Computer Crime Research Center

hack/spy.jpg

Police foil hackers' 220m raid on London bank

Date: March 18, 2005
Source: news.telegraph
By: David Derbyshire

An audacious attempt by computer hackers to steal 220 million from the London branch of a Japanese bank has been foiled by police.

The crime ring gained access to the Sumitomo bank's computer network and tried to transfer money electronically to 10 bank accounts around the world.

If the theft had been successful it would have been one of Britain's biggest bank heists. However, the plan was uncovered before any money was stolen.

Police in Israel said yesterday that they had arrested a man in connection with the attempted theft.

Police working with the National Crime Squad's Hi-Tech Crime Unit have been investigating the attempted theft since October, when the gang made its attack.

Takashi Morita, head of communication at Sumitomo Mitsui Financial Group in Tokyo, said the company had not suffered any financial loss. "We have undertaken measures in terms of security and we have not suffered any financial damage," he said.

Rumours of an attempted theft have been circulating in the City of London since the police warned financial institutions to be on guard against spyware before Christmas.

The National Hi-Tech Crime Unit confirmed that there had been an attempted theft, but declined to give details.

Two British investigators have flown to Israel and are working alongside the country's anti-fraud branch, Israeli police said.

They said an Israeli had been arrested in the Tel Aviv area. Yeron Bolondi, 32, is suspected of trying to launder 13.9 million "by deception in a sophisticated manner", a police statement said.

Details of the London bank fraud are sketchy. Some reports yesterday claimed that the thieves placed "keylogging" spy software on the bank's computer network to record passwords, user names and account details.

Keylogging programmes can be installed directly on to a computer by an insider, or remotely via a malicious e-mail. They record every stroke of the keyboard and pass the information back to hackers.

However, security experts were sceptical that spyware software alone would be useful in a theft of this scale. Howard Palmer, a computer security expert who works for the Banking Academy, said criminals would struggle to use the information gleaned by keylogging without inside help.

In order to transfer money electronically, City banks use Swift - the Society for Worldwide Interbank Financial Telecommunications - system. Hacking into Swift is "theoretically possible" but unlikely, Mr Palmer said. "It is much easier to bribe or blackmail individuals who have access to those codes or have your own people within the banking system," he said.

"A lot of banks do not want to admit the fact that there are organised groups that are laundering money and getting away with it." He estimates that there are between 2,000 to 3,000 active fraudsters working inside London's 500 banks. Many more are bribed and then blackmailed to hide transactions or pass on confidential information.

"I believe that keylogging is not terribly relevant here. You can keylog and see what's going on in another person's computer system, but in banking you can't send money overseas without using a third party system like Swift."

According to research from the National High-Tech Crime Unit, more than 80 per cent of British-based companies have been victims of computer crime.


Add comment  Email to a Friend

Copyright © 2001-2013 Computer Crime Research Center
CCRC logo