How bank hackers stole £1.25 million with a simple piece of computer hardware

On 4 April 2013, Darius Bolder, walked into the Swiss Cottage branch of Barclays bank in North London and - posing as an IT technician - managed to gain entry to the back office.

He now had physical access to the bank's IT systems, and was able to connect a KVM (Keyboard / Video / Mouse) device to a computer.

KVM device

The device, an innocuous-looking black box, was attached to a 3G router, and allowed hackers holed-up in a nearby hotel to record staff passwords and screen activity, enabling them to make 128 financial transfers worth £1,252,490.

The money transfers went to a network of mule accounts, specially set up to launder the stolen cash.

Barclays reported the attack that day to the Metropolitan Police Central e-Crime Unit (PCeU), and managed to recover over £600,000 of the stolen money.

BarclaysBut that wasn't the end of the story, as on 17 July 2013 another branch of Barclays was struck.

32-year-old Dean Outram entered a branch of Barclays in Lewisham, and was able to install a KVM device, through which £90,000 was stolen.

Two months later the group attempted another heist, unlawfully gaining access to Santander's IT system after Dean Outram fitted another KVM device in the bank's Surrey Quays branch.

However, the Met Police were ready and Santander were on alert. As Outram left the branch he was arrested by police officers and an address in Hounslow was raided where ten other gang members were apprehended. Investigators recovered computers logged into Santander bank accounts, but no money had been stolen.

Yesterday, nine members of the gang were sentenced at Southwark Crown Court to a total of of 24 years and nine months.

Lanre Mullins-Abudu, 25, of Weimar Street, Putney

  • conspiracy to commit fraud - three years imprisonment
  • conspiracy to steal - three years imprisonment to run consecutively
  • conspiracy to steal - two years imprisonment to run consecutively
  • possession of articles for use in fraud - three years imprisonment to run concurrently

Total: eight years imprisonment

Steven Hannah, 53, of Bell Street, London, NW1:

  • conspiracy to commit fraud - three and a half years imprisonment
  • possession of Crystal Meth Class A drugs with intent to supply - two years and four months imprisonment to run consecutively

Total: five years and 10 months imprisonment

Tony Colston-Hayter, 49, of Seymour Street W1

  • conspiracy to commit fraud - two and a half years imprisonment
  • conspiracy to steal - two years imprisonment to run consecutively
  • possession of articles for use in fraud - two and a half years imprisonment to run concurrently
  • possession of articles for use in fraud - two and a half years imprisonment to run concurrently
  • theft - one year imprisonment to run consecutively

Total: five and a half years imprisonment

Darius Valentin Boldor, 34, of Ebury Bridge Road, London SW1

  • fraud - six months imprisonment
  • conspiracy to steal - two years imprisonment to run consecutively

Total: two years six months imprisonment

Dean Outram, 32, of Clifford Gardens, NW10

  • conspiracy to steal - one and a half years imprisonment
  • conspiracy to steal - one and a half years imprisonment to run consecutively

Total: three years imprisonment

Adam Raeburn Jefferson, 38, of Newport Road, New Bradwell, Milton Keynes

  • conspiracy to commit fraud - one year and four months imprisonment, suspended for two years
  • six-month tag-monitored curfew

Segun Ogunfidodo, 27, of White City Estate, W12

  • conspiracy to commit fraud - nine months imprisonment suspended for two years
  • community work order and three-month tag-monitored curfew

Dola Leroy Odunsi, 28,of Bromfield Rise, Abbots Langley, WD5

  • conspiracy to commit fraud - nine months imprisonment suspended for two years
  • community work order and three-month tag-monitored curfew

James Lewis Murphy, 39, of Wellington Buildings, Ebury Bridge Road, SW1

  • possession of criminal property - six months imprisonment (sentence already served in custody).

Four other members of the gang (Michael Victor Harper, 26, of Kiln Place, NW5, Guy Davies, 49, of Sudbourne Road, London, SW2, Stephen Ohunta, 41, of Mafeking Road, E16, and Asad Ali Qureshi, 26, of Old Brompton Road, SW7) are scheduled to be sentenced at Wood Green Court on 13 June.

Another, 31-year-old Martin Thane of Eardley Crescent, SW5, was previously sentenced to six months conditional discharge, and ordered to attend a rehabilitation clinic for six months on 8 October 2013, for conspiracy to commit fraud by misrepresentation.

And it turns out that some of the gang's criminal activities went beyond installing KVM devices and meddling with bank accounts.

According to the Met Police's press release:

In addition to the Barclays and Santander cyber attacks, police identified that between May 2012 and September 2013, Mullins-Abudu, Stephen Hannah, 53, Guy Davis, 49, Adam Jefferson, 38, Segun Ogunfidodo, 26, Dola Odunusui, 29, Martin Thane, 31, Michael Harper, 26 and Tony Colston-Hayter, 49, also used what police believe to be around 500 high value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads.

The value of the credit card fraud is in excess of £1 million. In order to use the cards, the group - led by Hayter - used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers.

Remember folks - be very careful about what information you give away over the phone, and remember that a legitimate call from your bank or credit card company will never ask you to tell them your complete PIN code.

"Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice."

"This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital," said Detective Chief Inspector Jason Tunn, of the MPS Cyber Crime Unit.

It seems to me that the Met Police can be proud of bringing this high-tech gang to justice and stopping them in their audacious scheme to defraud bank customers.

And a clear warning needs to go out to other organisations to take great care over who well allow to gain physical access to our offices, and how closely visitors should be monitored - especially if they are an unfamiliar face.

Of course, human nature being what it is – many people feel uncomfortable grilling an unfamiliar face as to what they might be doing in the office, and asking them to prove their legitimacy.

Once again, this is largely a human problem, not a technological one.

Further reading:

Tags: , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , ,

5 Responses

  1. Darren Wall

    April 25, 2014 at 11:57 am #

    A couple of years back I took part in a project to roll out replacement keyboards and screens to a high street bank that has branches all over the country. Many of the branches were so glad to see an IT person on site that they did very little checking on me. "Oh are you here to fix the….."
    Under the counter pulling out old cabling and setting up new keyboards and monitors I could quite easily have plugged in devices like those in your article. The branches appear to get so little on site IT support that a device like that could go unnoticed for a long time if the thieves were not too greedy.

  2. Romanian

    April 25, 2014 at 12:17 pm #

    Out of a 14-person gang comprising 8 persons with British names, 5 persons with African sounding names and one Romanian, you outlined the last one.

    • Graham Cluley in reply to Romanian.

      April 25, 2014 at 12:22 pm #

      He's the only one I know the nationality of. If you have information about the other individuals please share it, and I can update the article.

      But I take your point. It seems odd to mention his nationality and not the others, and could be misconstrued. So I’ve removed it until (if?) we can fill in all the other gaps.

      • Romanian in reply to Graham Cluley.

        April 26, 2014 at 12:40 pm #

        Fair enough. Not all of you are ukip-ers, obviously ;)

  3. Bruce

    April 25, 2014 at 12:45 pm #

    The Met Police might be pleased about bringing this gang before the court, but some of those sentences seem very low for this level of crime. Or is it just me?

Leave a Reply