Slashdot Mirror

← Back to Stories (view on slashdot.org)

Crooks Arrested Over KVM-Based Bank Heist Attempt

Posted by timothy on from the worse-than-an-annoyatron dept.

judgecorp writes "Twelve men have been arrested over an attempt to take control of computers at a Santander bank branch in London using a stealthily planted KVM (keyboard, video and mouse) switch installed by a bogus maintenance engineer. The men were caught by the Metropolitan Police's Central e-Crimes Unit."

9 of 79 comments (clear)

  1. Foolish. by Anonymous Coward · · Score: 5, Insightful

    Everyone knows if you want to rip off a bank. You need to BE the banker.

    That way you get the money. And then the goverment comes and gives you MORE money. Win. Win. No jailtime.

  2. Re:KVM? by Anonymous Coward · · Score: 5, Informative

    "Now"? KVM has been an acronym for years, if not decades.

  3. Ohh.... by gigaherz · · Score: 5, Funny

    ... I was hoping they tried to exploit the bank through a Kernel-based Virtual Machine. Disappointing.

  4. Re:KVM? by mccalli · · Score: 5, Informative

    The article missed the rather crucial word 'switch'. Keyboard/Video/Mouse switch.

  5. Should see the MET statement. by SuricouRaven · · Score: 5, Interesting

    'The Metropolitan Police said its "time-critical, dynamic response" had thwarted a "very significant and audacious cyber-enabled offence". '

    http://www.bbc.co.uk/news/uk-england-london-24077094

    I think there should be a general rule: Anyone who uses the word 'cyber' in a non-sarcastic manner should be ignored.

    The article looks like it wasn't written by a tech journalist too, as it contains such obvious errors as 'The device, if operational, would have allowed data and contents of the desktop to be downloaded over the network.' News organizations so often make mistakes in their rush to be the first to break a story - even the BBC.

  6. He got physical access to the machine! by 140Mandak262Jamuna · · Score: 4, Insightful
    So this bogus "maintenance engineer" was able to get access to the physical machine and install a KVM switch and snake cables out of the bank to another location controlled by the crooks. It is not clear how this was detected and how he was tracked.

    Well, he could have easily slipped in an unobstrusive thumbdrive with a key logger in to a back usb port, and collected it back in the next "maintenance" visit! One could imagine a usb device based KVM without cables transmitting data wirelessly. Such devices are very useful, I could stash my tower in a sound proofed cooling enclosure far away and keep my KVM on my desk. So they will be in the market, if they are not already in the market. At that point all the bogus engineer had to do was to slip in an unobstrusive usb device in a back port.

    Once the crooks have physical access to the machine, it becomes very difficult to protect against. Once a crook and an insider cooperate it becomes very very difficult to guard against.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  7. Re:KVM? by zwarte+piet · · Score: 5, Funny

    Using mice in computers is not recommended, they chew on the wires and poo and pee on the boards. I've been using the MIC (Mice In Cat) protocol to prevent that.

  8. baren article by Gravis+Zero · · Score: 5, Informative

    installed KVM as phony IT guy, were arrested and here are their names

    this is all the information the article provides. no details of any kind. no picture of the (hopefully stealthy) KVM, how they were caught or anything of any interest at all!

    Here's the real scoop:

    A man dressed as a "maintenance engineer" (IT guy) claimed to be sent by a some company working for the bank. Then he goes to the bank branch's main server and plugs an external KVM-over-IP box connected to an ethernet to wifi adapter or at least that was the plan. The plan was thwarted at the last minute... no info as to why/how but I'm betting that the server either didn't have a PS/2 port or didn't have VGA output not that it matters without a username and password to login.

    A spokesman for Santander insisted that the bogus engineer had not managed to install the device and no customer money was ever at risk.

    We are pleased that we have been able, through the robustness of our systems, to prevent the fraud and help the police gather the evidence they needed to make the arrests. Santander operates multiple levels of controls to protect customers' funds and this attack would not have been successful.

    Hours after the bogus engineer attempted to fit the device to the computer server, officers from Scotland Yard swooped arresting 12 men on suspicion of conspiracy to steal. As for how they were caught, I think someone just realized there wasn't supposed to be an IT guy there and then the cops got called.

    --
    Anons need not reply. Questions end with a question mark.
  9. Re:KVM? by JakeBurn · · Score: 5, Informative

    When you are part of an industry and use a certain term multiple times you get to decide when and what you create acronyms for. Since a lot morons among the AC crowd don't seem to get simple concepts, I will explain this one for your benefit. Acronyms are made to make speaking easier/quicker when you MUST repeat yourself. People that make KVM switches probably took about 10 seconds into their first meeting talking about making this product to decide that repeatedly saying keyboard video mouse was a waste of time. Just because the entirety of your experience with acronyms begins and ends with lol, fml and diaf as you text your twelve year old friends does not mean that the world in general doesn't understand that time is money. If you had even a modicum of experience in a non-entry level position in a larger company you would realize that most acronyms in the world are business related; created and mostly used by the people that create the idea or product then picked up by the general public over time. The military is an exception to that rule. They have a serious addiction to creating acronyms for everything.