LONDON — Eight men have been arrested on suspicion of stealing $2 million from a Barclays bank branch by tapping into its computers, British police said today.
The gang is accused of installing a KVM device, or keyboard video mouse, on the bank’s computer system that allowed it to carry out the cyber theft.
The men, aged between 24 and 47, are being questioned about conspiracy to steal and conspiracy to defraud U.K. banks.
Police said cash, jewels and thousands of credit cards have been found in searches at addresses in the greater London area. Police said the group operated out of a “control room” in central London that was being searched.
The arrests follow a failed attempt to use similar technology to rob the Santander bank last week. The same police investigators are handling both cases.
Detective Supt. Terry Wilson said one of the arrested men is the “Mr. Big” of British cybercrime.
Police suspect that in both cases a gang member posed as an engineer and installed a KVM on the bank’s computers that allowed the suspects, in the Barclays case, to gain information used to siphon money from the bank.
“That would allow them to log the keystrokes and the actual screen, so you could gather passwords and see how people log into their systems,” said Graham Cluley, an independent computer security analyst. “Then you could remotely access the computers as if you were sitting in front of it. Effectively, it’s like breaking into the bank in the middle of the night.”
Still, he said the bank’s anti-fraud systems were probably activated by the unusual transactions shortly after the money was taken from Barclays, allowing the bank to recover it quickly.
“Money was technically moved, but no lasting financial damage was done,” said Cluley, who believes the same suspects may have been behind the hacks at Barclays and Santander.
A Barclays executive said the bank acted “swiftly to recover funds” after the security breach at its Swiss Cottage branch in north London in April.
“We can confirm that no customers suffered financial loss as a result of this action,” said Alex Grant, the bank’s managing director of fraud prevention.
Guidelines: Please keep your comments smart and civil. Don't attack other readers personally, and keep your language decent. Comments that violate these standards, or our privacy statement or visitor's agreement, are subject to being removed and commenters are subject to being banned. To post comments, you must be a registered user on toledoblade.com. To find out more, please visit the FAQ.