Another British Bank Hit By KVM Crooks

← Back to Stories (view on slashdot.org)

Another British Bank Hit By KVM Crooks

Posted by timothy on Friday September 20, 2013 @08:02PM from the willie-sutton's-smarter-cousins dept.

judgecorp writes "Another British bank — Barclays — has been hit by a fraud attempt using a stealthily-planted KVM (keyboard, video, mouse) device. Unlike the previous attempt on Santander, the crooks got away with £1.3 million, but were subsequently apprehended by the Metropolitan Police's Central e-Crimes Unit."

75 comments

Min score:

Reason:

Sort:

The Question is by Jah-Wren+Ryel · 2013-09-20 20:04 · Score: 1

Makes you wonder how many other times has this been done where the crooks got away scott free and the bank just didn't want to go public about it?

--
When information is power, privacy is freedom.
1. Re:The Question is by Anonymous Coward · 2013-09-20 20:07 · Score: 0
  
  I guess I am the guy who has to say over 9000. =( why me? why me?
2. Re:The Question is by Dj+Stingray · 2013-09-20 20:08 · Score: 0, Offtopic
  
  And why did I have to be not logged in? Why? Why?
3. Re:The Question is by AHuxley · 2013-09-20 20:16 · Score: 1
  
  Time for the buddy system for all staff or contractors :)
  As for the numbers, the KVM teams only have to be lucky once – the bank will have to be lucky always.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:The Question is by Samantha+Wright · 2013-09-20 20:51 · Score: 2
  
  Well, for the most part, the thefts have only involved tiny fractions of pennies normally lost due to rounding errors, so usually they don't get caught...
  
  --
  Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
5. Re:The Question is by abigsmurf · 2013-09-20 21:22 · Score: 4, Interesting
  
  Apparently about 2/3rds of crooks get away with it. The ones who do are the ones who do a one off of $500,000 or so and the banks decide it's better to absorb the loss then to go to the police and take the PR and resources hit that goes with it. The ones who do get caught are the ones who get greedy and do it multiple times or go for too much. There was an interview on Radio 4 talking about it (may have been the catch-me-if-you-can guy, can't remember for sure).
6. Re:The Question is by slick7 · 2013-09-21 06:08 · Score: 1
  
  Just like the banksters to use this excuse as a means of covering their tracks whe customers accounts are emptied. And banksters wonder why I refuse to use online banking.
  
  --
  The mind conceives, the body achieves, the spirit manifests.
7. Re:The Question is by Zaiff+Urgulbunger · 2013-09-21 07:26 · Score: 1
  
  Makes you wonder how many other times has this been done where the crooks got away scott free and the bank just didn't want to go public about it?
  Makes me wonder how many times it happened and the operator who's login was used got the blame.
8. Re:The Question is by Nyder · 2013-09-22 01:55 · Score: 1
  
  Well, for the most part, the thefts have only involved tiny fractions of pennies normally lost due to rounding errors, so usually they don't get caught...
  https://en.wikipedia.org/wiki/Superman_III
  Ya, Richard Pryor ftw.
  
  --
  Be seeing you...
9. Re:The Question is by xenobyte · 2013-09-22 18:57 · Score: 1
  
  The real life incident occurred in the 1970's. A technician realized that the rounding errors were money that could be stolen so he rewrote the rounding code so that everything from the sixth digit to the right of the decimal point were transferred to his account before the rounding operation that now essentially did nothing. This method left no trace and everything balanced out perfectly, except for one thing. Regular bank accounts were represented using a limited number of bits and the balance on his account managed to hit that limit causing an overrun which raised an alert and caused the bank to investigate where all that money came from, thus after some serious debugging revealing the scam. Had he only set up a business account this wouldn't have happened...
  Today all rounding errors are tracked and accounted for so this is not possible anymore.
  
  --
  "For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Whatever happened... by thsths · 2013-09-20 20:18 · Score: 1

... to good old security? You know, checking who gets into the staff premises of a bank?
I bet they thought it was a low risk area, because it was only handling "data". But "data" is money...
1. Re:Whatever happened... by mjwx · 2013-09-22 15:18 · Score: 1
  
  ... to good old security? You know, checking who gets into the staff premises of a bank?
  I've worked on government high security sites and corporate high security sites.
  
