Bank robbers use KVM switch and 3G router to steal money (Updated by Endah)
Ringleader claimed to be an IT contractor, got access to bank computers.
The networked KVM switch and 3G router used to rob a Barclays Bank branch remotely.
Metropolitan Police, London
Nine members of a London-based gang have been convicted and three others are scheduled for sentencing in June for a series of electronic bank robberies. Using social engineering to install a remote-controlled keyboard-video-mouse (KVM) switch on bank PCs, the gang managed to transfer millions to outside accounts in two separate jobs in April and July of 2013. They were caught attempting to rob a third bank in September.
Dean Outram, 32, entered all three banks claiming to be from a tech support contractor and saying he was there to repair computers. At each bank branch robbed, Outram installed a KVM switch and a 3G wireless router. From a “control center” in central London, others then used the KVM switches to gain access to the PCs of bank employees, remotely logging keystrokes and monitoring screen activity to get the information necessary to transfer funds from customers’ accounts to accounts controlled by the group.
In the first attempt, the group managed to make 128 fund transfers totaling £1.3 million (about $2 million) in one day from a branch of Barclays Bank. The bank detected the fraud the same day and recovered about £600,000 ($1 million) of the funds before the gang drained the accounts. In its second attempt at another Barclays branch, the group was able to make off with £90,000 (about $150,000).
The rogue IT support team’s spree ended on September 12, 2013 when Outram went for a third attempt at a branch of Santander Bank. He was arrested on the scene. Some of his compatriots were arrested off-site at the same time; the others were arrested a week later.
In addition to the bank transfers, the gang also gained control of approximately 500 “high value bank and credit cards,” a Metropolitan Police spokesperson said in an official release; the cards had either been stolen or intercepted in the mail. The cards were used for fraudulent purchases totaling over £1 million—including purchases of Rolex watches, other high-end jewelry, Apple computers, and iPads.
Comments