Eight arrested over Barclays £1.3 million remote computer theft

KVM switch used to gain control of branch systems

Eight men have been arrested by the Metropolitan Police's Central e-Crime Unit (PCeU) in connection with a theft of £1.3 million, after taking control of a Barclay's bank branch computer with the use of a KVM switch.

Police revealed that in April 2013 a man purporting to be an IT engineer was able to gain access to a branch of the high street bank, claiming that he was there to fix computers. The man then deployed a 'keyboard, video and mouse switch' KVM switch, a piece of hardware used by many businesses, to a 3G router which was subsequently attached to a branch server, enabling the gang to control systems remotely.

Once control was gained of branch systems in Swiss Cottage, London, it was possible to transfer money to bank accounts owned by the gang.

Following arrests made on Thursday 19 September and Friday 20 September, the men, aged between 24 and 47, are being charged with allegations of conspiracy to steal from Barclays and conspiracy to defraud UK banks.

In a statement the Met noted that this is a 'new and increasing methodology' witnessed by UK law enforcement aimed at low risk, high yield cyber enabled crime.

The theft bears a striking resemblance to a planned attack on fellow high street bank Santander last week. The PCeU arrested 12 men charged with plotting to steal millions of pounds after placing a KVM switch on a Santander branch computer, though the plan was halted before money was taken.

Commenting on the Barclays theft, detective inspector Mark Raymond of the Met's PCeU, said: "These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK banking sector.

"Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems."

In a statement, Alex Grant, Barclays managing director, Fraud Prevention, said that security remains a "priority" for the bank, and that its customers had suffered no financial loss."Barclays has no higher priority than the protection and security of our customers against the actions of would-be fraudsters," Grant said."We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day."We can confirm that no customers suffered financial loss as a result of this action."

Join the CSO newsletter!

Error: Please check your email address.

Tags SantanderPCeUsecurity

More about KVM

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Matthew Finnegan

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts