UK police: Cyber crooks could have stolen millions

Sep 14, 2013 by Raphael Satter

(AP)—A daring attempt to graft a rogue piece of hardware onto a computer at a London branch of Spanish bank Santander could have drained millions from its coffers, police said Friday, an indication of the potential for electronic crime to tear huge chunks off financial institutions' balance sheets.

London and Santander said in a joint statement that 12 suspects were arrested Thursday following an attempt by a bogus maintenance engineer to install a keyboard-video-mouse—a device typically used to control several computers at once—onto one of the bank's computers at a branch located in a south London shopping center.

Few other technical details were released, but the statement said that the hardware would have allowed the transmission of the entire computer's desktop and "allowed the suspects to take control of the bank's computer remotely."

Writing on the blog of Internet Sophos, John Hawes said it wasn't clear how much damage the would-be robbers might have done "even with access to a workstation."

"If the systems were well controlled, secured and monitored, there should still have been plenty of obstacles to overcome before they could find their way into sensitive parts of the network, and move virtual cash out of the bank's systems," he said.

Police said they took the attempted robbery very seriously. In their statement, Det. Insp. Mark Raymond described it as a "sophisticated plot that could have led to the loss of a very large amount of money from the bank." The force put the potential losses in the millions of pounds—although it stressed that no money was ever withdrawn.

It's not clear from the statement whether the person masquerading as an engineer was arrested at the scene. Police said that all but one of the 12 suspects, ranging in age from 23 to 50, were apprehended in the same west London neighborhood.

The scale of the potential theft is another reminder of the huge amounts that can be stolen by tech-savvy criminals. U.S. investigators say that one gang operating across 27 countries recently managed to steal $45 million in two separate sprees after compromising payment systems used by two Middle Eastern banks.

The suspects in the latest heist remain in custody. Police said searches were being carried out in six different locations in the greater London area. Santander said none of its staff were involved in the attempted heist.

Explore further: Operation Zombie arrests teen hacker in Argentina

not rated yet
add to favorites email to friend print save as pdf

Related Stories

Operation Zombie arrests teen hacker in Argentina

Sep 13, 2013

(AP)—Argentine police say they have arrested an alleged 19-year-old hacker on suspicion of leading a network specialized in fraud and complex financial transactions that led to security breaches at numerous websites.

World grapples with rise in cyber crime

May 11, 2013

International law enforcement agencies say the recent $45 million dollar ATM heist is just one of many scams they're fighting in an unprecedented wave of sophisticated cyberattacks.

Japan police chief climbs down over cyber arrests

Oct 18, 2012

Japan's most senior policeman began an embarrassing climbdown Thursday after his officers arrested four people over cyber threats issued when their computers were apparently hacked.

In info age, Belgian diamond heist is a throwback

Feb 19, 2013

(AP)—At a time when many robberies take place at the click of a mouse, a group of jewel thieves has shown there's still a potential payoff for old-fashioned criminals willing to use disguises, planning ...

LA thieves nabbed with 'find my phone' app

Nov 22, 2011

Police in California probing an armed robbery arrested two suspects by using the "Find My Phone" app on her stolen iPhone to locate the device, a spokeswoman said Tuesday.

Hackers stole $45 million in bank card breach (Update)

May 09, 2013

A worldwide gang of criminals stole $45 million in a matter of hours by hacking their way into a database of prepaid debit cards and then draining cash machines around the globe, federal prosecutors said—and ...

Recommended for you

Fitbit to Schumer: We don't sell personal data

8 hours ago

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

12 hours ago

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

14 hours ago

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

14 hours ago

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

Google to help boost Greece's tourism industry

Aug 21, 2014

Internet giant Google will offer management courses to 3,000 tourism businesses on the island of Crete as part of an initiative to promote the sector in Greece, industry union Sete said on Thursday.

Music site SoundCloud to start paying artists

Aug 21, 2014

SoundCloud said Thursday that it will start paying artists and record companies whose music is played on the popular streaming site, a move that will bring it in line with competitors such as YouTube and Spotify.

User comments : 3

Adjust slider to filter visible comments by rank

Display comments: newest first

alfie_null
not rated yet Sep 14, 2013
Banks should treat their IT assets as if they were gold bullion. Lock them away and strictly controlled physical access.
dtxx
1 / 5 (3) Sep 14, 2013
Some details are missing here. Installing a KVM is meaningless by itself and doesn't represent a security risk. It won't give you access unless you are within the length of the cable, so they'd still have to be within 10 feet of the computer. They would need an insider or equipment on the inside to make any use of it.
kochevnik
1 / 5 (3) Sep 15, 2013
Only banksters should be allowed to steal, as they tried with some Russian bank accounts in Greece. After a few attitude adjustments, the banksters returned the Russian funds in exchange for free health insurance