Last September we reported (See London banks attacked) that Barclays and Santander banks in London had been attacked by criminals using remote KVM (keyboard/video/mouse) switch controllers. The London Metropolitan Police just announced that the gang members involved have received their sentencing.
from met.police.uk:
Nine members of a gang which carried out a sophisticated cyber attack on the UK banking industry, stealing just over £1.25 million by remotely controlling bank accounts, have been sentenced to a total of 24 years and nine months imprisonment today, Thursday, 24 April.
The organised crime group also used bank and credit cards obtained from around one million intercepted or stolen letters to fraudulently purchase Rolex watches, designer jewellery and other high-value items, worth over £1 million.
Detective Chief Inspector Jason Tunn, of the MPS Cyber Crime Unit, said: “Today’s convictions are the culmination of a long and highly complex investigation into an organised crime group whose aim was to steal millions of pounds from London banks and credit card companies.
The gang used a device known as a Keyboard, Video, Mouse (KVM) switch to access and control Barclays and Santander bank accounts remotely on three occasions.
…
On 4 April 2013, Darius Bolder, 34, entered the bank’s back office, allowing the group to access the IT system of the bank’s Swiss Cottage branch. The group used the KVM device from a nearby hotel to make 128 transfers worth £1,252,490 to a network of mule accounts set up to launder the stolen cash. Barclays reported the cyber attack that day and recovered over £600,000 of the money.
The matter was referred to the Met’s Police Central e-Crime Unit (PCeU) who began a lengthy and complex investigation.
On 17 July 2013, Dean Outram, 32 entered a Lewisham branch of Barclays and was able to unlawfully gain access to the bank’s computers where £90,000 was stolen. Barclays reported the matter to the MPS who quickly attended and recovered the KVM device.
On 12 September 2013, the group made another attempt to unlawfully gain access to Santander’s IT system by fitting another KVM device. This time, Dean Outram gained access to the Surrey Quays branch, where he fitted the KVM switch onto the bank’s computers in an effort to access the accounts. Meanwhile Lanre Mullins-Abudu, 25, and Asad Ali Qureshi, 26, attempted to gain access to the Santander banking system in order to transfer what police believe would have been substantial funds.
MPS detectives supported by Territorial Support Group officers raided an address in Kingsley Avenue, Hounslow where Mullins-Abudu, Qureshi and eight others were arrested. Police recovered computers that were logged into Santander bank accounts, but no money was stolen. Outram was also arrested having left the bank.
In addition to the Barclays and Santander cyber attacks, police identified that between May 2012 and September 2013, Mullins-Abudu, Stephen Hannah, 53, Guy Davis, 49, Adam Jefferson, 38, Segun Ogunfidodo, 26, Dola Odunusui, 29, Martin Thane, 31, Michael Harper, 26 and Tony Colston-Hayter, 49, also used what police believe to be around 500 high value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads.
The value of the credit card fraud is in excess of £1 million. In order to use the cards, the group – led by Hayter – used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers.