Feeds

'Bogus IT guys' slurp £1.3m from Barclays: Cybercops cuff 8 blokes

'Engineer' slipped remote-hack hardware INSIDE branch, says Met

High performance access to file storage

UK police have arrested eight men after a gang fitted remote-control hardware to a Barclays bank branch computer and stole £1.3m.

Money was slurped from the bank after crooks hooked up a KVM (keyboard, video and mouse) switch and 3G dongle to a terminal in the branch, officers said.

The suspects, aged between 24 and 47, were cuffed by cops from the Metropolitan Police's Central e-Crime Unit during a series of raids on Thursday and Friday. The Met said the men had been arrested "in connection with an allegation of conspiracy to steal from Barclays Bank, and conspiracy to defraud UK banks".

Police said that "cash, jewellery, drugs, thousands of credit cards and personal data" are were recovered in a series of raids across London and Essex.

"The arrests are the result of a long-term intelligence-led operation by the Metropolitan Police's PeCU, in partnership with Barclays Bank, who have been investigating the theft of £1.3 million from the Swiss Cottage branch of Barclays in April 2013," a Met Police statement explains.

Barclays reported the missing money to Scotland Yard, and a subsequent search revealed a 3G mobile internet dongle attached to a KVM switch that was connected to a computer in a London branch. KVM switches, which can cost as little as £10, are used legitimately for remote working; the keyboard, video and mouse signals can be routed over the internet to another keyboard, monitor and mouse.

In this case, it seems the device was allegedly used to remotely control the compromised computer in a Barclays branch in London's Swiss Cottage district. Bank accounts were looted shortly after an individual posing as an IT worker installed the device on 4 April, cops said.

"A male purporting to be an IT engineer had gained access to the branch, falsely stating he was there to fix computers," the Met police statement explains. "He had then deployed the KVM device. This enabled the criminal group to remotely transfer monies to predetermined bank accounts under the control of the criminal group."

Barclays have since been able to recover a "significant amount" of the stolen funds.

Detective Inspector Mark Raymond of the Met's PCeU said: "These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK Banking sector.

The detective added: "Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems."

David Emm, senior security researcher at Kaspersky Lab, commented: "KVM devices have been around for some time now. They allow the use of multiple devices through one keyboard or mouse. The successful fitting of such a device, combined with specific software, would give the hackers remote access to that particular computer and any network or information it had access to."

Planting hardware hacking devices to enable cyber-crime is becoming something of a trend. The latest arrests come after four men appeared in court earlier this month charged with conspiracy to steal after a KVM was placed on a Santander branch in Surrey Quays, southeast London. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
OpenSSL Heartbleed: Bloody nose for open-source bleeding hearts
Bloke behind the cockup says not enough people are helping crucial crypto project
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Experian subsidiary faces MEGA-PROBE for 'selling consumer data to fraudster'
US attorneys general roll up sleeves, snap on gloves
Bad PUPPY: Undead Windows XP deposits fresh scamware on lawn
Installing random interwebs shiz will bork your zombie box
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.