Barclays KVM attack down to rogue employee

News by Steve Gold

Gang allegedly siphoned money from bank in sub-£10k tranches to avoid investigation.

Details of the methodology used by a gang that allegedly engineered an attack on a Barclays Bank computer last autumn emerged in court this week.

As reported late last year, eight men were arrested in connection with a £1.25 million fraud against the bank, with police confiscating cash, Rolex watches and credit cards thought to have been associated with the fraud.

At the time, police said the gang attacked a computer in the Swiss Cottage (London) branch of Barclays, transferring money from the branch to accounts held elsewhere.

In a trial at Southwark Crown Court this week, it emerged that a bank employee is alleged to have helped the gang attach a KVM (keyboard/video/mouse) adapter to the bank's PC, so allowing members of the gang to access the computer remotely.

The gang is then alleged to have uses the employee's credentials to make a total of 128 transfers from six business accounts. The transfers were each under the £10,000 limit UK banks impose on inter-bank transfers before further checks - sometimes with the Bank of England - are carried out.

Police say that, when they searched one of the gang member's house, they found a crib sheet in his toilet cistern with details of bank customer accounts, as well as a KVM unit with a Three 3G modem attached.

Jean-Jacques and four other men (aged between 25 and 52) are on trial in connection with the fraud. Police say the men - who deny all charges against them - may be linked to a similar attack against Santander Bank last September, when another man, not currently on trial, allegedly impersonated a BT OpenReach engineer to gain access to a restricted area of the bank and attach a KVM device.

Some press reports suggest that the bank has yet to recover £700,000 from the cyberheist. The Daily Telegraph newspaper reports that the gang allegedly stole more than 400,000 pieces of mail and "conned American Express and Coutts customers into handing over their security details."

Professor John Walker, a Visiting Professor with Nottingham-Trent University's School of Science and Technology, said that many types of bank breaches are often caused by people using their own ingenuity and imagination to counter the known aspects of security used by banks. 

Walker, who is also CTO of IT security consultancy Integral Security Xssurance,  says that these types of attacks may be more common than you might think, as yesterday he was shown a piece of equipment that could be used to connect into an element of the banking system.

That kit, he explained, can be used to override the security of a bank to generate many multiples of transactions, all using relatively simple equipment, but with a price tag of £6,000 (US $10,000).

The key problem facing banks where rogue members of staff are involved, he says, is that the background check methodology may be flawed.  As one example, he said that, in a case he was involved with, a major global brand employed someone with a false background.

"There are of course many other technologies which may be leveraged to support such an internal attack, ranging from simple devices which may be attacked to systems to capture log-on credentials, to the more sophisticated, like the PAWNIE express plugs, which may be attached to LANS, and then remotely connected via a cellphone or WiFi," he said, adding that there are also sophisticated key loggers available, which now feature remote WiFi connections.

"Last year I was involved with a commissioned social engineering attack on a London based office. After a number of attempts, the unauthorised incursion was successful, and a number of passive devices were planted - some of which were adorned with the markings of a well-known hacker group - in prominent places and then plugged into the mains," he added.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews