Forgot your password?
typodupeerror
Crime Input Devices United Kingdom

Crooks Arrested Over KVM-Based Bank Heist Attempt 79

Posted by timothy
from the worse-than-an-annoyatron dept.
judgecorp writes "Twelve men have been arrested over an attempt to take control of computers at a Santander bank branch in London using a stealthily planted KVM (keyboard, video and mouse) switch installed by a bogus maintenance engineer. The men were caught by the Metropolitan Police's Central e-Crimes Unit."
This discussion has been archived. No new comments can be posted.

Crooks Arrested Over KVM-Based Bank Heist Attempt

Comments Filter:
  • Foolish. (Score:5, Insightful)

    by Anonymous Coward on Saturday September 14, 2013 @03:36AM (#44847183)

    Everyone knows if you want to rip off a bank. You need to BE the banker.

    That way you get the money. And then the goverment comes and gives you MORE money. Win. Win. No jailtime.

    • by mcgrew (92797) *

      The former president of the bank I use (a small local bank) is now Mayor of Springfield, elected after our previous Mayor [wikipedia.org] (Does he look familiar?) shot himself. [wikipedia.org]

      I wonder what's more lucrative, being President of a small bank or Mayor of a capital city? I'm sure it pays better than any criminal activity except maybe being a Colombian drug lord. A whole lot safer, too.

  • Ohh.... (Score:5, Funny)

    by gigaherz (2653757) on Saturday September 14, 2013 @04:31AM (#44847319)
    ... I was hoping they tried to exploit the bank through a Kernel-based Virtual Machine. Disappointing.
  • by SuricouRaven (1897204) on Saturday September 14, 2013 @04:52AM (#44847389)

    'The Metropolitan Police said its "time-critical, dynamic response" had thwarted a "very significant and audacious cyber-enabled offence". '

    http://www.bbc.co.uk/news/uk-england-london-24077094 [bbc.co.uk]

    I think there should be a general rule: Anyone who uses the word 'cyber' in a non-sarcastic manner should be ignored.

    The article looks like it wasn't written by a tech journalist too, as it contains such obvious errors as 'The device, if operational, would have allowed data and contents of the desktop to be downloaded over the network.' News organizations so often make mistakes in their rush to be the first to break a story - even the BBC.

    • by SuricouRaven (1897204) on Saturday September 14, 2013 @04:53AM (#44847395)

      Like my mistake in capitalizing 'MET' when I know full well it should be 'Met.'

    • by Anonymous Coward

      Don't know what they were using but many KVM over IP products do support remote media devices (via USB along with keyboard/mouse) - usually for remote OS installation. No reason data couldn't be written to one to facilitate this.

    • by mcgrew (92797) *

      Anyone who uses the word 'cyber' in a non-sarcastic manner should be ignored.

      What's wrong with the word cyber? [merriam-webster.com] Do you have a better synonym?

      • Re: (Score:2, Informative)

        by Anonymous Coward

        Yes. "Computer".

      • To me it sounds dated and hackneyed; like asking "do you surf the information superhighway?" Just a personal irk.

    • by drinkypoo (153816)

      The article looks like it wasn't written by a tech journalist too, as it contains such obvious errors as 'The device, if operational, would have allowed data and contents of the desktop to be downloaded over the network.'

      It's not obviously an error to suggest that the attackers could have uploaded the data and contents of the desktop over the internet. So aside from using the wrong word (journalists change up to down all the time, especially in tech where they regularly get this wrong) what's obviously incorrect? It's obviously correct that once they had access to the system, they could get the data.

      • by Somebody Is Using My (985418) on Saturday September 14, 2013 @09:58AM (#44848369) Homepage

        I would guess his objection is that it probably was not the KVM Switch which "allowed data and contents of the desktop to be downloaded over the network", but the per-existing network infrastructure that did that. Unless they used some sort of custom device, it is unlikely that it created its own route (wirelessly?) out of the network or did anything to breach the network security. The KVM switch merely allowed the "hackers" to surreptitiously access the data and send it on its way to whatever nefarious data-haven the criminals had set up (probably Dropbox).

        A subtle and admittedly pedantic difference, but an important one. Seeing as the purpose of the news industry is to - nominally - provide accurate and timely information, it is an unfortunate mistake. Whether it is an important distinction to the common reader is another question entirely. However, since they make it a point of actually mentioning the type of device, it would have been nice if they had taken the time to accurately describe its capabilities.

        Else on Monday some hapless tech somewhere is going to be argue with a clueless CEO who fears that every KVM switch attached to the servers will allow hackers to remotely steal their data because the executive got the wrong message from the media.

  • How where they caught?
    • by jrumney (197329)

      I'm guessing here, but to be of any use, the KVM would most likely be an IP based one, connected to a server somewhere, which in turn could be traced to the crooks, who like most crooks, were not very sophisticated and didn't think to go through Tor or anonymous hosting in a foreign country.

