KVM device used in widening plot to steal from London banks

Share this article:

Police may have thwarted one cyber heist on a London bank, but criminals using a similar scheme found success, allegedly stealing more than a million pounds from another financial institution in the city.  

On Friday, the U.K.'s Metropolitan Police Service (MPS) announced that eight men, between the ages of 24 and 47, were arrested that day and on Thursday for their alleged roles in the racket.

According to London police, the individuals were taken into custody for their alleged connection in a conspiracy to steal from a Barclays bank branch – which was hit by hackers this spring – and potentially defraud other U.K. banks, a release from MPS said.

Police told BBC News on Friday that the arrests were being linked to a separate incident: where hackers attempted to steal money from Santander bank, resulting in a police raid last week.

In both instances, crooks plotted to fit bank computers with a keyboard video mouse (KVM) device in order to give themselves remote access to customer accounts. While police stopped the attack on the London Santander branch from being carried out, arresting 12 men and charging four of them with conspiracy to steal, £1.3 million was siphoned from the Barclays location in North London.

Barclays reported the loss, equivalent to around $2 million, back on April 5, though police apprehended the suspects this week.

At both banks, staff allowed a man, posing as an IT engineer, access to bank computers. Instead of working on the machines, the individual allegedly connected a KVM device to computers. At Barclays, criminals were able to carry through with their plans and remotely transfer money to accounts they'd designated ahead of time, police said.

Once installed, a KVM device can give saboteurs access to multiple computers in the organization's network – in this case, to monitor accounts, move money or do any manner of malicious activities.

Doug Johnson, vice president and senior adviser of risk management policy at the American Bankers Association, told SCMagazine.com on Friday that owing to the level of access it required the heist was a “very, very difficult thing to do within a financial institution.”

These types of hardware exploits typically happen in the retail environment, Johnson said, later adding that, in those cases, it's easier to tamper with equipment to compromise organizations.

“It's just easier to get to, and [there's] not a dedicated PC behind levels of security,” Johnson said of hardware in retail establishments as opposed to that in banks.

According to a Friday release from MPS, the eight men arrested for their alleged connection with the Barclays heist are still in custody of London police.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.