Crooks Arrested Over KVM-Based Bank Heist Attempt 79
judgecorp writes "Twelve men have been arrested over an attempt to take control of computers at a Santander bank branch in London using a stealthily planted KVM (keyboard, video and mouse) switch installed by a bogus maintenance engineer. The men were caught by the Metropolitan Police's Central e-Crimes Unit."
Re:KVM? (Score:5, Informative)
"Now"? KVM has been an acronym for years, if not decades.
Re:KVM? (Score:5, Informative)
baren article (Score:5, Informative)
installed KVM as phony IT guy, were arrested and here are their names
this is all the information the article provides. no details of any kind. no picture of the (hopefully stealthy) KVM, how they were caught or anything of any interest at all!
Here's the real scoop:
A man dressed as a "maintenance engineer" (IT guy) claimed to be sent by a some company working for the bank. Then he goes to the bank branch's main server and plugs an external KVM-over-IP box connected to an ethernet to wifi adapter [techworld.com] or at least that was the plan. The plan was thwarted at the last minute... no info as to why/how but I'm betting that the server either didn't have a PS/2 port or didn't have VGA output not that it matters without a username and password to login.
A spokesman for Santander insisted that the bogus engineer had not managed to install the device and no customer money was ever at risk.
We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests. Santander operates multiple levels of controls to protect customers' funds and this attack would not have been successful.
Hours after the bogus engineer attempted to fit the device to the computer server, officers from Scotland Yard swooped arresting 12 men on suspicion of conspiracy to steal. As for how they were caught, I think someone just realized there wasn't supposed to be an IT guy there and then the cops got called.
Re:He got physical access to the machine! (Score:4, Informative)
He was more likely using an IP-connected KVM device, like one of these http://www.raritan.com/products/kvm-over-ip/ [raritan.com] and not the heavily cabled ones. Hooked up to a cellular router, they don't even need cables except for a power pack.
Full access to the workstation might be needed if the bank implements machine-based access control that requires something on the machine itself for authentication besides username and password. The South African Post Office does this and a bunch of crooks nicked money after stealing a machine that had management access to accounts and then broke into the premises of another branch to plug it into the LAN. That was proved an inside job by tellers.
Re:Should see the MET statement. (Score:2, Informative)
Yes. "Computer".
Re:KVM? (Score:5, Informative)
When you are part of an industry and use a certain term multiple times you get to decide when and what you create acronyms for. Since a lot morons among the AC crowd don't seem to get simple concepts, I will explain this one for your benefit. Acronyms are made to make speaking easier/quicker when you MUST repeat yourself. People that make KVM switches probably took about 10 seconds into their first meeting talking about making this product to decide that repeatedly saying keyboard video mouse was a waste of time. Just because the entirety of your experience with acronyms begins and ends with lol, fml and diaf as you text your twelve year old friends does not mean that the world in general doesn't understand that time is money. If you had even a modicum of experience in a non-entry level position in a larger company you would realize that most acronyms in the world are business related; created and mostly used by the people that create the idea or product then picked up by the general public over time. The military is an exception to that rule. They have a serious addiction to creating acronyms for everything.
Re:Should see the MET statement. (Score:4, Informative)
I would guess his objection is that it probably was not the KVM Switch which "allowed data and contents of the desktop to be downloaded over the network", but the per-existing network infrastructure that did that. Unless they used some sort of custom device, it is unlikely that it created its own route (wirelessly?) out of the network or did anything to breach the network security. The KVM switch merely allowed the "hackers" to surreptitiously access the data and send it on its way to whatever nefarious data-haven the criminals had set up (probably Dropbox).
A subtle and admittedly pedantic difference, but an important one. Seeing as the purpose of the news industry is to - nominally - provide accurate and timely information, it is an unfortunate mistake. Whether it is an important distinction to the common reader is another question entirely. However, since they make it a point of actually mentioning the type of device, it would have been nice if they had taken the time to accurately describe its capabilities.
Else on Monday some hapless tech somewhere is going to be argue with a clueless CEO who fears that every KVM switch attached to the servers will allow hackers to remotely steal their data because the executive got the wrong message from the media.