Branch hit by crude yet effective attack involving a KVM device
Crooks managed to tap into a Barclays Bank machine to make off with £1.3 million, using a remarkably crude yet highly effective method. Eight men have now been arrested.
The Metropolitan Police’s Central e-Crime Unit (PCeU) said that in April the crooks hooked a KVM (keyboard, video and mouse) device up to a 3G router inside a North London branch. They did so by having a gang member pretend to be an IT engineer, claiming he was there to fix machines.
They then connected to the device remotely and somehow managed to start siphoning off money. A similar attempt was made on Santander, but the operation was foiled before funds were stolen.
Barclays has managed to recover “a significant amount” of the money stolen.
“Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems,” said detective inspector Mark Raymond of the PCeU.
But security expert Steve Lord, director of penetration testing firm Mandalorian, told TechWeekEurope such attacks do not require a significant amount of technical nous.
“You could probably wander down to PC World and pick this stuff up for less than £300,” Lord said. “It’s not surprising this sort of thing is happening.
“The beauty with it is that you can have all the anti-virus stuff in the world, but this [kind of attack] won’t be picked up.”
The Met posted an image of a typical KVM device, seen below:
From raids on properties in Westminster, Newham, Camden, Brent and Essex, it appears hackers were sitting on thousands of credit cards and personal data. Drugs, jewellery and cash were also recovered.
The men, aged between 24 and 47, were arrested on suspicion of conspiracy to steal from Barclays Bank and conspiracy to defraud UK banks.
Barclays said no customers had suffered financial loss as a result of the hack.
“We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day,” said Alex Grant, managing director of fraud prevention at Barclays.
What do you know about Internet security? Find out with our quiz!