Keylogging Used To Catch Bank Crackers

An anonymous reader writes "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software. The London branch of the Sumitomo Mitsui bank of Japan was the target, and a person has been arrested in Israel after being identified as the recipient of an attempted electronic transfer of UKP13.9m."

Slashdot story incorrect

Um.. yeah, this article synopsis would be wrong.

From the article it links to:

They managed to infiltrate the system with keylogging software that would have enabled them to track every button pressed on computer keyboards.

The hackers were attempting to use keylogging software.. there's nothing in the bbc article whatsoever about how the police caught them, let alone if they were caught using keylogging software (which is what the synopsis says).

Apparantly, not even the editors read slashdot stories :)

THE ARTICLE IS CORRECT...

[MLopat]

A quick English lesson:

"BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud by hackers using keylogging software." - This means the hackers are using keylogging software

Note the addition of commas: "BBC News is reporting that the British police National High Tech Crime Unit has foiled an attempted fraud, by hackers, using keylogging software." - This means the police are using keylogging software

The editor of the article is CORRECT!

UKP?

[frostman]

Nice trick, but how much money does that number of unbounded knapsack problems represent?

Or did you mean GBP?

Abbreviation correction

[justanyone]

attempted electronic transfer of UKP13.9m

Sorry if this is in any way pedantic - just FYI since I used to work in a capital markets trading environment...

The abbreviation in most currency markets is not UKP, it's GBP, for Great Britain Pounds.

To quote from a handy refernce page:
ISO 4217 (Codes for the Representation of Currencies and Funds) defines three-letter abbreviations for world currencies. The general principle used to construct these abbreviations is to take the two-letter abbreviations defined in ISO 3166 (Codes for the Representation of Names of Countries) and append the first letter of the currency name (e.g., USD for the United States Dollar).

A non-official site's list is at: http://www.jhall.demon.co.uk/currency/by_country.h tml

The official 4217 list of currency codes is at http://www.iso.ch/iso/en/prods-services/popstds/cu rrencycodeslist.html

The official ISO 3166 Country codes list is at:
http://www.iso.ch/iso/en/prods-services/iso3166ma/ 02iso-3166-code-lists/list-en1.html

Re:Abbreviation correction

[leandrod]

>> attempted electronic transfer of UKP13.9m

Sorry if this is in any way pedantic - just FYI since I used to work in a capital markets trading environment... The abbreviation in most currency markets is not UKP, it's GBP

Also, the SI unit abbreviation for million is M, not m. m is Meter, M is million (mega), so a mM is a million meters (a thousand Km), but Mm, MM or mm don't make any sense at all, nor mGBP.

Re:Abbreviation correction

[jabuzz]

May be, but that is because the ISO have deemed that the UK as an abrieviation for United Kingdom is to generic, even though there is only one country in the entire world going by that name. On the other hand US is perfectly acceptable for the USA, with United States being just as generic as the United Kingdom.

The thing is there is no such legal entity as Great Britain and there has not been since 1801. Great Britain existed as a country for less than 100 years, and has not existed for over 200 now. If the island of Ireland ever gets united again, it would come into existance again. However for the time being I live in the United Kingdom of Great Britain and Northern Ireland.

In USD...

[DroopyStonx]

13.9 million GBP is about 26.7 million USD.

Precedence rules.

[kahei]

It's a matter of operator precedence being poorly defined in English, leading to the ambiguity known as a 'dangling modifier'.

Parentheses could have solved the problem:

The police foiled (hackers using keyloggers).

But parentheses aren't used like that in natural language. In English the right way to do it would be more like this:

The police foiled hackers who were using keyloggers.

The 'who' strongly binds the entity before it to the entity after it, indicating that 'using keyloggers' is a predicate of 'hackers'. Thus the modifier, now tightly bound, dangles no more.

Re:Precedence rules.

[damyata]

True. However the original bbc article contained no such ambiguity and the slashdot article title is unambiguously wrong. So the person writing the article did have the wrong idea.

Or maybe, just maybe, the article title means "Keylogging Used To Catch Bank Crackers": as in it used to, but it doesn't any more.

Re:I fail to understand

[NeoSkandranon]

If the destination account was in a country who's laws make it advantageous to bank there (Think the Caymans, or Switzerland for example) or a country that doesn't particularly respect the victim's home country, getting your dollars (well, pounds) back is going to get alot harder, if not flat out impossible.

Of course, the thief would reveal his account number, which can be tied to an identity (or at least a contact) but the difficult issue is leaning on the bank to give up that information.

Re:Question about Key Logging software

It hooks the relevant windows API's usually. And some more advanced keyloggers also hook secure sockets and the clipboard.

Re:Question about Key Logging software

Different software packages capture the events at different times - some when the key events are sent to the windowing systems - and some when the translated events are processed by the OS.

Re:Too much

[mangu]

with that much money, it draws suspicion, so, you really can't spend it.

Ever heard of "laundering" money? What you have to do is open a legit company and make it profitable with the money you have stashed somewhere. Tricky, yes. But possibly doable.

However you are right about drawing suspicion. You can never become as rich as $400 million, because being as rich as that will make you automatically famous. If you stay below a limit, which I assume to be about up to $10 million if done right, you might be able to have a comfortable life without getting caught.

But all this is theory. In practice, I can't recall any heist above $1 million where the perps got away. It may take some time, even years, but you will be caught in the end. You may be much smarter than the cops, but once the thing is done, they have all the time until you die to catch you. No, even if you manage to escape, you'll never have a quiet moment without worry. Anyone contemplating a big robbery should google ronald biggs train robbery if they think escaping to a far away country is an option.

Re:Question about Key Logging software

I remember reading somewhere (don't recall the source... hey this is Slashdot!) that the easiest way to find a user name and password with a logger is to look at the first few keys after a period of inactivity. You're quite likely to catch someone typing "usernamepassword..." as they log in.

GBP not UKP

[PureCreditor]

According the xe.com, the international symbol for the pound sterling is actually GBP (for Great Britain Pound), not UKP as commonly denoted.

Same for CAD for Canadian dollars, but it's frequently listed (incorrectly) as

Cdn $

Re:How would they do this?

[faloi]

I used to do support for a lot of smaller banks in a rural area in the US. If you walked in, said you were from their support company, looked the part and needed to "check on something while you were in the area" they tended not to give you a second glance. You were their outsourced IT guy coming in to check on things. In the years of supporting smaller banks and branches of banks, I only had one instance where someone called the shop to verify I was supposed to be there. And that was after I'd already left.