  Only the former is really secure. The latter will eschew security for money.
  
  At the government site (not a military site) a sub contractor who didn't have ID or was listed on the work order was denied access by the security guards. He and his boss yelled and screamed until some AFP officers (Australian Federal Police) appeared out of a hidden door and escorted them out. Conversely, I've seen people into "highly secure" data halls containing servers and racks from a dozen major clients because someone rang up and complained. Security officers in all corporations I've worked in get sacked if they interfere with business. OTOH in govt, they get told to do their job and have no problems getting in the way if the right forms aren't filed.
  
  --
  Calling someone a "hater" only means you can not rationally rebut their argument.
Weird KVM. by SuricouRaven · 2013-09-20 20:23 · Score: 1

Looks like a KVM-over-IP box, possibly. But those don't have video passthrough, so it'd be detected in no time at all. I can see how such a scam could work (KVM-over-IP + access point + VGA splitter), but not with the hardware described. You'd have to depend on employees leaving their station unlocked, but that is going to happen sooner or later.
I'm not sure if this is a deliberate Met policy of withholding the details of crimes to prevent imitation, or just non-technical reporting trying to express complicated networkystuff in a manner the layperson can understand.
You certainly couldn't get it at PC World, though. They only sell consumer gear. You might be able to get a plain local KVM if you're very lucky, but a KVM over IP? No chance. A quick check of their website shows no KVMs of any variety.
1. Re:Weird KVM. by arbiter1 · 2013-09-20 20:32 · Score: 1
  
  Yea "KVM-over-IP box, possibly. But those don't have video passthrough," you might want to recheck around the web cause they do. Just took me a whole 2sec google search to fine like 5 of them that will do video as well. Softlayer which is a large host provider (for people that don't know) they have kvm over ip set on their network as well.
2. Re:Weird KVM. by Anonymous Coward · 2013-09-20 20:44 · Score: 1
  
  This would do the trick and is pretty small :) http://www.lantronix.com/it-management/kvm-over-ip/spiderduo.html
3. Re:Weird KVM. by Anonymous Coward · 2013-09-20 20:56 · Score: 0
  
  He meant video pass-through. Not just video support
4. Re:Weird KVM. by bruce_the_loon · 2013-09-20 21:17 · Score: 1
  
  You don't need video passthrough if you have a VGA splitter cable. One end to the monitor, one to the KVM over IP unit. http://www.minipc.de/catalog/il/858
  That's if you haven't gone for the unit linked in one of the responses below that has passthrough.
  
  --
  Trying to become famous by taking photos. Visit my homepage please.
5. Re:Weird KVM. by _merlin · 2013-09-20 21:20 · Score: 1
  
  Plenty of them do have video passthrough, e.g. Raritan Dominion, although those are pretty pricey.
6. Re:Weird KVM. by thsths · 2013-09-20 21:25 · Score: 2
  
  You've got to spend money to make money.
7. Re:Weird KVM. by Bert64 · 2013-09-20 22:02 · Score: 2
  
  You'd be better off with a regular wireless access point that includes a built in switch...
  Drop it in between an existing workstation (or other networked device like a printer) and the wall, legit device keeps working but the lan is now extended outside and you can sit outside or in a nearby coffee shop.
  Once your on the internal network, the rest is absolutely trivial... A port scanning tool and a copy of metasploit, you'll have domain admin within a few minutes and chances are even if the important stuff is kept on non windows machines, it will be accessed from windows machines which are part of the domain so you just keylog the right workstations until you get access.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
8. Re:Weird KVM. by Bert64 · 2013-09-20 22:05 · Score: 1
  
  You dont need pass through, just a vga splitter...
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
9. Re:Weird KVM. by SuricouRaven · 2013-09-20 22:33 · Score: 1
  
  Except this is a bank - they probably have a little more security than that. Like 802.1x, which makes that process a little bit trickier, and the appearance of an unauthorised MAC is likely to trigger an IDS alert so you may need to hack the AP to make sure it stays quiet and lets you spoof a workstation.
10. Re:Weird KVM. by Anonymous Coward · 2013-09-20 22:46 · Score: 0
  
  There is no need to present "an unauthorized MAC". You do of course spoof a valid MAC address too, simple network sniffing will get you a useable one. No need to provoke an IDS here.
11. Re:Weird KVM. by s0litaire · 2013-09-21 00:23 · Score: 1
  
  It's probably more like a glorified "keylogger"
  A simple KVM box with one of those low powered credit card PC's fitted inside, stick in a rechargeable battery and wire it to draw power from the usb input, It sits there day after day recording key strokes and mouse movements with the odd screen grab. the on board PC then compresses it in to manageable chunks of zips, rars or tar's and waits for one of the gang to walk into the Bank at a busy time of the day. Then it sends it to a receiver via wifi in the crooks bag/pocket in the 10-20 mins he is waiting to get served. If one visit is not enough then they hand it over to another member who gets in line and waits for it to finish.
  
  --
  Laters Sol "Have you found the secrets of the universe? Asked Zebade "I'm sure I left them here somewhere"
12. Re:Weird KVM. by cbiltcliffe · 2013-09-21 01:54 · Score: 5, Informative
  
  You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS.
  Any bank with IT worth keeping has MAC filtering on their switches. That alone will prevent your "access point/switch in the network line from a workstation" from working. At best, the legit device will stop working, resulting in a call to IT. At worst, the IDS will be triggered immediately, Either way, IT will investigate, find your additions to the network, probably call the police, get your AP fingerprinted, etc.etc.
  A network device WILL be detected on anything but the simplest "plug it in and it works as recommended by Best Buy" kind of network. I've got two older Cisco Catalyst switches on my home/home business network; a 2950 and a 2960. Even these support locking a specific MAC to a port, so an unauthorized device won't work if plugged in. I`m going to set the 2960 this way soon, but haven`t yet as it`s a new addition to the network, as an emergency replacement for a different switch that died. The 2950, though, is on my workbench, which has customer machines connected and disconnected on a regular basis, so this kind of setting would be counterproductive.
  So when I get the setup finalized, your "AP in a network cable" wouldn't even work on the trusted subnet of my home network, forget about a bank. My workbench subnet has no access to anything important, so unless you're wanting to hack a customer machine that's already infected with a dozen viruses, you're not going to get anywhere.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
13. Re:Weird KVM. by zippthorne · 2013-09-21 02:15 · Score: 1
  
  is the MAC in the encrypted part of the packets? I was under the impression it was in the plaintext portion....
  
  --
  Can you be Even More Awesome?!
14. Re:Weird KVM. by cbiltcliffe · 2013-09-21 02:48 · Score: 1
  
  For a wireless network, you're right. The MAC is in the plaintext packet header.
  But if your bank is using wireless intentionally, then you're already screwed. I don't know of any bank in my area that has a wireless network, other than the occasional "HP_Setup" ad-hoc from a wireless-capable printer that hasn't had the wireless disabled. You'd need to be on the wire already to pick up a MAC anywhere around me, and there's no way to do that without triggering the IDS.
  Plus, the MAC you'd pick up in the unencrypted wireless headers would be the wireless MAC. You'd not be able to use that on the wire with a device like in the story, because a wireless MAC never touches the wired network, unless you're using a consumer-grade access point/switch/router type device that directly connects them together. Again, if your bank is using something like this by choice, you're already screwed. I suppose a single AP plugged directly into an otherwise wired network would also let this happen, but the "you're already screwed" part still stands in that case, too.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
15. Re:Weird KVM. by sjames · 2013-09-21 03:48 · Score: 1
  
  Whoever did this had physical access for some time to a PC that had an authorized MAC address. Their access was good enough to insert a KVM un-noticed.
  So, get PCs MAC, and us it on PCs port to access the LAN in order to find more MAC addresses. As far as the switch knows, everything is kosher. You could even splice in a device that looks like the switch to the PC and looks like the PC to the switch. Program it to transparently bridge the normal traffic and inject/intercept whatever you need.
16. Re:Weird KVM. by PPH · 2013-09-21 05:13 · Score: 1
  
  Crooks never heard of Kickstarter?
  
  --
  Have gnu, will travel.
17. Re:Weird KVM. by Zero__Kelvin · 2013-09-21 07:26 · Score: 1
  
  "You can't sniff for a valid MAC until you've already got your illicit one in the network."
  On what planet and in what universe?
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
18. Re:Weird KVM. by Zero__Kelvin · 2013-09-21 07:37 · Score: 1
  
  "For a wireless network, you're right. The MAC is in the plaintext packet header."
  No need for the "For a wireless network" qualifier. The MAC address is in ISO layer 2, to wit, the data link. Encryption happens in layer 4, the transport layer (HTTPS == HyperText Transport Protocol / Secure). If Layer 2 was encrypted every switch on the network would have to have the key for every session (a severe security flaw in itself), but how would it know which key to use since it couldn't know where the data was coming from without decrypting it first.? See also ...
  
  --
  Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
19. Re:Weird KVM. by zippthorne · 2013-09-21 08:01 · Score: 1
  
  There are plenty of practices that "if that's the case, you're already screwed." If you're relying on someone running a business not to choose them, and they appear to be cheaper than doing things the right way, then I think I can state quite confidently, "you're already screwed."
  Your security needs are not the same as the bank's business needs. They need you to believe that your money is secure, and they need the regulators to believe that they are in compliance with any regulations or making good-faith efforts to be in compliance.
  They will invariably choose what they believe to be the least cost method of satisfying those requirements, and they may chose not based on costs to the organization as a whole, but rather the costs for a specific decision maker within the organization.
  
  --
  Can you be Even More Awesome?!
20. Re:Weird KVM. by Da+J+Rob · 2013-09-21 10:51 · Score: 1
  
  You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS.
  Passive Network Tap
21. Re:Weird KVM. by Slayer · 2013-09-21 22:29 · Score: 1
  
  All these banks employ nothing but the highest levels of security expertise, that's how, for instance, scores of Bank of America ATM terminals got infected with Code Red or Nimda back then .....
22. Re:Weird KVM. by eudaemon · 2013-09-22 09:11 · Score: 1
  
  Really? You've never heard of a transparent bridge? It is possible to work entirely in passthrough mode and quietly learn all MACs on the network whilst never doing anything yourself but packet passing. If there's no new MAC on the network, there's nothing to trigger IDS.
23. Re:Weird KVM. by uninformedLuddite · 2013-09-22 19:22 · Score: 1
  
  You're joking right? What the hell has happened to /.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
Never problem for banks. by Anonymous Coward · 2013-09-20 20:49 · Score: -1

They will just ask Central Bank to print some extra money. Problem solved.
For the rest of you, go to work to earn some pennies.
1. Re:Never problem for banks. by Anonymous Coward · 2013-09-20 22:12 · Score: 2, Informative
  
  They will just ask Central Bank to print some extra money. Problem solved. For the rest of you, go to work to earn some pennies.
  I'm assuming you are from the US, because that is were this "printing money is bad" meme seems to have been resurrected lately. Central banks are managing the money supply to balance and the economy, and in most modern western economies this is working as intended - keeping a stable currency value, steady low inflation and fueling economic growth or counteracting recession. Outside that the slogan "printing money" sounds like something bad is going on, I don't really understand what it is about the real world effect of this that you are dissatisfied with.
  If there was no "printing money" you would get deflation, which would be really bad for any modern economy. For one it increases the real value of debt, curbing investments, contributing to or amplifying recession and can lead to a deflationary spiral. (on a personal scale, imagine your house mortgage just growing and growing in real value you owe, the actual house value would not necessarily follow)
2. Re:Never problem for banks. by Anonymous Coward · 2013-09-20 22:50 · Score: 0
  
  I'm assuming you are from the US, because that is were this "printing money is bad" meme seems to have been resurrected lately. Central banks are managing the money supply to balance and the economy, and in most modern western economies this is working as intended - keeping a stable currency value, steady low inflation and fueling economic growth or counteracting recession. Outside that the slogan "printing money" sounds like something bad is going on, I don't really understand what it is about the real world effect of this that you are dissatisfied with.
  Here is the argument:
  Every fiat currency in history constantly loses value in the process of "balancing the economy" until the system implodes on itself creating a massive deflation all at once followed by panicked money printing and inflation. This occurs rather than the series of relative minor events that would have occurred otherwise. The process also has the side effect of encouraging wasteful spending and use of resources. Also, the entities that receive the printed money (government and large financial institutions) are given too much power over how then to use this newly created money/reserves and the people in charge of these entities get to spend it on their pet projects at the expense of less well connected people (their money is now devalued).
  
  If there was no "printing money" you would get deflation, which would be really bad for any modern economy. For one it increases the real value of debt, curbing investments, contributing to or amplifying recession and can lead to a deflationary spiral. (on a personal scale, imagine your house mortgage just growing and growing in real value you owe, the actual house value would not necessarily follow)
  These are problems created by printing money in the first place. Yes, at this point it is a major problem and the money printing can not stop without causing major pain for a lot of people, the only thing to do is keep kicking the can down the road or wind it down very slowly.
3. Re:Never problem for banks. by dnaumov · 2013-09-20 23:52 · Score: 2
  
  They will just ask Central Bank to print some extra money. Problem solved.
  For the rest of you, go to work to earn some pennies.
  I'm assuming you are from the US, because that is were this "printing money is bad" meme seems to have been resurrected lately. Central banks are managing the money supply to balance and the economy, and in most modern western economies this is working as intended - keeping a stable currency value, steady low inflation and fueling economic growth or counteracting recession.
  So I see the brainwashing regarding "minor inflation is good" did work on you. Back in my day, we had a word for FALLING prices on essential goods, it was called "progress".
4. Re:Never problem for banks. by Anonymous Coward · 2013-09-21 00:16 · Score: 2, Interesting
  
  So I see the brainwashing regarding "minor inflation is good" did work on you. Back in my day, we had a word for FALLING prices on essential goods, it was called "progress".
  Yeah, I would love to see the price on my house keep falling in value while the debt keep growing.. On the business side this effect will limit investments.
5. Re:Never problem for banks. by Anonymous Coward · 2013-09-21 01:11 · Score: 0
  
  You knowledge of economic history is severely inadequate. Here are two lessons about the risks of incurring large debts and printing money to pay them -
  http://en.wikipedia.org/wiki/Hyperinflation_in_the_Weimar_Republic
  http://en.wikipedia.org/wiki/Hyperinflation_in_Zimbabwe
6. Re:Never problem for banks. by Anonymous Coward · 2013-09-21 01:56 · Score: 0
  
  Keynesian nonsensical scaremongering yet again. Steady inflation is anything but stable and the current target of 2% effectively steals 45% of a man's savings after 30 years.
  The only honest target is 0%.
  Oh, and there's no such thing as a "deflationary spiral" that is comparable to hyperinflation. The former is a negative feedback loop that ends itself when price meets utility value while the latter is a positive feedback loop that has no control mechanism other than the entire economy imploding.
7. Re:Never problem for banks. by sjames · 2013-09-21 03:52 · Score: 1
  
  The problem is when you print money and use it to bail out a private entity that is considered too big to fail. Particularly when you also keep socking it to individuals who are apparently too small to succeed.
8. Re:Never problem for banks. by Anonymous Coward · 2013-09-21 05:33 · Score: 0
  
  My brain-washing says that the economy doesn't run if money doesn't change owners, and people are more likely to hold onto money if there's deflation (=money appreciates in value). Which is why the politicians try to avoid deflation, and the best way to do that is to have a small inflation.
  See e.g. Japan who are now printing loads of money, hoping to get rid of the mild deflation that's been ongoing for the last decade or so.
9. Re:Never problem for banks. by dnaumov · 2013-09-22 02:05 · Score: 1
  
