Keylogging Used To Catch Bank Crackers

An anonymous reader writes "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software. The London branch of the Sumitomo Mitsui bank of Japan was the target, and a person has been arrested in Israel after being identified as the recipient of an attempted electronic transfer of UKP13.9m."

Even the submitter didn't read the article!!

[REBloomfield]

The crooks were the ones using the keyloggers, not the people who caught them!!!!!!

Re:Even the submitter didn't read the article!!

[Trolling4Columbine]

You're new here, aren't you...

Re:Even the submitter didn't read the article!!

[Inda]

That's what the TV version of the BBC news has been saying all day too.

Re:Even the submitter didn't read the article!!

[lucabrasi999]

The editor didn't read it, either.

Re:Even the submitter didn't read the article!!

[LiquidCoooled]

I think its just unfortunate wording and link positioning.

National High Tech Crime Unit has foiled an attempted fraud by (hackers using keylogging software).

Remember kids, always use parenthesis when describing ambiguous terms ;)

Re:Even the submitter didn't read the article!!

[believekevin]

I thought the slant on here was going to be "fighting fire with fire" but instead it's just "slow news day - y2k bug still a threat!"

Re:Even the submitter didn't read the article!!

[akintayo]

This seems to a case of a badly constructed sentence, rather than the submitter not understanding the article.

Re:Even the submitter didn't read the article!!

[akintayo]

sorry, i didn't read the headline

Re:Even the submitter didn't read the article!!

[bcmm]

That's what the TV version of the BBC news has been saying all day too.

LOL.
I know you're probably more used to the website, but that is BBC news.
It stands for British Broadcasting Corporation. It was originally only radio and television.

Re:Even the submitter didn't read the article!!

[R.D.Olivaw]

well, you could argue that posting on the web is some form of broadcasting. After all it means transmitting something to the public. In any case you can't blame GP for pointing out that it was the TV version. Otherwise how would you distinguish it from the website?

Re:Even the submitter didn't read the article!!

[RollingThunder]

First it was RTFA, then RTFSummary, now RTFTitle? ;)

Re:Even the submitter didn't read the article!!

[a+whoabot]

I've had one article I've submitted accepted and the headline was changed from the one I submitted it with. As far as I know this is standard procedure: the editor chooses a headline he likes, could be the one submitted, could not.

The actual writeup seems to pretty clearly say that it was the hackers using the keyloggers, the headline says the opposite. Probably an editorial mistake.

Re:Even the submitter didn't read the article!!

You love repeating old jokes, don't you?

Re:Even the submitter didn't read the article!!

[oliverthered]

The editor never reads it.

Plausible Deniability.

Re:Even the submitter didn't read the article!!

[varmittang]

Where did you learn to do this thing called "read". I only know how to write.

Re:Even the submitter didn't read the article!!

If you're going to be picky about it, BBC News is actually just on the radio because the BBC originally only did radio.

Of course, that's not the case and BBC News is delivered via TV, radio and the Web, with the online component taking on an increasingly significant importance. Which you would have realised had you been paying attention to the world and not had your head stuck up your ass.

Re:Even the submitter didn't read the article!!

[Chris+Kamel]

Well it seams he read it, if you refactor his sentence it would say:
British police National High Tech Crime Unit has foiled an attempted fraud by "hackers using keylogging software".
He just didn't understand it and hence the misleading title :D

Re:Even the submitter didn't read the article!!

[Chris+Kamel]

history lesson: first it was RTFM, the grandfather of all the RTF* family :)

Re:Even the submitter didn't read the article!!

[Doc+Ruby]

All of the 9 stories that I submitted which Slashdot published have kept my headline intact.

Re:Even the submitter didn't read the article!!

[AviLazar]

/.'ers don't read the articles, even if they post them.

Re:Even the submitter didn't read the article!!

[jrsimmons]

Perhaps you should re-read the post:

"BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software."

This sentence can be read interpretted both ways:
1. "...foiled an attempted fraud by hackers [who were] using keylogging software."
2. "...High Tech Crime Unit, [using key logging software], has foiled an attempted fraud by hackers."

While it may not be the best form, it is grammatically correct and your statement is based on only one interpretation.

Re:Even the submitter didn't read the article!!

[Inda]

Nah, the TV goes on before the Internet each morning. It was the breaking news story before that tanker caught on fire on the M4.

The TV version actually had an Internet expert talking about how the keylogger was probably installed. He talked about pop-up advert distribution, email distribution and malicious websites. The TV version gave away more information than the website version.

Look Mum! I know HTML too!

Don't waste mod points on crap posts like this.

Re:Even the submitter didn't read the article!!

[SilicaiMan]

This seems to a case of a badly constructed sentence, rather than the submitter not understanding the article.

Possibly, but the title suggests otherwise.

Re:Even the submitter didn't read the article!!

> The editor didn't read it, either.

You're new here too, aren't you?

Re:Even the submitter didn't read the article!!

[karnal]

Wouldn't that be the grandfather of all the RTFF?

Re:Even the submitter didn't read the article!!

[gstoddart]

This seems to a case of a badly constructed sentence, rather than the submitter not understanding the article.

Of course, the sad thing is the underline from the URL has effectively made this ...

has foiled an attempted fraud by hackers using keylogging software.

into this ...

has foiled an attempted fraud by hackers using keylogging software.

Strange that we now have to start treating the underline of an URL as additional punctuation.

Re:Even the submitter didn't read the article!!

Some people don't seem to understand the importance of a comma. A simple comma can greatly change the meaning of a sentence--yet people assume that when there's no comma, it means the same as if there were a comma.

Too much

[turtled]

Man, trying to get into bank records? You know everything is logged somehow. It scares me to think about 2 things... 1, life in prison, and, 2, with that much money, it draws suspicion, so, you really can't spend it.

Re:Too much

[Predflux]

Yeah, 1 million is more than enough. I'd be happy with 10k. 400M dollars is too-damn-much.

Re:Too much

[lecithin]

Yea, but getting away with it once, is all you need for the rest of your life. I wonder how many have succeeded that we will never hear about.

Kinda like Enron right?

Re:Too much

You're right about logging. When I was a child my school took me for a tour around the Inland Revenue data centre in Telford (U.K.). Even then, around 1984, _every_ operator keystroke was logged. As you say large financial organisations log just about everything.

Re:Too much

[mangu]

with that much money, it draws suspicion, so, you really can't spend it.

Ever heard of "laundering" money? What you have to do is open a legit company and make it profitable with the money you have stashed somewhere. Tricky, yes. But possibly doable.

However you are right about drawing suspicion. You can never become as rich as $400 million, because being as rich as that will make you automatically famous. If you stay below a limit, which I assume to be about up to $10 million if done right, you might be able to have a comfortable life without getting caught.

But all this is theory. In practice, I can't recall any heist above $1 million where the perps got away. It may take some time, even years, but you will be caught in the end. You may be much smarter than the cops, but once the thing is done, they have all the time until you die to catch you. No, even if you manage to escape, you'll never have a quiet moment without worry. Anyone contemplating a big robbery should google ronald biggs train robbery if they think escaping to a far away country is an option.

Re:Too much

[AviLazar]

It's all a matter of comfort - which i think you led to. Once a person gets the money, they lay low - for a few months. Then they get comfortable, then they start spending the big bucks and someone says "wow, how is joe poor driving a bentley?" and there ya go.

If a person is capable of stealing 400 million w/o getting caught in the act - they are also capable of keeping it and not getting caught - but it would require a lifetime of looking over your shoulder...more importantly, not drawing attention to yourself.

Re:Too much

[Gurana]

Well, if someone has truely gotten away with a really big heist (>$1M) you probably wouldn't have heard about it anyways. Either the company that had it done to them wants to keep it under wraps because it looks bad, or they just don't know about it.

Re:Too much

how about the relatively recent IRA bank robbery? I think it was about 20million GBP if I'm not mistaken?

Re:Too much

[drsquare]

A lot of those robbers are released, and still have all their money. Something to think about.

Re:Too much

The bank in Northern Ireland re-issued currency so their real, spendable haul, though in the millions, fell far short of what they initially took. And related arrests have been made in Ireland concerning money laundering for the IRA - so I wouldn't say things look great for the robbers; even at this early stage.

Re:Too much

[AwaxSlashdot]

Life ????
You don't get life for stealing money ... more something like 10 years in jail.
So, if spending 10 years in jail does not scare you (showers ...), moving the money to a safe place (Caiman island) before getting caught is a pretty good deal. With SWIFT, you can move the money accross 10 banks in less than 1 minute. They'll never see the money back (with carefully chosen banks).
How much money do you need to spend the rest of your life in confort ??

Re:Too much

[AwaxSlashdot]

You know everything is logged somehow
Yeah, you can see the money flying away. But with "privacy concerned" banks (like in Caiman Island), you won't have a log of your money moving to another bank, then to another bank ... until everyone would lose its track.
BTW, I work in financial banking :)

Re:Too much

[CiRu5]

yeah I know what you mean... I realy wouldn't want to end up in a federal pound me in the ass penatentiary or anything .... however i hear for this sort of thing you usually only get thrown in a low security resort prison... and they have conjugal vists.......hmmmm

Re:Too much

[Keruo]

SWIFT has security measures against money laundry so you'd need to have lots of accounts since the directly transferred money sum is limited to 10K or so and each account has transaction limit which cannot be exceeded.
If you try to process sum larger that that, it will be verified by a person in bank before it gets transferred to the target account, so there's delay of couple days in the transfer, if it gets accepted.

Re:Too much

[analysethis]

well the Irish Republican Army have stolen £26.5million from the Northern Bank in Belfast, UK.

Everyone knows they did it, bits of it have been found, but so far the actual perpetrators who walked in and took it are at large.

Moral: Dont use computers to steal, you only have to walk in through their front door.

Re:Too much

[citog]

Assuming you mean the Cayman Islands, you're still going to have problems. Their monetary authority has anti-money laundering regulations which the IMF is happy enough with. So you are going to have some difficulties getting it in under the radar. Not to mention getting the account(s) open. While SWIFT could in theory move the money that quickly, you're going to have problems setting up the back-to-back transactions needed to do this.

Re:Too much

how does anyone KNOW they stole it.

the answer, they dont. just a lot of suspicion and repeated articles.

Slashdot story incorrect

Um.. yeah, this article synopsis would be wrong.

From the article it links to:

They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards.

The hackers were attempting to use keylogging software.. there's nothing in the bbc article whatsoever about how the police caught them, let alone if they were caught using keylogging software (which is what the synopsis says).

Apparantly, not even the editors read slashdot stories :)

Re:Slashdot story incorrect

[gowen]

I don't think its wrong, just badly written. For example

Today police foiled a bank robbery by gunmen wearing balaclava helmets.

Who are wearing the balaclavas? Is it the police or the gunmen?

Police foiled a robbery by hackers using keylogging software...

Who are using the keylogger, the police or the hackers?

Re:Slashdot story incorrect

Let's dig up Frege! Or maybe just get Chomsky...I guess that's alright, hmmph....

Re:Slashdot story incorrect

Like the American Government, Zonk gets his bad news from CNN. How they interpret it is identically innacurate.

can you imagine the look

on the guys face when they busted him. 13.9 million *poof* gone.

Re:can you imagine the look

[AndroidCat]

We can't see it because he's doing his turtle imitation in the article picture.

Reading comprehension

[BenjyD]

Headline is misleading - it's the crackers that used keylogging software, not the police.

How would they do this?

[gstoddart]

How do you manage to get key-logging software onto a bank system without physical access?

Is this more examples of social engineering, or would this have required physical access to the computers? [ I'm assuming here that the general bank computers aren't all on the interweb ]

Scary as hell that someone (almost) managed to do this.

Re:How would they do this?

Easy, sub7.

Re:How would they do this?

[Silver+Sloth]

The usual methods

• Overworked techie department employs consultants without sufficient vetting
• Disgruntled and overworked techie is approached by bad guys
• Overworked techies release system into 'live' without sufficient testing/hardening due to presure to complete by deadline

Do you see the common thread?

Re:How would they do this?

One more possibility:

• Clueless bank manager installs key-logging software on their own computers "for security"; and fails to keep the logs secure

I've helped an identity theft victim who had that happen.... his employer had a key-logger on all the PCs; and didn't keep the logs securely. Someone stole the logs and got credit card and other information from the employees.

Re:How would they do this?

Some employers install key-loggers to spy on their own employees. If those guys fail to keep the logs securely, the hackers don't even need to install anything - just steal the logs.

Re:How would they do this?

I remember a story of a cracking attempt on a bank where someone plugged a wireless access point into a free network point. They got access through social engineering.

They then went to a nearby location and started playing in the bank's network through the AP.

Re:How would they do this?

[faloi]

I used to do support for a lot of smaller banks in a rural area in the US. If you walked in, said you were from their support company, looked the part and needed to "check on something while you were in the area" they tended not to give you a second glance. You were their outsourced IT guy coming in to check on things. In the years of supporting smaller banks and branches of banks, I only had one instance where someone called the shop to verify I was supposed to be there. And that was after I'd already left.

THE ARTICLE IS CORRECT...

[MLopat]

A quick English lesson:

"BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software." - This means the hackers are using keylogging software

Note the addition of commas: "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud, by hackers, using keylogging software." - This means the police are using keylogging software

The editor of the article is CORRECT!

Re:THE ARTICLE IS CORRECT...

[BenjyD]

Read the headline for the intended meaning.

Re:THE ARTICLE IS CORRECT...

Parentheses would also suffice
-JB

Re:THE ARTICLE IS CORRECT...

[tezza]

Correct, but not very clear.
It took two reads to make sure of who the subject was.

The editor should read The Economist Style Guide. It details how to write clear and consise articles.

Re:THE ARTICLE IS CORRECT...

The editor should read The Economist Style Guide. It details how to write clear and consise articles.

For this submission, the editor obviously did not click and read the link. What makes you think he will click on your link?

Re:THE ARTICLE IS CORRECT...

[Max+Threshold]

What is your point? The headline is unambiguously wrong.

Re:THE ARTICLE IS CORRECT...

OK, I read the headline, "Keylogging Used To Catch Bank Crackers". What do they use now that keylogging doesn't work anymore?

Re:THE ARTICLE IS CORRECT...

[Secret+Agent+X23]

No, forget the commas. Just write it like this: "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers who used keylogging software."

Amusing..... or not.

[Deathtoallmytormento]

With the PATRIOT act, I wouldn't be surprised if the DHS started catching people for various crimes using keyloggers. It is only a matter of time before big brother is among us.

Re:Amusing..... or not.

[Triumph+The+Insult+C]

yea. that's why i've stopped using computers

UKP?

[frostman]

Nice trick, but how much money does that number of unbounded knapsack problems represent?

Or did you mean GBP?

Re:UKP?

[kahei]

Oh, you old ISO4217 purist you. The country isn't called 'Great Britain', you know.

It's the 'United Kingdom'. Presumably this is meant sarcastically.

Re:UKP?

Actually the name of the country IS "Great Britain";

"The United Kingdom OF Great Britain and Northern Ireland"

Re:UKP?

[Zed+Too]

Congratulations on opening a big can of worms.

You can't call it "Great Britain" - that leaves out Northern Ireland.

You can't call it "Great Britain and Northern Ireland" - too long-winded, and it could upset certain factions.

The most common solution is to use "United Kingdom", or UK for short. Most people will know which country is being referred to.

Re:UKP?

[kraut]

>You can't call it "Great Britain" - that leaves out Northern Ireland
Well, they do have different pounds in Northern Ireland, so GBP does actually work. Then again, the also have different pounds in Scotland. Of course they are all worth the same, in theory, but in practice trying to spend a Scottish note in London can be tricky ;)

Re:UKP?

Actually your wrong:
Its the United Kingdom of Great Britain and Northern Ireland, Great Britain includes the countries of England, Scotland, and Wales...

Re:UKP?

Regardless, the currency is the Great British Pound (GBP) and will remain so unless we join the Euro!

Blinks behind the mask

[Doc+Ruby]

The ambiguous story description could be interpreted to mean either that the crackers installed the keylogger, or that they were caught by keyloggers. Any sensible reader would know that the crackers probably weren't caught by keyloggers, because they'd already have too much access by that point. But even just reading the story shows that their attack was by keylogger, not their capture.

Now it's obvious: Slashdot submission approvers (staff "authors" who vet the submission queue, to approve stories for publication) just read the text, and decide whether the story is interesting. They don't click the links, they don't think about whether anything makes sense. It really looks like Slashdot's submitters are higher quality than the editors who decide what to publish. And even worse, the editors seem to have the quality of a lower tier of Slashdot readers: grab the most inflammatory interpretation of a post, and run with it - without regard to the facts, or even just the story itself.

For all Slashdot's championing of the "open" community, we know very little of how the editorial process works. How many editors? Do they know each other? See each other, or work remotely? Is there an editorial policy, written or by "rolling consensus"? Are their criteria? What's the process like? With the published Slashcode so old, there's no way to know details about the queue process even by looking at "the" software. So what goes on there behind the curtain?

Re:Blinks behind the mask

[j0217995]

How does one become an editor? Is it a personal friend of someone here on Slashdot? Like if I knew CowboyNEal in real life and was good friends w/ him and didn't have a real job I could become an editor of slashdot?

I have never seen how this person becomes an editor. There really isn't much about the back process of this site. I know CowboyNeal posts a journal about thoughts that may one day in the future become a change, but besides that we don't know anything about our great Overloads.

Re:Blinks behind the mask

[fornaxsw]

Now it's obvious: Slashdot submission approvers (staff "authors" who vet the submission queue, to approve stories for publication) just read the text, and decide whether the story is interesting.

I'd argue that:
Programming Contest: Efficient Editor Usage (30 comments)
Open Species Database Breaks Half-Million Mark (24 comments)
Polygraph E-Book at Issue in Federal Civil Suit (34 comments)

I'm basing interest level on the number of comments.

Re:Blinks behind the mask

[EnglishTim]

I don't really get the impression that anybody at Slashdot cares a great deal about Slashdot any more. It's a living - they get paid to not do much and surf the web a lot and that's about it.

I never get any impression of passion from them.

Re:Blinks behind the mask

Slashdot is like any other corporate entity, they pay their editors/employees diddly.

No pay = No quality.

Re:Blinks behind the mask

[j0217995]

The only passion I really get when reading anything about Slashdot editors is when they get to go to free confrences and speak about how great their site is. Maybe we should stop paying them w/ all of our traffic. Maybe go to another site?

Re:Blinks behind the mask

[Doc+Ruby]

I like most of the front page articles, and many others. And I like about 10% of the posters, which is about 10x better than I like people I meet generally. Until something better comes along, this is where the zeitgeist lives. For over 7 years now - that's pretty long, for a website.

Re:Blinks behind the mask

[knight37]

If you want a totally open community, go to USENET. You can post whatever you want, people can respond any way they want. What you get at Slashdot, hopefully, is less idiots. Or at the very least, idiots that are harder to spot. Look at K5, a site I once enjoyed reading. The "community" there has slowly but surely become dominated by a bunch of popular trolls and now you get stupid aricles on the front page that in USENET would get the poster killfiled in a heartbeat. And this is a "democratic" site, where the readership supposedly votes on what gets to the front page.

International Law/Crime

[Fox_1]

From article
The plan was to steal £220m ($423m) from the London offices of the Japanese bank Sumitomo Mitsui.
and looks like they only got 13.9 mil out but was were busted trying to get in in Israel
A man has been arrested by police in Israel after the plot was uncovered by the National Hi-Tech Crime Unit. Unit members worked closely with Israeli police.
So bad guys try to rob london office of japanese bank, by moving money to israel. This is a great example of an international crime, I almost expect a picture of Tom Cruise or something.

Heh

[mattmentecky]

Someone in Israel, breaking into a branch of a Japanese bank, stealking British pounds. Well, theres some multiculturism for you.

Phew!

[bigtallmofo]

This article would've scared the crap out of me if I hadn't already sent all my money to a Nigerian Prince.

Once I get the millions in cash I've been promised, I'll be sure to keep it away from any keyboards.

Re:Phew!

[AviLazar]

Mr BigTallMofo,

Realizing your concern in our confident trade we assure you of our mutual plans to make profit from the war-torn country of Nigeria. Please be sure to send us your savings account number, as your bank did not want us to place 44,500,212.23$ (US Dollars) in your checking account.

Since you have been inconvenienced we will kindly have you notice that we will raise our gratuity to 85% plus 5% fees.

Your quick reply will start you and me on our way to fortune so I can rule my poor Nigeria once again.

Your friend in hiding - Prince Abu Jaffar Omai Abaqwaqwa

Re:Phew!

[bonky]

Hey! don't forget half of that money is promised to me too!

WTF is wrong with our Slashdot editors?

I have a suggestion: how about a rating for editors? If editors fuck up too often others should be given the chance to do the job properly.

This is just getting too embarrasing and it's damaging Slashdot's reputation.

And yes I must be new here.
Doesn't make it any less true.

Re:WTF is wrong with our Slashdot editors?

This is just getting too embarrasing and it's damaging Slashdot's reputation.

And yes I must be new here.
Doesn't make it any less true.

Next you'll be asking for a negative mod choice for cliched in-jokes!

I fail to understand

[hsoft]

I fail to understand how such thing is possible, and I would appreciate explanations.

For example, if someone gets my bank account user/pass and logs into my bank account, transferring all my money into his account. When I see this, I will sure call my bank saying that this was an unauthorized transaction, and this transaction should be void, no? Besides, the thief reveal himself by specifying the destination account, no?

Re:I fail to understand

[haagmm]

transation may or my not be voided. If you dont wire money often, your bank will usually call you to ensure its a legit transfer. If your account often does wire transfers it will probly go through, and wont get stoped unless the other end bank is suspicious. There was a story here a while ago about a guy who almost lost his company because his account wire a bunch of money iligally to poland.

The Thief does reveal his destination account, but if said thief were copitent, and wired the money somehwere else several times, via a lawyer, into multiple contries with very strict privacy laws, think Swizerland, the Bahamas, the Camans, Etc, the trail would require signifant multinational cooperation to follow.

Also, they cought the guy at the destination bank in this case.

Re:I fail to understand

On a domestic transaction, maybe. But if the bank already sent the money out of the country, it'd be a lot harder for you to get your money back.

Re:I fail to understand

[gorjusborg]

When I see this, I will sure call my bank saying that this was an unauthorized transaction, and this transaction should be void, no? Besides, the thief reveal himself by specifying the destination account, no?

I was thinking the same thing, but came to the idea that if you had access to one account number, you could potentially have access to multiple account numbers.

The alleged could have split the money and bounced it around between accounts. Many small transactions between many accounts would make it difficult to determine that something illegal was going on. After all, banks make many many transactions every day.

Re:I fail to understand

[NeoSkandranon]

If the destination account was in a country who's laws make it advantageous to bank there (Think the Caymans, or Switzerland for example) or a country that doesn't particularly respect the victim's home country, getting your dollars (well, pounds) back is going to get alot harder, if not flat out impossible.

Of course, the thief would reveal his account number, which can be tied to an identity (or at least a contact) but the difficult issue is leaning on the bank to give up that information.

Re:I fail to understand

[Tenebrious1]

When I see this, I will sure call my bank saying that this was an unauthorized transaction, and this transaction should be void, no?

Where's the proof that it was unauthorized? Only you had access to your account, and only you had rights to transfer the money. So, unless you can prove the account had be compromised, no, there's no recourse. And even if there's proof, the money is gone, there's no "voiding" the transaction. The only thing you might be able to do is sue the bank to try to recover the money.

Besides, the thief reveal himself by specifying the destination account, no?

Not really; the money usually gets transferred from a respectable bank to a smaller bank so it doesn't look too shady, then from the smaller bank overseas; once the money goes overseas to the shady bank it's gone.

Re:I fail to understand

Because they would not target a personal account. They would target an internal banking account, like a foreign exchange settlement account, or a reserve account. Something with a large balance, and lots of daily traffic, even better if the totals are huge (multi million dollar debits and credits every day).

If you are going to pull this on personal accounts, the "salami" method is better (thin slices). If I take $1000 from you, you will notice. If I take 1 cent from you (and 100,000 others) I still get $1000, but you would likely not notice the single cent.

Re:I fail to understand

[radish]

You're thinking too small. This isn't retail banking, it's corporate banking. Accounts with millions flowing through them every day, the transactions will be small enough not to cause a blip. Additionally, if you have access to enter the txn you may well have (or be able to get) access to approve it. Then it's all OK...