  • by 140Mandak262Jamuna (970587) on Saturday September 14, 2013 @05:32AM (#44847495) Journal
    So this bogus "maintenance engineer" was able to get access to the physical machine and install a KVM switch and snake cables out of the bank to another location controlled by the crooks. It is not clear how this was detected and how he was tracked.

    Well, he could have easily slipped in an unobstrusive thumbdrive with a key logger in to a back usb port, and collected it back in the next "maintenance" visit! One could imagine a usb device based KVM without cables transmitting data wirelessly. Such devices are very useful, I could stash my tower in a sound proofed cooling enclosure far away and keep my KVM on my desk. So they will be in the market, if they are not already in the market. At that point all the bogus engineer had to do was to slip in an unobstrusive usb device in a back port.

    Once the crooks have physical access to the machine, it becomes very difficult to protect against. Once a crook and an insider cooperate it becomes very very difficult to guard against.

  • baren article (Score:5, Informative)

    by Gravis Zero (934156) on Saturday September 14, 2013 @05:48AM (#44847539)

    installed KVM as phony IT guy, were arrested and here are their names

    this is all the information the article provides. no details of any kind. no picture of the (hopefully stealthy) KVM, how they were caught or anything of any interest at all!

    Here's the real scoop:

    A man dressed as a "maintenance engineer" (IT guy) claimed to be sent by a some company working for the bank. Then he goes to the bank branch's main server and plugs an external KVM-over-IP box connected to an ethernet to wifi adapter [techworld.com] or at least that was the plan. The plan was thwarted at the last minute... no info as to why/how but I'm betting that the server either didn't have a PS/2 port or didn't have VGA output not that it matters without a username and password to login.

    A spokesman for Santander insisted that the bogus engineer had not managed to install the device and no customer money was ever at risk.

    We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests. Santander operates multiple levels of controls to protect customers' funds and this attack would not have been successful.

    Hours after the bogus engineer attempted to fit the device to the computer server, officers from Scotland Yard swooped arresting 12 men on suspicion of conspiracy to steal. As for how they were caught, I think someone just realized there wasn't supposed to be an IT guy there and then the cops got called.

    • by mcgrew (92797) *

      As for how they were caught, I think someone just realized there wasn't supposed to be an IT guy there and then the cops got called.

      Since there were so many people involved, my guess is someone got sloppy and was overheard (maybe in a bar or something) and the cops were tipped off.

      The more people involved in any criminal activity, the greater the chance of getting caught.

    • by countach (534280)

      How does some random guy get access to the "main server"? Any bank worth its salt would have massive security just to get near to it. I could understand getting to some guy at the bank's desktop machine, and even that could be really dangerous, but the server?

      • by Shimbo (100005)

        How does some random guy get access to the "main server"? Any bank worth its salt would have massive security just to get near to it

        Most bank branches are fairly small operations these days; 3-4 desktops and probably a branch server out the back. A couple of tellers and that's it. Besides, it sounds like the police were onto th plot in advance; just waiting for the gang to incriminate themselves.

      • chase bank out outsourced branches IT to work to a mix of outside contractors / sub contractors.

    • by mjwalshe (1680392)
      I suspect that the cops had been investigating this before hand and let the attempted installation go ahead so they could actually have a crime to charge people with and arrested every one at that point.

      I suspect that the crew tried to recruit an inside man who shopped them to the cops and acted as a double agent.
  • by jeffasselin (566598) <cormacolinde@gmail . c om> on Saturday September 14, 2013 @08:17AM (#44847957) Journal

    People with no job conspire and fail in trying to shave off a few millions out of a bank's billions?

    Get arrested, thrown in prison for years.

    Work for a bank, conspire and succeed in destroying the global economy and cheat your customers out of trillions of dollars?

    Get the government to give you even MORE money.

    Not saying these guys here should not have been arrested. But the worst crooks in the story are working inside the bank, not outside.

  • Under what circumstances will Slashdot not pick up this story? Perhaps if....

    CrookA calls CrookB on his cel^H^H^Hrotary phone. CrookB asks a bicycle courier outside his building to deliver some building plans across town to CrookC and CrookD.

    The next night, they all meet up and get to work hammering down a wall from some parking garage which leads into the vault.
  • I've just finished development on my new bitchen KVM system!

    Wanna give one a try and tell me how you like it? ......

  • What if you are a political blogger whose keyboard is bugged? The Miniluv can do everything they want against you, and no TOR, I2P, VPN, foreign hosting or full-disk encryption will save you from Room 101.

  • They should have used Xen or VMware for the financial industry.

  • Hey, newspaper guy! It's called "Social Engineering" and it's broadly the same as "Con Artistry".

Mathematicians stand on each other's shoulders. -- Gauss

Working...