Eight men are under arrest in connection with a $2.1 million (£1.3 million) theft by a gang that stole the money by taking control of a Barclays Bank branch computer system, said officials at the London Metropolitan Police’s Central e-Crime Unit (PCeU).
Police are searching addresses in Westminster, Newham, Camden, Brent and Essex, where they seized property, including cash, jewelry, drugs, thousands of credit cards and personal data. One central London location was the “control” center for the gang, police said.
The arrests are the result of a long term intelligence led operation by the Metropolitan Police’s PCeU, in partnership with Barclays Bank, who have been investigating the $2.1 million (£1.3 million) theft from the Swiss Cottage branch of Barclays in April 2013.
On 5 April 2013, Barclays Security reported the theft. An investigation branch in North London and investigators found a KVM switch attached to a 3G router on one of the branch computers.
A KVM switch is a hardware device used legitimately in business to allow users to work remotely on their work computer systems. It allows a user to control multiple computers from one or more keyboard, video monitor and mouse. Although multiple computers connect to the KVM, typically a user will control a single or smaller number of computers at any given time.
As it turns out, the previous day a male purporting to be an IT engineer had gained access to the branch, saying he was there to fix computers. He then deployed the KVM device. This enabled the criminal group to remotely transfer monies to predetermined back accounts under the control of the criminal group.
Barclays were able to recover a significant amount of the stolen funds.
This new attack method is becoming more abundant, UK law enforcement officials said. It shows the rapidly evolving nature of low risk, high financial yield cyber enabled crime.
“These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK Banking sector,” said Detective Inspector Mark Raymond of the PCeU.
“Those responsible for this offense are significant players within a sophisticated and determined Organized Criminal Network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems.”