Feeds

UK bank heist-by-KVM gang sent down for 24 years after nicking £1.2m

Canny crooks lived high life with flash watches and Macs, say cops

The essential guide to IT transformation

A gang has been jailed after secretly installing hardware in Barclays bank branches to control PCs and steal £1.2m.

The sneaky crims hooked up a hidden KVM (keyboard, video and mouse) switch and a 3G mobile dongle to computers at two London branches. This allowed the thieves to connect to the switch over the internet, access the bank's systems, and divert cash from customers' accounts.

An attempt to fit the kit in a Santander branch in the capital failed, however.

In April last year, gang member Darius Boldor, 34, was able to hook up the KVM gear and dongle to a back-office computer at the Barclays branch in Swiss Cottage, London – by posing as an IT worker. Then, from a nearby hotel, the crooks logged into the switch and shifted £1,252,490 ($2.1m) in 128 transfers to mule accounts to launder.

Barclays alerted Scotland Yard that day when it noticed the money had gone missing. A search of the branch quickly uncovered the remote-control gear. KVM devices, which can cost as little as £10, allow multiple computers to share the same keyboard, mouse, monitor and more; with a 3G dongle fitted, the cyber-looters were able to connect their own keyboard, mouse and monitor to the bank's computer from afar and empty victims' accounts.

Barclays was able to recover about £600,000 ($1m) of the stolen cash.

Then in July 2013, another member of the gang, Dean Outram, 32, used the same technique to plant a bug on computers in a Lewisham branch of Barclays, allowing the crims to steal £90,000.

A photo of the criminals' KVM setup

Bug out ... The network-attached KVM switch with mobile 3G dongle used by the crooks

An attempt that September to plant another mobile-connected KVM at a Surrey Quays branch of Santander in south east London led to the group's undoing. Outram bluffed his way into the branch and installed his hijack gear, allowing fellow gang members Lanre Mullins-Abudu, 25, and Asad Ali Qureshi, 26, to access the bank's compromised computer. Then the cops swooped.

"Metropolitan Police Service detectives supported by Territorial Support Group officers raided an address in Kingsley Avenue, Hounslow, where Mullins-Abudu, Qureshi and eight others were arrested. Police recovered computers that were logged into Santander bank accounts, but no money was stolen," reads a Scotland Yard statement, distributed yesterday after sentencing.

Crime doesn't pay, but you can live the high life for a while

During their investigation, the Met cops found the crims were using "500 high-value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads".

The nicked card details effectively allowed the thieves to blow more than £1m on flash gear between May 2012 and September 2013. According to the police, the gang masqueraded as victims' banks over the phone to trick them into handing over sensitive information: "The group used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers."

Five members of the gang were put behind bars by Southwark Crown Court on Thursday:

  • Darius Valentin Boldor, 34, of Ebury Bridge Road, London, was jailed for two years and six months for fraud and conspiracy to steal.
  • Dean Outram, 32, of Clifford Gardens, London, was banged up for three years for conspiracy to steal.
  • Lanre Mullins-Abudu, 25, of Weimar Street, Putney, was jailed for eight years after he was convicted of conspiracy to commit fraud, conspiracy to steal, and possessing articles for use in fraud offences.
  • Steven Hannah, 53, of Bell Street, London, was sent down for five years and 10 months for conspiracy to commit fraud and possession of Crystal Meth Class A drugs with intent to supply.
  • Tony Colston-Hayter*, 49, of Seymour Street, London, was jailed for five and a half years after he was convicted of conspiracy to commit fraud, conspiracy to steal, theft and possession of articles for use in fraud offences. The cops accuse Colston-Hayter of masterminding the aforementioned credit-card fraud.

Meanwhile, Adam Raeburn Jefferson, 38, of Newport Road, New Bradwell, Milton Keynes, must wear a tag for six months and stick to a curfew after being convicted of conspiracy to commit fraud. Two others were given a three-month tag-enforced curfew, and James Lewis Murphy, 39, of Wellington Buildings, Ebury Bridge Road, London, was sentenced to six months in jail but released as he had spent that stretch in custody awaiting trial.

The full list of convictions, with jail time adding up to 24 years in total, can be found here.

"Michael Victor Harper, 26, of Kiln Place, NW5 and Guy Davies, 49, of Sudbourne Road, London, and Asad Ali Qureshi, 26, of Old Brompton Road, SW7, are scheduled to be sentenced at Wood Green Court on 13 June for fraud by false representation, conspiracy to commit fraud and conspiracy to money launder respectively," Scotland Yard added.

Detective Chief Inspector Jason Tunn, of the Met's Cyber Crime Unit that led the probe, said: “Today’s convictions are the culmination of a long and highly complex investigation into an organised crime group whose aim was to steal millions of pounds from London banks and credit card companies.

“Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice.

"This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital." ®

Bootnote

* Colston-Hayter, once dubbed the "king of acid rave", was previously infamous for organising raves in aircraft hangers back in the 1980s, "scandalising the Home Counties" in the process, The Independent and others report from court.

Next gen security for virtualised datacentres

More from The Register

next story
Ice cream headache as black hat hacks sack Dairy Queen
I scream, you scream, we all scream 'DATA BREACH'!
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
Three quarters of South Korea popped in online gaming raids
Records used to plunder game items, sold off to low lifes
Oz fed police in PDF redaction SNAFU
Give us your metadata, we'll publish your data
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up Big Data
Solving backup challenges and “protect everything from everywhere,” as we move into the era of big data management and the adoption of BYOD.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?