Another British Bank Hit By KVM Crooks

judgecorp writes "Another British bank — Barclays — has been hit by a fraud attempt using a stealthily-planted KVM (keyboard, video, mouse) device. Unlike the previous attempt on Santander, the crooks got away with £1.3 million, but were subsequently apprehended by the Metropolitan Police's Central e-Crimes Unit."

Re:Weird KVM.

[cbiltcliffe]

You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS.
Any bank with IT worth keeping has MAC filtering on their switches. That alone will prevent your "access point/switch in the network line from a workstation" from working. At best, the legit device will stop working, resulting in a call to IT. At worst, the IDS will be triggered immediately, Either way, IT will investigate, find your additions to the network, probably call the police, get your AP fingerprinted, etc.etc.

A network device WILL be detected on anything but the simplest "plug it in and it works as recommended by Best Buy" kind of network. I've got two older Cisco Catalyst switches on my home/home business network; a 2950 and a 2960. Even these support locking a specific MAC to a port, so an unauthorized device won't work if plugged in. I`m going to set the 2960 this way soon, but haven`t yet as it`s a new addition to the network, as an emergency replacement for a different switch that died. The 2950, though, is on my workbench, which has customer machines connected and disconnected on a regular basis, so this kind of setting would be counterproductive.

So when I get the setup finalized, your "AP in a network cable" wouldn't even work on the trusted subnet of my home network, forget about a bank. My workbench subnet has no access to anything important, so unless you're wanting to hack a customer machine that's already infected with a dozen viruses, you're not going to get anywhere.