  So I see the brainwashing regarding "minor inflation is good" did work on you. Back in my day, we had a word for FALLING prices on essential goods, it was called "progress".
  Yeah, I would love to see the price on my house keep falling in value while the debt keep growing.. On the business side this effect will limit investments.
  Solution: don't get in debt. On the grand scale of things, mortgages are a very new "invention".
Ugh... by gigaherz · 2013-09-20 21:02 · Score: 1

Can we rename it VKM, so that it doesn't conflict with Kernel-based Virtual Machine?
1. Re:Ugh... by _merlin · 2013-09-20 21:17 · Score: 5, Insightful
  
  KVM switches have had that name since at least the early '90s. How about Linux developers check to see that the aren't causing naming conflicts when they christen their projects?
2. Re:Ugh... by Joining+Yet+Again · 2013-09-20 21:41 · Score: 1
  
  To be fair, this cloudy out-of-your-control virtual nonsense has been around since the '60s. But then we called it a virtual machine monitor (VMM).
  Has anyone stopped to think how poorly systems are now architected that each person has gone back to feeling they need a whole piece of virtual hardware to themselves? Regression - it's not just economic.
3. Re:Ugh... by Anonymous Coward · 2013-09-20 23:35 · Score: 0
  
  Agreed. While we're at it, we should let DRM die as well; every time I see it I immediately think of Direct Rendering Manager, only to be disappointed.
4. Re:Ugh... by jones_supa · 2013-09-20 23:52 · Score: 1
  
  Then we also have IDE for Integrated Drive Electronics and Integrated Development Environment.
5. Re:Ugh... by Anonymous Coward · 2013-09-21 00:02 · Score: 0
  
  Has anyone stopped to think how poorly systems are now architected that each person has gone back to feeling they need a whole piece of virtual hardware to themselves? Regression - it's not just economic.
  Yep, every single day.
  I support customers, of whom 90% are all in Virtual Environments.
  It's not so much systems are poorly architected* that it is just convenient to 'quickly' knock up a new 'clean' VM so Bob can do what he wants. It seems to be easier for Admins to think in terms of machines than users/applications on a given machine - it's as if they are all kind of Desktops/Laptops instead of /home directories. I don't know if it is the paucity of good tools for these Virtual Host envs or that storage is 'cheap'.
  Maybe it's just easier to say this 'machine' is our mail server, tihs 'machine' is our web server, this 'machine' is our doodad-checker server, this machine is our etc.
  *Although i would say that is a valid point, the skill set of managing large NAS/SAN environments has gone, is going, the way of Backups (i.e. dedicated team of people turns into just people who click a GUI and push a 'help me' button when they see a 'red light' so to speak), no understanding what they are doing
6. Re:Ugh... by Anonymous Coward · 2013-09-21 00:27 · Score: 0
  
  Acronyms are relevant in their own sphere. So stop being a pretentious prick.
7. Re:Ugh... by Anonymous Coward · 2013-09-21 00:42 · Score: 0
  
  Ah, how I year for the halcyon days when we communicated via drum and had english long pig on the barbie.
8. Re:Ugh... by utkonos · 2013-09-21 01:06 · Score: 1
  
  From a security and sandboxing perspective this paradigm is much more secure than running all the variety of services on one instance or server. If you use FreeBSD jails it becomes even more secure because each jail only has the resources and libraries available to run the single application that you want to run. The whole resource argument is a non-starter. You are thinking in terms of old hypervisors that don't do memory deduplication. Most all modern virtualization environments do this and allow you to run a very large number of VMs with very little cost. There is a great video from ShmooCon this year that describes this technology excellently. You should fast forward to 6:33 to skip straight to the pertinent section of the talk. Then fast forward to 24:50 to see a demonstration of this technology in action (KVM's version).
9. Re:Ugh... by __aaltlg1547 · 2013-09-21 01:25 · Score: 1
  
  But in some cases, the environments overlap and then you can have a hard time sorting them out.
10. Re:Ugh... by Anonymous Coward · 2013-09-21 02:14 · Score: 0
  
  >Acronyms are relevant in their own sphere.
  This reply should have been to the top-level post, but the prick remark means someone struck a nerve and caused you maximum gluteus-grievance.
Hmm. by Anonymous Coward · 2013-09-20 23:14 · Score: 0

“Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems,”
Also known as some people with a bit of technical knowledge and a grasp of basic social engineering. Gotta love it when they make something sound like rocket science so folks won't realize what little is really involved.
1. Re:Hmm. by raburton · 2013-09-21 00:03 · Score: 4, Informative
  
  Also known as some people with a bit of technical knowledge and a grasp of basic social engineering. Gotta love it when they make something sound like rocket science so folks won't realize what little is really involved.
  The access might have been fairly straight forward, but we don't know what they did with it. What do you do once you are in? Just because you're on the banks network doesn't mean it's easy to steal money. I'm thinking back to the last time I was in a machine room on my own at a bank and wondering what I could have done if I'd wanted to, not really sure. Maybe you can find a convenient gui with buttons like "add money to an account (untraceable)" but failing that you're going to need a reasonable amount of IT/banking knowledge. If you're wanting to mod a CICS transaction written in COBOL to siphon off money without leaving any trace then you'll need more skills than the average crook. On the other hand they got caught, so maybe it was all over their heads...
2. Re:Hmm. by sjames · 2013-09-21 04:07 · Score: 1
  
  Don't you know? The process involves plugging the lan cable into your ear and then playing a video game involving glowing buildings by waving your hands in the air.
  This replaced the old interface where the computer would ask you in a 60 point font if you wanted all of da money.
3. Re:Hmm. by citizenr · 2013-09-21 04:21 · Score: 1
  
  Install it on one of the computers processing transfers.
  Let it run for a week while monitoring patterns and learning gui.
  Prepare some dodgy accounts, usually you take a hobo off the street, clean him up, make him open proper bank account, give him drugs/vodka/whatever he wants and drop him off where you found him. You use those accounts regularly to make them look legit.
  Once you have your window of opportunity (lunch break, loo visit, whatever) start transferring money to a bunch of accounts you prepared earlier.
  Immediately go on a shopping spree, commodities (truck full of cigarettes, TVs, even hi end food). It might seem small time until you realize truck with cigs is worth couple of million euros.
  
  --
  Who logs in to gdm? Not I, said the duck.
Users by Skiron · 2013-09-21 00:17 · Score: 4, Interesting

When I was syadmin a few years ago, I really used to get SO bloody angry with the maintenance guys, as they used to call in photocopy machine engineers when the things went wrong. Of course, they never informed the IT department (ME!), so all of a sudden, when I was going somewhere, I saw an 'unknown' guy hooked up with a laptop on the companies network *.

No matter WHAT I told them about security, it didn't matter - a working photocopier was more important than security.

This is obviously a similar situation - some 'official looking' technical guy turns up, tells a few porkies, and the staff just let him get on with it without any checks.

* I later coded a short perl script to send me a mail when an unknown MAC connected to the LAN.
1. Re:Users by antdude · 2013-09-21 13:07 · Score: 2
  
  It bugs me why IT people don't handle printer, copy, and fax machine issues (e.g., changing cartridges) at my huge workplace. They use maintenance guys.
  
  --
  Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Banking idea by Anonymous Coward · 2013-09-21 00:54 · Score: -1

I think this post is very informative for us http://hightechbd.com/
e-Crimes? da fuq? by FuzzNugget · 2013-09-21 01:03 · Score: 1

Because they used an electronic gadget in the commission of a crime? This was a social engineering ploy, the tech played a minor role. Even TFA (yes, I read it) explained that the technology involved was "crude."
The "tech expert" they interviewed is just adding fuel to the idiot fire by explaining that antivirus won't help, giving undeserved credence to the notion that this was a technological attack.
Stop prefixing e- and cyber- and other bullshit to make yourself sound modern because you actually sound like an old fart bitching about "newfangled gizmos" that they don't understand.
Criminal Masterminds by Going_Digital · 2013-09-21 01:27 · Score: 1