Re:I fail to understand

I guesstimate this list of 'bank like businesses' of some sort of .gov.uk organisation to have 110 banks operating in the UK. Lets say a bank has fifty employees on avarage. lets say two third of them are behind a desk and computer. Lets say one in ten of these people are authorized to perform small financial transactions with this computer in a way repeatable after interception with a keylogger.

This would mean there are more than 350 people (3.5 per bank) sitting behind a computer that are capable of transfering small sums to somewhere in Israel in the UK alone.

Now the assumtions that are easy and terrifying to slashdot readers come in. Given that banks deploy ATM`s based on windows:

• how many of these people are on a windows machine?
• How many of those have acces to e-mail from that machine?
• Finaly what is the lowest IQ in the group of people with e-mail access, transfer?

Given these numbers it shoud be possible to predict the chance that in the past year
a. one of these people opened an attachment/link they shouldn`t or
b. one of the mail clients/attachment readers had a hole in the.

Also given the amount recovered, that fact that someone was caught "collecting" this money in israel and the presumtion people want to shut down these things asap I wonder Could it be this was cought not because admins found keyloggers (but didn`t bother preventing them) but because someone/something in israel wondered why some "nobody" was getting millions worth of small payments out of one bank in the UK? Remember that credid card fraud is hunted for using statistical analysis of transfers. Maybe thats what caught them. If they had just transfered many small sums to many greenpeace alikes they would be fine ;-)

Re:I fail to understand

[eison]

Not necessarily. Odds are good that the use of your correct username and password is specifically defined as authorizing the transaction.

Remember, the world doesn't have to be fair or even nice.

Re:I fail to understand

[retinaburn]

Most people don't closely monitor their accounts.
Also the theif could have used an account under an assumed name. you could bounce the money around for a while to make a long trail and then withdraw it at some point.

Of course its still pretty suspicious when the smell y computer nerd you know buys your block and turns it into a 1:20 replica of his parents basement.

Abbreviation correction

[justanyone]

attempted electronic transfer of UKP13.9m

Sorry if this is in any way pedantic - just FYI since I used to work in a capital markets trading environment...

The abbreviation in most currency markets is not UKP, it's GBP, for Great Britain Pounds.

To quote from a handy refernce page:
ISO 4217 (Codes for the Representation of Currencies and Funds) defines three-letter abbreviations for world currencies. The general principle used to construct these abbreviations is to take the two-letter abbreviations defined in ISO 3166 (Codes for the Representation of Names of Countries) and append the first letter of the currency name (e.g., USD for the United States Dollar).

A non-official site's list is at: http://www.jhall.demon.co.uk/currency/by_country.h tml

The official 4217 list of currency codes is at http://www.iso.ch/iso/en/prods-services/popstds/cu rrencycodeslist.html

The official ISO 3166 Country codes list is at:
http://www.iso.ch/iso/en/prods-services/iso3166ma/ 02iso-3166-code-lists/list-en1.html

Re:Abbreviation correction

[justanyone]

Yuck! Slashdot's machinery cut up those links. Here they are again:

The official 4217 list of currency codes is at here

The official ISO 3166 Country codes list is at:
here.

Re:Abbreviation correction

[j0217995]

Both of the links to www.iso.ch are broken any other non-broken links? Was actually interested to find this list but disappointed the link was broken.

Re:Abbreviation correction

[leandrod]

>> attempted electronic transfer of UKP13.9m

Sorry if this is in any way pedantic - just FYI since I used to work in a capital markets trading environment... The abbreviation in most currency markets is not UKP, it's GBP

Also, the SI unit abbreviation for million is M, not m. m is Meter, M is million (mega), so a mM is a million meters (a thousand Km), but Mm, MM or mm don't make any sense at all, nor mGBP.

Re:Abbreviation correction

mM doesn't make sense.
Mm is megameter.
mm makes sense, too. It's millimeter.

Re:Abbreviation correction

[jabuzz]

May be, but that is because the ISO have deemed that the UK as an abrieviation for United Kingdom is to generic, even though there is only one country in the entire world going by that name. On the other hand US is perfectly acceptable for the USA, with United States being just as generic as the United Kingdom.

The thing is there is no such legal entity as Great Britain and there has not been since 1801. Great Britain existed as a country for less than 100 years, and has not existed for over 200 now. If the island of Ireland ever gets united again, it would come into existance again. However for the time being I live in the United Kingdom of Great Britain and Northern Ireland.

Re:Abbreviation correction

Yeah, I was wondering why anyone was bothering with 13.9 milliPounds. Is it even enough to buy one drop of beer?

Re:Abbreviation correction

Actually the problem is UK can easily be mistaken as a short form of Ukraine, as you will discover if you routinely receive long distance packages - writing "United Kingdom" or "Great Britain" or even "England" will get it delivered, as will the ISO code GB, but if you write UK there's about a 5% chance it will go via the Ukraine (who will realise that it's actually a British address and hopefully forward it), depending on where it's sent from.

Looks for the $

[Scrameustache]

the editors seem to have the quality of a lower tier of Slashdot readers: grab the most inflammatory interpretation of a post, and run with it

Which means more page views, therefore more advertising revenue.

In USD...

[DroopyStonx]

13.9 million GBP is about 26.7 million USD.

They managed all of this

[tezza]

without Bruce Willis? Amazing.

Re:They managed all of this

How do you know?

Precedence rules.

[kahei]

It's a matter of operator precedence being poorly defined in English, leading to the ambiguity known as a 'dangling modifier'.

Parentheses could have solved the problem:

The police foiled (hackers using keyloggers).

But parentheses aren't used like that in natural language. In English the right way to do it would be more like this:

The police foiled hackers who were using keyloggers.

The 'who' strongly binds the entity before it to the entity after it, indicating that 'using keyloggers' is a predicate of 'hackers'. Thus the modifier, now tightly bound, dangles no more.

Re:Precedence rules.

[Nemi]

Actually I believe this would be the preferred way of arranging the sentence:

hackers using keyloggers were foiled by police.

This places the modifier after a single subject, completely removing ambiguity.

Re:Precedence rules.

[alex413x]

Yeah, I got a syntax error when I compiled that, too

Re:Precedence rules.

[damyata]

True. However the original bbc article contained no such ambiguity and the slashdot article title is unambiguously wrong. So the person writing the article did have the wrong idea.

Or maybe, just maybe, the article title means "Keylogging Used To Catch Bank Crackers": as in it used to, but it doesn't any more.

Re:Precedence rules.

[damyata]

Just read above about headings being changed by editors. So, armed with this doubt about who supplies me with my slashdot fix, I would now say "Someone who had something to do with the article appearing on my computer screen did have the wrong idead". This allows for it to be the submitter, the editor, or a secret IE module which alters slashdot headings to soil its otherwise spic and span reputation.

Re:Precedence rules.

Evidently you didn't read it either: the title of the slashdot article is:

Keylogging Used To Catch Bank Crackers :)

Re:Precedence rules.

[glesga_kiss]

The 'who' strongly binds the entity before it to the entity after it, indicating that 'using keyloggers' is a predicate of 'hackers'. Thus the modifier, now tightly bound, dangles no more.

Maybe you've cracked the means for improving the grammar on Slashdot. There's a book in there; "English Grammar for Coders".

Re:Precedence rules.

In Forth:
HACKERS KEYLOGGERS USING
POLICE FOILED

In Lisp:
(foiled police (using hackers keyloggers))

Re:Precedence rules.

[hchaos]

Actually I believe this would be the preferred way of arranging the sentence:

hackers using keyloggers were foiled by police.

This places the modifier after a single subject, completely removing ambiguity.

"Police folied hackers who were using keyboards" is the preferred construction. The use of the Passive Voice is generally discouraged, as this feature has been deprecated in favor of the Active Voice, and is provided only for compatiblility with previous versions of the English language, and may be removed in a future release.

NO, THE ARTICLE IS INCORRECT...

[BarryNorton]

The article includes its own title. Unless this is changed to 'Keylogging Used By Caught Bank Crackers' it remains incorrect.

Re:NO, THE ARTICLE IS INCORRECT...

[Yonatanz]

You got it all wrong...

The title clearly states that: Keylogging Used To Catch Bank Crackers

This means that Keylogging stopped catching bank crackers some time ago, and it no longer does so.

Woah, I won't use keyboard anymore !

Keylogging Catches Suspects

[RagingChipmunk]

Could very well be exactly correct. What if the UserID/Password/Login was a honeypot? A sting operation where several bank employees were given access to seperate lists of logins? Then follow through on who had access to which ID, and whom it was eventually used by?

Oh well

[hsoft]

I think I'll ask my bank to call me before authorizing every transaction > 1000$ then (I hope it's possible)! How come someone with millions in bank wouldn't take such an arrangement with his bank?

Re:Oh well

[AviLazar]

Most banking, automated, systems do not have such a feature. Now the wire department might contact someone if you were doing a wire transfer, but if you are doing an EFT transfer that is a different story.

Since the person comitting the crime is checking up on his/her account frequently waiting for the funds to hit (to probably transfer to another account) by the time you find out and get things done it will be too late.

as for your bank getting you your money - well assuming the receiving bank cares enough to help - if the money is not in that account anymore then there is no money to give back to you.

Re:Oh well

It wasn't someone with millions in the bank at all - it was the ACTUAL BANK that was targeted.

Getting caught

How do these people get caught even before they transfer money anywhere? Do they brag abut it? Forget to route the connection through a bunch of hacked computers in Groovefunkistan? Maybe some other way?

Re:Getting caught

[praxis]

Although you can hide the computer connection through many layers of deception, the actual funds transfer is done within the confines of the banks' network. Large transfers--even electronic ones--have a holding period which allows the banks to verify the transaction. I'm not sure that the holding period helped in this particular case, but it seems to me that ultimatley there are checks in place regardless of how the transfer transaction was entered in the first place.

guess again...

[RikF]

from the BBC "The investigation was started last October after it was discovered that computer hackers had gained access to Sumitomo Mitsui bank's computer system in London. They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards. " Sounds like it was the criminals using the software to me! RikF ---- Life begins at 5500 rpm

Wow..

[EdMcMan]

Basically if anyone RTFA the summary is incorrect. The robbers used key logging software, not the police.

Re:Wow..

[praxis]

Exactly, as reported on BBC World this morning. When I read the summary I was like "did I totally misunderstand the anchorwoman earlier?" When I checked the article, it reaffirmed that indead I had understood correctly and the summary is wrong. That's incorragable. Sometimes I wonder if the submitters RTFA.

Question about Key Logging software

[ReadbackMonkey]

If I type my password into a txt file surrounded by a bunch of gibberish, i.e.

diowengiw03821-13kd98password8990830209keivli

Would key-logging software be able to find my password if I cut and paste the relevant data into the appropriate field when I want to enter the password?

Basically, where does the key-logging software sniff the bits? Is it off the bus from the keyboard to the processor, or does it sniff it off the processor?

Just curious

Re:Question about Key Logging software

[InsaneCreator]

The early trojans (like NetBus & pals) would copy the passwords from input fields when you typed them in. I'm not sure how things work nowdays, since newer versions of Windows don't allow this anymore.

Re:Question about Key Logging software

It hooks the relevant windows API's usually. And some more advanced keyloggers also hook secure sockets and the clipboard.

Re:Question about Key Logging software

Different software packages capture the events at different times - some when the key events are sent to the windowing systems - and some when the translated events are processed by the OS.

Re:Question about Key Logging software

I remember reading somewhere (don't recall the source... hey this is Slashdot!) that the easiest way to find a user name and password with a logger is to look at the first few keys after a period of inactivity. You're quite likely to catch someone typing "usernamepassword..." as they log in.

Re:Question about Key Logging software

[merreborn]

If your password is in a text file, there are a lot simpler ways for attackers to get at it then via keyloggers.

Re:Question about Key Logging software

But people don't know they are being logged, hence why it works.

Re:Question about Key Logging software

If your password is "password", they won't need a keylogger.

-- another dumb joke

Re:Question about Key Logging software

[ArtDecayed]

If you are writing a software key logger then you would simply write a small program that would 'install' what is called a 'windows hook' to 'hook' into the event stack of the OS. I've written one in the past that was launched via a (signed) java application (the overhead of all the JNI stuff and hidden message windows (to get past thread boundaries between windows/jni) would make me posting a code example confusing - I don't want to post a slimmed down example as it would probably be wrong and I'd be modded to oblivion!)

Anyway, start reading about windows hooks here: http://msdn.microsoft.com/library/default.asp?url= /library/en-us/winui/winui/windowsuserinterface/wi ndowing/hooks.asp

Of course, the real trick is not writing the code, but in getting it onto the target machine and getting the user to somehow run it, not forgetting the really hard part of getting the keystroke log off the machine (assuming it is stored locally) and analyzing it!

Keylogging Used To Catch Bank Crackers = WRONG

[KingFatty]

Creative parsing on your part cannot save you.

The title "Keylogging Used To Catch Bank Crackers" is indisputably wrong, no matter how you parse it.

Furthermore, you have introduced your own parsing bias in the first non-comma sentence. The fact is the non-comma sentence does not have one difinitive meaning, and you are just telling us what it means through your assumed meaning.

The fact is you cannot indisputably say that the word "using" applies to the hackers and not the Crime Unit - the only thing supporting that interpretation is the adjacency between hackers and using, and as you illustrate with commas, the sentence can be parsed without commas such that the using applies to the Crime Unit.

It's like saying "Criminal killed her using steak knife". In that sentence you cannot know whether I meant the criminal used the steak knife, or the woman was cutting her steak using her steak knife when she was killed with, say, a bullet from the criminal's gun.

So, if you take this ambiguous sentence, and combine that with the indisputably wrong title of "Keylogging Used To Catch Bank Crackers", then you cannot come to your conclusion that the editor of the article is correct.

Re:Keylogging Used To Catch Bank Crackers = WRONG

[praxis]

"The fact is the non-comma sentence does not have one difinitive meaning, and you are just telling us what it means through your assumed meaning."

Actually it does. When one uses a modifying phrase, one must use commas to alter the phrase it modifies. Otherwise it modifies the closest phrase.

Witness:

• Anna commented on Patrick's running quickly.
• Anna commented quickly on Patrick's running.
• Anna commented, on Patrick's running, quickly.

The sentences above have a single meaning each. The prefered solution is to put the modifing phrase next to the modified phrase.

There is more information about dangling modifiers available on the Web.

Re:Keylogging Used To Catch Bank Crackers = WRONG

[KingFatty]

I think actually it does not have one meaning, as I've said, contrary to what you've tried to show. Did you disprove yourself by using the word "preferred" to describe the solution? Of course good writing is preferred, but we are discussing an example of bad writing which caused this problem in the first place.

Also, I don't believe the dangling modifier page applies to this example.

I witnessed your three exemplary statements, and there is a problem:
Statement 1 illustrates my point, not yours, by giving an example of an ambiguous sentence. It can be parsed two ways (or reworded as in your second statement), and you go on to show this.
Statement 2 illustrates one possible rewording such that the ambiguity is removed to avoid alternate interpretations.
Statment 3 illustrates commas to force one particular parsing.

So, by showing that your first statement is ambiguous and can be fixed in two ways, I believe you have only proven my point, and your additional information page does not apply to proving or disproving my point.

Re:Keylogging Used To Catch Bank Crackers = WRONG

[praxis]

The first statement can only (correctly) be interrpreted in one way. The ambiguity arises from poor parsing. A reader might interpret the sentence how he or she see fit based on the fact that many writers may mean to modify the first clause, but in actually modify the second. The proliferation of such writing might condition readers to have to stop and think "did the writer mean to modify the first or second clause?", hence their ambiguity. As it stands though, there really is no ambiguity.

yes, we call that

[way2trivial]

the roland piquepaille method...

Re:yes, we call that

[Scrameustache]

the roland piquepaille method...

He's infringing on my fictional patent on generating flamewars to boost ad revenues? The bastard!

I don't get it

[brian6string]

I recently deposited a fairly large check at my bank. The check, the result of a cash-out refinance of my mortgage, was directly from another bank. I didn't have access to the funds for 5-7 business days. Obviously, this is in an effort to defeat fraud attempts.

So, wouldn't it stand to reason that any large transfers of funds (even electronic) would be followed up before they were made? I mean, even if the bank president authorized a $20M transfer, would there be some sort of mandatory, signature in blood, or phone call or something? Or a holding period?

I just can't believe that this type of transaction could be authorized electronically without some sort of personal verification. How many times is a $20M transfer of funds to a single individual account going to happen, even at the largest bank?

Gosh, maybe I should quit my IT job and try to become a bank president...in Switzerland or the Caymen Islands.

Questions Remain

[enbody]

From the arcticle:
"The investigation was started last October after it was discovered that computer hackers had gained access to Sumitomo Mitsui bank's computer system in London." ... and later:
"[Bank Executive] said: "The case is still in the middle of investigation so we cannot comment further. We have undertaken various measures in terms of security and we have not suffered any financial damage."

So the break in goes back to October, yet nothing has been taken in the last five months?

The whole story has not been told...

Re:Questions Remain

[anagama]

• So the break in goes back to October, yet nothing has been taken in the last five months?

It sounds to me like they discovered the break-in in October. Knowing you have an unsavory element aboard however, is not the same as knowing WHO that person is. Likely, they had to wait for the bad guys to expose themselves. Complex puzzles require time and effort to solve. This is real life, not a cop show.

Re:Questions Remain

[anagama]

Whoops - my mistake in not reading parent closely. I read it as nothing was done about the breaking [by the bank]. My bad.

Shockwave only.

[caluml]

I went to http://www.nhtcu.org/, and all I see is a blank page. After a while, I decided to view the source. Damn Shockwave, without even a little "Skip Intro" link.
I'm going to eat some peanuts.

Re:Too much, too soon, too fast

Well, a fair number of folks have gotten away with all sorts of things and enver been caught.

The ones who do get caught...especially violent criminals like BTK, Ted Bundy, etc.,...have personality deficits that let their egos get them caught.

"Hmmm...I just murdered someone and wasn't immediately caught. I know! I'll send a cryptic letter to the police! That's a great idea!"

Likewise with robbers suddenly driving a Jag. DOH!

There are tons of folks who commit crimes everyday and are NEVER caught. They've learned to steal (or worse)under the radar of society.

They practice "conformal modality" in that they draw no more attention to themselves than say the mailman or meter reader. Think about that for a minute; if you had to describe either of those people right this instant, you couldn't come close.

