Eight arrested over Barclays £1.3 million remote computer theft

KVM switch used to gain control of branch systems

Eight men have been arrested by the Metropolitan Police's Central e-Crime Unit (PCeU) in connection with a theft of £1.3 million, after taking control of a Barclay's bank branch computer with the use of a KVM switch.

Police revealed that in April 2013 a man purporting to be an IT engineer was able to gain access to a branch of the high street bank, claiming that he was there to fix computers. The man then deployed a 'keyboard, video and mouse switch' KVM switch, a piece of hardware used by many businesses, to a 3G router which was subsequently attached to a branch server, enabling the gang to control systems remotely.

Once control was gained of branch systems in Swiss Cottage, London, it was possible to transfer money to bank accounts owned by the gang.

Following arrests made on Thursday 19 September and Friday 20 September, the men, aged between 24 and 47, are being charged with allegations of conspiracy to steal from Barclays and conspiracy to defraud UK banks.

In a statement the Met noted that this is a 'new and increasing methodology' witnessed by UK law enforcement aimed at low risk, high yield cyber enabled crime.

The theft bears a striking resemblance to a planned attack on fellow high street bank Santander last week. The PCeU arrested 12 men charged with plotting to steal millions of pounds after placing a KVM switch on a Santander branch computer, though the plan was halted before money was taken.

Commenting on the Barclays theft, detective inspector Mark Raymond of the Met's PCeU, said: "These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK banking sector.

"Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems."

In a statement, Alex Grant, Barclays managing director, Fraud Prevention, said that security remains a "priority" for the bank, and that its customers had suffered no financial loss."Barclays has no higher priority than the protection and security of our customers against the actions of would-be fraudsters," Grant said."We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day."We can confirm that no customers suffered financial loss as a result of this action."

Tags: Santander, PCeU, security

Fortinet, McAfee, Trend Micro, Bitdefender battle in socially-engineered malware prevention test

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security That Fits

Improve the effectiveness of your security or get unique network threat discovery and remediation

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.