BreachExchange mailing list archives

Previous By Date Next
Previous By Thread Next

Met police foil "cyber" heist on Santander Bank

From: Lee J <lee () riskbasedsecurity com>
Date: Fri, 13 Sep 2013 21:06:31 +1000
http://www.information-age.com/technology/security/123457339/met-police-foil--cyber--heist-on-santander-bank

The Metropolitan Police e-crime unit has arrested 12 men in connection with
an alleged "cyber plot" at a branch of Santander Bank.

The gang tried to install a device on a PC at Santander's Surrey Quays
branch that intercepts keystrokes, mouse movements and a video feed of the
monitor (known as a KVM device).

This would have given them the ability to "take control of the bank
computers remotely", the Met said in a statement today.

   - *See also: How to hack a bank
(theoretically)<http://www.information-age.com/technology/security/123456959/how-to-hack-a-bank--theoretically->
   *

According to Santander, "the attempt to fit the device to the computer in
the Surrey Quays Branch was undertaken by a bogus maintenance engineer
pretending to be from a third party."

"It failed and no money was ever at risk," the bank said in a statement.
"No member of Santander staff was involved in this attempted fraud."

 “This was a sophisticated plot that could have led to the loss of a very
large amount of money from the bank, and is the most significant case of
this kind that we have come across," said detective inspector Mark Raymond,
of the Met's Central e-Crime Unit.

Santander said that it knew about the possibility of such a heist in
advance. "Like all high street banks, Santander works very closely with the
Police and other authorities to help prevent fraud," it said. "Through this
co-operation, Santander was aware of the possibility of the attack
connected to today’s arrests."

The Met said the arrests "are the result of a long-term, intelligence-led,
proactive operation by the PCeU".

Some security experts have inferred that the arrests may have been part of
a *"controlled operation"<https://twitter.com/neirajones/status/378439006054133760>
* or even a *"honeytrap"<https://twitter.com/christiantoon/status/378449690158579712>
*. A Met spokesperson denied this, saying that "we got some intelligence,
and we acted".

Key loggers have been used in bank heists before. In 2005, the UK's
now-defunct National Hi-Tech Crime Unit foiled a plot to steal £220 million
from the London offices of Japan's Sumitomo Mitsui bank, that used a
software-based key logger.

   - *See also: Vodafone suspects IT contract of stealing 2m customer
   
records<http://www.information-age.com/technology/security/123457336/vodafone-suspects-it-contractor-of-stealing-2-million-customer-records>
   *

According to independent security expert Graham Cluley, the advantage of a
hardware-based key logger is that it cannot be detected by anti-virus
software. "Hardware is much more difficult to detect, because there's
nothing running on the machine," he told* Information Age* this morning.

He believes the device may have been a KVM logger that gives the operator
remote control over the affected machine, which would have allowed the
hackers to transfer funds using the PC.

The plot shows the need for employees to challenge anyone unknown that
enters the workplace, Cluley said. "You have to be really careful every
time someone comes into the office," he said.

He added that attacks of this kind could also be prevented by implementing
two-factor authentication for internal employees. "That would have made
this kind of attack much more complicated."
- See more at:
http://www.information-age.com/technology/security/123457339/met-police-foil--cyber--heist-on-santander-bank#sthash.bWSLX0UA.dpuf

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

o()xxxx[{::::::::::::::::::::::::::::::::::::::::>
# InfoSec Builders, Breakers and Defenders - Time Square, New York City  18-21 November
# OWASP AppSecUSA 2013  -   http://www.appsecusa.org
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Previous By Date Next
Previous By Thread Next

Current thread: