Lloyds TSB bank clerks accused of installing hardware device to help them steal £2 million

Graham Cluley

Lloyds TSBThree Lloyds TSB employees have been accused of conspiring to steal over £2 million from bank accounts, after allegedly installing a hardware device to steal passwords from the banking group.

According to British media reports, the Old Bailey has heard that Halifax branches in Slough, Newbury and Camden were targeted in the alleged conspiracy between July to September 2012.

In those Halifax branches, part of the Lloyds banking group, a device was allegedly installed on an internal account workstation, stealing credentials with the intention of making fraudulent transfers.

Prosecutor James Thacker explained to the court that the “USB mouse, keyboard and mass storage” device gave the alleged fraudsters remote access to workstations, via the internet.

“The device allowed remote access into the secure banking systems that led to fraudulent transfers being made by the criminal group, causing significant loss to the bank.”

“Although over £2m was intended to be obtained, the loss to the bank was just over £440,000.”

The court heard that in August 2012, a branch manager at Halifax in Slough became aware of a suspicious transaction into a customer’s account of £50,000.

“All the transfers had taken place that day between 5.59am and 7.15am – a time when the branch was closed.”

I haven’t heard any evidence other than that covered by the media, but the allegation sounds similar to attacks reportedly perpetrated against Barclays, and prevented at Santander, last year.

In the Barclays case, a gang member – posing as an IT technician – walked into a bank branch and connected the device to a computer, hoping that staff would believe he was there for legitimate reasons.

The device, a KVM (“Keyboard video mouse”) switch attached to a 3G router, allowed the hackers to record staff keypresses, and screen activity, helping them to steal password information. The criminal group then allegedly used the information to remotely transfer money to other accounts.

Dean Outram, 34, was convicted for his part in that plot earlier this year.

The three men currently standing trial at the Old Bailey in London are Tai Hulbert-Thomas, 27, of Oxford, Neil Bautista, aged 22, from Maidenhead, and 30-year-old Mawli Thurairajah of Harrow.

All three deny the charges against them, and the trial continues.

What happened or didn’t happen in this particular case is a matter for the courts to decide, but there’s clearly a need for organisations to keep a close eye not just on the threat posed by external hackers but also the insider threat of rogue employees.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.