Breach, Threat Management, Data Security

KVM device used in widening plot to steal from London banks

Police may have thwarted one cyber heist on a London bank, but criminals using a similar scheme found success, allegedly stealing more than a million pounds from another financial institution in the city.  

On Friday, the U.K.'s Metropolitan Police Service (MPS) announced that eight men, between the ages of 24 and 47, were arrested that day and on Thursday for their alleged roles in the racket.

According to London police, the individuals were taken into custody for their alleged connection in a conspiracy to steal from a Barclays bank branch – which was hit by hackers this spring – and potentially defraud other U.K. banks, a release from MPS said.

Police told BBC News on Friday that the arrests were being linked to a separate incident: where hackers attempted to steal money from Santander bank, resulting in a police raid last week.

In both instances, crooks plotted to fit bank computers with a keyboard video mouse (KVM) device in order to give themselves remote access to customer accounts. While police stopped the attack on the London Santander branch from being carried out, arresting 12 men and charging four of them with conspiracy to steal, £1.3 million was siphoned from the Barclays location in North London.

Barclays reported the loss, equivalent to around $2 million, back on April 5, though police apprehended the suspects this week.

At both banks, staff allowed a man, posing as an IT engineer, access to bank computers. Instead of working on the machines, the individual allegedly connected a KVM device to computers. At Barclays, criminals were able to carry through with their plans and remotely transfer money to accounts they'd designated ahead of time, police said.

Once installed, a KVM device can give saboteurs access to multiple computers in the organization's network – in this case, to monitor accounts, move money or do any manner of malicious activities.

Doug Johnson, vice president and senior adviser of risk management policy at the American Bankers Association, told on Friday that owing to the level of access it required the heist was a “very, very difficult thing to do within a financial institution.”

These types of hardware exploits typically happen in the retail environment, Johnson said, later adding that, in those cases, it's easier to tamper with equipment to compromise organizations.

“It's just easier to get to, and [there's] not a dedicated PC behind levels of security,” Johnson said of hardware in retail establishments as opposed to that in banks.

According to a Friday release from MPS, the eight men arrested for their alleged connection with the Barclays heist are still in custody of London police.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.