KVM device used in widening plot to steal from London banks

Share this article:

Police may have thwarted one cyber heist on a London bank, but criminals using a similar scheme found success, allegedly stealing more than a million pounds from another financial institution in the city.  

On Friday, the U.K.'s Metropolitan Police Service (MPS) announced that eight men, between the ages of 24 and 47, were arrested that day and on Thursday for their alleged roles in the racket.

According to London police, the individuals were taken into custody for their alleged connection in a conspiracy to steal from a Barclays bank branch – which was hit by hackers this spring – and potentially defraud other U.K. banks, a release from MPS said.

Police told BBC News on Friday that the arrests were being linked to a separate incident: where hackers attempted to steal money from Santander bank, resulting in a police raid last week.

In both instances, crooks plotted to fit bank computers with a keyboard video mouse (KVM) device in order to give themselves remote access to customer accounts. While police stopped the attack on the London Santander branch from being carried out, arresting 12 men and charging four of them with conspiracy to steal, £1.3 million was siphoned from the Barclays location in North London.

Barclays reported the loss, equivalent to around $2 million, back on April 5, though police apprehended the suspects this week.

At both banks, staff allowed a man, posing as an IT engineer, access to bank computers. Instead of working on the machines, the individual allegedly connected a KVM device to computers. At Barclays, criminals were able to carry through with their plans and remotely transfer money to accounts they'd designated ahead of time, police said.

Once installed, a KVM device can give saboteurs access to multiple computers in the organization's network – in this case, to monitor accounts, move money or do any manner of malicious activities.

Doug Johnson, vice president and senior adviser of risk management policy at the American Bankers Association, told SCMagazine.com on Friday that owing to the level of access it required the heist was a “very, very difficult thing to do within a financial institution.”

These types of hardware exploits typically happen in the retail environment, Johnson said, later adding that, in those cases, it's easier to tamper with equipment to compromise organizations.

“It's just easier to get to, and [there's] not a dedicated PC behind levels of security,” Johnson said of hardware in retail establishments as opposed to that in banks.

According to a Friday release from MPS, the eight men arrested for their alleged connection with the Barclays heist are still in custody of London police.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Ground system for weather satellites contains thousands of 'high-risk' bugs

Ground system for weather satellites contains thousands of ...

An audit of the Joint Polar Satellite System ground system revealed thousands of vulnerabilities, most of which will be addressed in two years when the next version of the system ...

Threat report on Swedish firms shows 93 percent were breached

The study by KPMG and FireEye also found that 49 percent of detected malware was unknown.

Former acting HHS cyber director convicted on child porn charges

Former acting HHS cyber director convicted on child ...

Timothy DeFoggi, who was nabbed by the FBI last year in its Operation Torpedo investigation was convicted by federal jury in Nebraska.