It is funny how the media reports it as a sophisticated attack with criminal masterminds as they don't want you to know that it is something that pretty much anybody with a little tech understanding could do. They are only reporting this one because they were such clever criminal masterminds that they got caught doh! Anyone with the courage to go in to a bank masquerading as in IT contractor could plug such a device into a PC. In fact I'm sure many geeks could come up with a far less obvious solution fitted internally. The problem is banks; especially in the UK are living in the steam era and think of their buildings and therefore their internal network secure. Surely staff should be required to use some sort of NFC tag or similar so that the computer can only be operated while they are sat at it and locks when they walk away.
1. Re:Criminal Masterminds by cbiltcliffe · 2013-09-21 02:33 · Score: 1
  
  It is funny how the media reports it as a sophisticated attack with criminal masterminds as they don't want you to know that it is something that pretty much anybody with a little tech understanding could do. They are only reporting this one because they were such clever criminal masterminds that they got caught doh!
  I'm sure it's also that they want it to seem that the police are complete tech geniuses that can thwart any crime, no matter how much of a "criminal mastermind" the perpetrator is. In reality, of course, they're just as incompetent as the criminals for the most part.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
No it isn't by zippthorne · 2013-09-21 02:26 · Score: 1

All that duplication of OS, and you get the perceived benefit of increased separation, but you've still go a thing running that launches other things, all on the same machine, only now with the overhead of running the first thing inside another thing inside itself....
The only security benefit is in the thing that contains the thing that runs the stuff. If this piece of software sufficiently segregates the running applications, then it is secure, if it does not, then you're in the same boat as before except you need three times the hardware just to get started.
A well-designed operating system would keep the applications just as separate with only 1x the overhead of an operating system. The fact that we're using VM's all over the place is clear evidence that we haven't got operating systems figured out right now.

--
Can you be Even More Awesome?!
1. Re:No it isn't by sjames · 2013-09-21 04:05 · Score: 1
  
  It's pretty amazing how little overhead virtualization adds these days. In exchange, you avoid the pain of having to seperate out services one by one if you ever have to migrate. This is particularly helpful if you have a server go down and you need to divide the services it was performing amongst several other machines as you restore from backups. It's much easier to just stick the mail server on A and the web server for de0partment X on B, etc.
When the IT staff gets Subcontracted / contracted by Joe_Dragon · 2013-09-21 03:51 · Score: 2

Some times the works don't get staff ID's or it can be easy to say I got a call just now to come out or just show some paper work that looks like an work order. And they can say the system placed the call on it's own.
Why get an email instead of stopping it? by Anonymous Coward · 2013-09-21 04:35 · Score: 0

As stated above, any network equipment worth using has MAC filtering. Just set up all access port security as single MAC only, sticky so you don't have to hardcode them all, and shutdown on violation. Done. No more alien network interfaces on your network.
Why would you take the time to code a script but not do the bare bones network administration task of setting port security? It's only five lines of configuration on Cisco equipment:
int ra f0/x-y
switch mode acc
switch port-s mac sticky
switch port-s max 1
switch port-s vi sh
A whole lot easier than a custom one off job that will only tell you when something has already gone wrong.
1. Re:Why get an email instead of stopping it? by Anonymous Coward · 2013-09-21 07:12 · Score: 0
  
  dumb switch and smart servers can do the job on a fraction of the cost of a good router...
2. Re:Why get an email instead of stopping it? by Anonymous Coward · 2013-09-21 10:33 · Score: 0
  
  That isn't a router config.
British public hit by banking crooks, more like by Anonymous Coward · 2013-09-21 05:46 · Score: 0

Banks create money out of thin air every time somebody takes out a loan.
www.positivemoney.org
97% of the money in existence is BANK money - meaning it is a DEBT to a bank somewhere, meaning the banks (i.e. the private individuals who own them) own 97% of everything.
whose by Anonymous Coward · 2013-09-22 01:43 · Score: 0

not who's