UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m
Canny crooks lived high life with flash watches and Macs, say cops
A gang has been jailed after secretly installing hardware in Barclays bank branches to control PCs and steal £1.2m.
The sneaky crims hooked up a hidden KVM (keyboard, video and mouse) switch and a 3G mobile dongle to computers at two London branches. This allowed the thieves to connect to the switch over the internet, access the bank's systems, and divert cash from customers' accounts.
An attempt to fit the kit in a Santander branch in the capital failed, however.
In April last year, gang member Darius Boldor, 34, was able to hook up the KVM gear and dongle to a back-office computer at the Barclays branch in Swiss Cottage, London – by posing as an IT worker. Then, from a nearby hotel, the crooks logged into the switch and shifted £1,252,490 ($2.1m) in 128 transfers to mule accounts to launder.
Barclays alerted Scotland Yard that day when it noticed the money had gone missing. A search of the branch quickly uncovered the remote-control gear. KVM devices, which can cost as little as £10, allow multiple computers to share the same keyboard, mouse, monitor and more; with a 3G dongle fitted, the cyber-looters were able to connect their own keyboard, mouse and monitor to the bank's computer from afar and empty victims' accounts.
Barclays was able to recover about £600,000 ($1m) of the stolen cash.
Then in July 2013, another member of the gang, Dean Outram, 32, used the same technique to plant a bug on computers in a Lewisham branch of Barclays, allowing the crims to steal £90,000.
Bug out ... The network-attached KVM switch with mobile 3G dongle used by the crooks
An attempt that September to plant another mobile-connected KVM at a Surrey Quays branch of Santander in south east London led to the group's undoing. Outram bluffed his way into the branch and installed his hijack gear, allowing fellow gang members Lanre Mullins-Abudu, 25, and Asad Ali Qureshi, 26, to access the bank's compromised computer. Then the cops swooped.
"Metropolitan Police Service detectives supported by Territorial Support Group officers raided an address in Kingsley Avenue, Hounslow, where Mullins-Abudu, Qureshi and eight others were arrested. Police recovered computers that were logged into Santander bank accounts, but no money was stolen," reads a Scotland Yard statement, distributed yesterday after sentencing.
Crime doesn't pay, but you can live the high life for a while
During their investigation, the Met cops found the crims were using "500 high-value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads".
The nicked card details effectively allowed the thieves to blow more than £1m on flash gear between May 2012 and September 2013. According to the police, the gang masqueraded as victims' banks over the phone to trick them into handing over sensitive information: "The group used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers."
Five members of the gang were put behind bars by Southwark Crown Court on Thursday:
- Darius Valentin Boldor, 34, of Ebury Bridge Road, London, was jailed for two years and six months for fraud and conspiracy to steal.
- Dean Outram, 32, of Clifford Gardens, London, was banged up for three years for conspiracy to steal.
- Lanre Mullins-Abudu, 25, of Weimar Street, Putney, was jailed for eight years after he was convicted of conspiracy to commit fraud, conspiracy to steal, and possessing articles for use in fraud offences.
- Steven Hannah, 53, of Bell Street, London, was sent down for five years and 10 months for conspiracy to commit fraud and possession of Crystal Meth Class A drugs with intent to supply.
- Tony Colston-Hayter*, 49, of Seymour Street, London, was jailed for five and a half years after he was convicted of conspiracy to commit fraud, conspiracy to steal, theft and possession of articles for use in fraud offences. The cops accuse Colston-Hayter of masterminding the aforementioned credit-card fraud.
Meanwhile, Adam Raeburn Jefferson, 38, of Newport Road, New Bradwell, Milton Keynes, must wear a tag for six months and stick to a curfew after being convicted of conspiracy to commit fraud. Two others were given a three-month tag-enforced curfew, and James Lewis Murphy, 39, of Wellington Buildings, Ebury Bridge Road, London, was sentenced to six months in jail but released as he had spent that stretch in custody awaiting trial.
The full list of convictions, with jail time adding up to 24 years in total, can be found here.
"Michael Victor Harper, 26, of Kiln Place, NW5 and Guy Davies, 49, of Sudbourne Road, London, and Asad Ali Qureshi, 26, of Old Brompton Road, SW7, are scheduled to be sentenced at Wood Green Court on 13 June for fraud by false representation, conspiracy to commit fraud and conspiracy to money launder respectively," Scotland Yard added.
Detective Chief Inspector Jason Tunn, of the Met's Cyber Crime Unit that led the probe, said: “Today’s convictions are the culmination of a long and highly complex investigation into an organised crime group whose aim was to steal millions of pounds from London banks and credit card companies.
“Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice.
"This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital." ®
* Colston-Hayter, once dubbed the "king of acid rave", was previously infamous for organising raves in aircraft hangers back in the 1980s, "scandalising the Home Counties" in the process, The Independent and others report from court.
Sponsored: Network DDoS protection