sights to destroy evidence and go to ground.

The Abu Dhabi accomplices for the gang have never been identified. Kirby explained that the assistance he had from overseas forces varied enormously. He singled out French and Belgian police for particular praise for expediting his requests. Without this help it would have been impossible to identify Osselaer and Poelvoorde, neither of whom was known to British police.

"There were no prints or DNA on record," Kirby told El Reg. Nothing was overlooked in the investigation - Kirby's team even went through Sumitomo's wastepaper baskets for the weekend before the botched transfers in a failed attempt to find fingerprint evidence.

Other strands of the investigation allowed police to identify Hugh Rodley, 61, of Tewkesbury, Gloucestershire, and Soho sex shop owner David Nash, 47, of Durrington, West Sussex, as suspects in setting up an international network of bank accounts used in the scam. Phone records of the two hacking suspects were key to this along with subsequent police surveillance.

"Overlapping pieces of evidence was a feature of the case. There was lots of traditional evidence alongside the electronic and travel records," Kirby explained. "When questioned, nobody admitted anything, but the evidence was strong enough for the hackers to confess and to secure other convictions."

Case closed

The investigation led to guilty pleas by O'Donoghue and the two hackers, and a trial against the other fraudsters implicated in the scam that led to two guilty verdicts last week.

Van Osselaer and Poelvoorde were jailed for three and a half years and four years respectively, while O'Donoghue was ordered to serve four years and four months behind bars. Rodley, found guilty of conspiracy to defraud and conspiracy to transfer criminal property, was sent away for eight years.

Nash was jailed for three years after a jury found him guilty of conspiring to transfer criminal property. Rodley's alleged business partner Bernard Davies, 74, killed himself just before the trial was due to begin. Swedish national was accused of fraud but cleared on all charges.

The successful conclusion to the case has allowed Kirby to reflect on its outcome and what lessons might be learnt.

"The bank was very helpful. Their assistance saved months of work. They had the social responsibility to report the case in the first place, knowing it would generate adverse publicity," Kirby explained. "Bank staff were subjected to sometimes robust questioning.

"I was very proud of the team that worked for me. They never lost sight of the ultimate goal, never wavered in their enthusiasm and were selfless in pursuit of the crooks. They should be proud."

The case ought to serve as a wake-up call to banks, according to Kirby, who said it illustrated the need to place security under constant review and to "minimise exposure to third parties" as well as the dangers posed by key-logging software. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.