BU-HA-HA-HA! (evil Shadow laugh)

Slashdot outsources article posting to India

[hanshotfirst]

Slashdot outsources article posting to India

By the logic of this responses to the article this means either
1) All the article posting is done by contractors in India, OR
2) Articles to view in India are posted by contractors.

In IKR

[HalliS]

it's about 156 million Icelandic Kronas.

Now let's hear hear from everyone else!

Re:In IKR

[jonatha]

I was going to give the figure in Turkish Lira, but bc won't support the requisite number of digits...

Re:In IKR

[inject_hotmail.com]

Here in Canada, we (all 50 of us) have never seen that much money before...so...I can't comprehend it. :(

Inject.

UKP?

The currency is GBP. There is no such thing as 'UKP'. Could there be more factual errors in one paragraph?

Tee hee

[Red_Icculus]

Pardon me. I just thought it was humorous that you said "Sniff the bits".

It doesn't have to make sense...

[Cryptnotic]

By that logic, mm should be "meter meter" or meters squared. But it's not, it's defined to mean millimeter. When you use m in the context of a quantity as opposed to a length, everyone knows it means million. The reason people just use m instead of M in those cases is because at the end of a word, people are more accustomed to using a non-capital letter. Anyway, the way people should use things doesn't always line up with the way they actually do.

Re:It doesn't have to make sense...

[leandrod]

> By that logic, mm should be "meter meter" or meters squared. But it's not, it's defined to mean millimeter.

Thanks, I just forgot the initial minor m is mili, or a thousandth. So the error in question is still worse, because isolated it should mean Meter but as a quantifier it should mean a thousandth.

> The reason people just use m instead of M in those cases is because at the end of a word, people are more accustomed to using a non-capital letter.

Just that it is not a word. The real reason here, I suspect, is the bad state of education in general and teaching of the metric system in particular, at least in the US but elsewhere too.

GBP not UKP

[PureCreditor]

According the xe.com, the international symbol for the pound sterling is actually GBP (for Great Britain Pound), not UKP as commonly denoted.

Same for CAD for Canadian dollars, but it's frequently listed (incorrectly) as

Cdn $

"they have all the time until you die"

[bani]

but once the thing is done, they have all the time until you die to catch you.

what about the statute of limitations?

Re:"they have all the time until you die"

[Russell+Kent]

While the clock can run out on the original crime, there often are crimes that are committed after the original crime. For example, some actions can be classified as "continuing the conspiracy", and thus as a continuing conspiracy the statute won't run out. Also, if the stolen funds generate income, and the criminal fails to declare that income (because doing so would expose the original crime), then there's a whole new tax evasion crime.

Re:"they have all the time until you die"

[bani]

do you have an example of successful prosecutions of bank robberies after the statute of limitations expired, which used either 'continuing the conspiracy' or tax evasion, directly related to the original crime?

Re:"they have all the time until you die"

You seem pretty interested...

Re:"they have all the time until you die"

[Russell+Kent]

Citation of "continuing conspiracy" premise used to prosecute bank robbers? No. But see United States v. Spero, 331 F.3d 57 (2d Cir. 2003) (a RICO case), where the courts have held that where a conspiracy statute "does not require proof of an overt act," then "once the Government [meets] its burden of proof by establishing that the [alleged] conspiracy existed, it [is] entitled to a presumption that the conspiracy continued" into the statute of limitations period without further proof that an overt act was taken in furtherance of the conspiracy within the limitations period. [The preceeding quoted from an appeals document in another case.] I'm not a lawyer so I could easily be off base, but it appears that the concept of "continuing conspiracy" does have legal legs in some crimes. As for prosecuting tax evasion against bank robbers, the most famous case I can find is that of Adolph Maffie of the 1950 Brinks heist. He was convicted of tax evasion in June of 1954 and completed his sentence in January of 1955. Because one of the other bank robbers (O'Keefe) turned state's evidence, Maffie was indicted in January 1956 and convicted in October of 1956, but until O'Keefe turned, Maffie had only been nailed by the tax evasion violation.

Re:"they have all the time until you die"

[bani]

adolph maffie wasn't convicted of tax evasion after the statute of limitations expired. the statute of limitations on robbery was 6 years.

btw the other bank robbers were indicted just before the statute of limitations ran out. so they didn't evade it either.

Re:"they have all the time until you die"

[Russell+Kent]

Sorry, you're right about Maffie being convicted of tax evasion within the statute of limitations of the bank robbery. I misunderstood your request for a citation; I thought you merely wanted a case where the bank robber was convicted of tax evasion without having been convicted of the bank robbery itself. I don't know what the statute of limitations was in 1950 for Federal tax evasion, but assuming for the moment that it was more than 6 years, there doesn't seem to be reason why Maffie's case couldn't have been such a situation had events played out differently. But that's a gedanke experiment and not a citation...

Re:"they have all the time until you die"

[bani]

i wanted a case where the robber was convicted on tax evasion or 'continuing conspiracy' after the robbery statute of limitations ran out.

Nazis

[gnuman99]

You forgot about the Nazis and the Swiss banks. Most of the money (gold, mostly) is still there.

What about the billions Saddam Hussein stole from Iraq? Most never recoved. There were a few billion withdrawn in *cash* from the national bank in Iraq before the latest war.

not legal enforcement-wise?

err, *IF* the law-enforcement agency - ie British Police, *were* using keylogging software , then how is that different to phone-tapping - which is not admissable in a UK court- ?

How do I...

[inject_hotmail.com]

He told the BBC News Website...

How does one tell a website something? I tell /. things all the time, but it doesn't listen for some reason.

Inject.

The keyboard.

[Killio]

All the keyloggers I've ever heard of either (in hardware) sniff the PS/2 or USB port of your keyboard, as you type; or (in software) they read the key buffer.

Fake news brought to you by Google

[aitio]

.. in affiliation with Slashdot. Looks like a real editor still has a place in this world.

Screenshot from Google News

Yeron Bolondi

Parasitic Jew

NHCTU website

[ciderpunk]

All shockwave, not even a 'download shockwave plugin' link for us mere mortals??!!

I guess the National High Tech Crime Unit are too 'High Tech' to make their website accessible...

Re:HTCU

[Sipos]

apart from being a unit of the police