Slashdot Mirror
Another British Bank Hit By KVM Crooks
judgecorp writes "Another British bank — Barclays — has been hit by a fraud attempt using a stealthily-planted KVM (keyboard, video, mouse) device. Unlike the previous attempt on Santander, the crooks got away with £1.3 million, but were subsequently apprehended by the Metropolitan Police's Central e-Crimes Unit."
Well, for the most part, the thefts have only involved tiny fractions of pennies normally lost due to rounding errors, so usually they don't get caught...
Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!
KVM switches have had that name since at least the early '90s. How about Linux developers check to see that the aren't causing naming conflicts when they christen their projects?
Apparently about 2/3rds of crooks get away with it. The ones who do are the ones who do a one off of $500,000 or so and the banks decide it's better to absorb the loss then to go to the police and take the PR and resources hit that goes with it. The ones who do get caught are the ones who get greedy and do it multiple times or go for too much. There was an interview on Radio 4 talking about it (may have been the catch-me-if-you-can guy, can't remember for sure).
You've got to spend money to make money.
You'd be better off with a regular wireless access point that includes a built in switch...
Drop it in between an existing workstation (or other networked device like a printer) and the wall, legit device keeps working but the lan is now extended outside and you can sit outside or in a nearby coffee shop.
Once your on the internal network, the rest is absolutely trivial... A port scanning tool and a copy of metasploit, you'll have domain admin within a few minutes and chances are even if the important stuff is kept on non windows machines, it will be accessed from windows machines which are part of the domain so you just keylog the right workstations until you get access.
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
They will just ask Central Bank to print some extra money. Problem solved. For the rest of you, go to work to earn some pennies.
I'm assuming you are from the US, because that is were this "printing money is bad" meme seems to have been resurrected lately. Central banks are managing the money supply to balance and the economy, and in most modern western economies this is working as intended - keeping a stable currency value, steady low inflation and fueling economic growth or counteracting recession. Outside that the slogan "printing money" sounds like something bad is going on, I don't really understand what it is about the real world effect of this that you are dissatisfied with.
If there was no "printing money" you would get deflation, which would be really bad for any modern economy. For one it increases the real value of debt, curbing investments, contributing to or amplifying recession and can lead to a deflationary spiral. (on a personal scale, imagine your house mortgage just growing and growing in real value you owe, the actual house value would not necessarily follow)
They will just ask Central Bank to print some extra money. Problem solved.
For the rest of you, go to work to earn some pennies.
I'm assuming you are from the US, because that is were this "printing money is bad" meme seems to have been resurrected lately. Central banks are managing the money supply to balance and the economy, and in most modern western economies this is working as intended - keeping a stable currency value, steady low inflation and fueling economic growth or counteracting recession.
So I see the brainwashing regarding "minor inflation is good" did work on you. Back in my day, we had a word for FALLING prices on essential goods, it was called "progress".
Also known as some people with a bit of technical knowledge and a grasp of basic social engineering. Gotta love it when they make something sound like rocket science so folks won't realize what little is really involved.
The access might have been fairly straight forward, but we don't know what they did with it. What do you do once you are in? Just because you're on the banks network doesn't mean it's easy to steal money. I'm thinking back to the last time I was in a machine room on my own at a bank and wondering what I could have done if I'd wanted to, not really sure. Maybe you can find a convenient gui with buttons like "add money to an account (untraceable)" but failing that you're going to need a reasonable amount of IT/banking knowledge. If you're wanting to mod a CICS transaction written in COBOL to siphon off money without leaving any trace then you'll need more skills than the average crook. On the other hand they got caught, so maybe it was all over their heads...
So I see the brainwashing regarding "minor inflation is good" did work on you. Back in my day, we had a word for FALLING prices on essential goods, it was called "progress".
Yeah, I would love to see the price on my house keep falling in value while the debt keep growing.. On the business side this effect will limit investments.
When I was syadmin a few years ago, I really used to get SO bloody angry with the maintenance guys, as they used to call in photocopy machine engineers when the things went wrong. Of course, they never informed the IT department (ME!), so all of a sudden, when I was going somewhere, I saw an 'unknown' guy hooked up with a laptop on the companies network *.
No matter WHAT I told them about security, it didn't matter - a working photocopier was more important than security.
This is obviously a similar situation - some 'official looking' technical guy turns up, tells a few porkies, and the staff just let him get on with it without any checks.
* I later coded a short perl script to send me a mail when an unknown MAC connected to the LAN.
You can't sniff for a valid MAC until you've already got your illicit one in the network. By then, you've already triggered the IDS.
Any bank with IT worth keeping has MAC filtering on their switches. That alone will prevent your "access point/switch in the network line from a workstation" from working. At best, the legit device will stop working, resulting in a call to IT. At worst, the IDS will be triggered immediately, Either way, IT will investigate, find your additions to the network, probably call the police, get your AP fingerprinted, etc.etc.
A network device WILL be detected on anything but the simplest "plug it in and it works as recommended by Best Buy" kind of network. I've got two older Cisco Catalyst switches on my home/home business network; a 2950 and a 2960. Even these support locking a specific MAC to a port, so an unauthorized device won't work if plugged in. I`m going to set the 2960 this way soon, but haven`t yet as it`s a new addition to the network, as an emergency replacement for a different switch that died. The 2950, though, is on my workbench, which has customer machines connected and disconnected on a regular basis, so this kind of setting would be counterproductive.
So when I get the setup finalized, your "AP in a network cable" wouldn't even work on the trusted subnet of my home network, forget about a bank. My workbench subnet has no access to anything important, so unless you're wanting to hack a customer machine that's already infected with a dozen viruses, you're not going to get anywhere.
"City hall" in German is "Rathaus" Kinda explains a few things......
Some times the works don't get staff ID's or it can be easy to say I got a call just now to come out or just show some paper work that looks like an work order. And they can say the system placed the call on it's own.