12 arrested as UK cops foil Santander bank heist plot

Filed Under: Featured, Law & order

Santander. Image courtesy of ShutterstockLondon Metropolitan Police are holding 12 men in connection with a scheme to access computers at Santander, one of the UK's largest banks.

The plot involved planting remote-access hardware on a system in a local branch, from where the crooks hoped to navigate the bank's networks from the inside.

Variously described as "audacious", "sophisticated" and "significant", the potential takings from the haul are estimated to have been in the millions, had it succeeded.

The plan centred around attaching KVM (Keyboard, Video, Mouse) kit to a machine at a Santander branch in Surrey Quays, southeast London. A man posing as an engineer from a telecoms firm fitted the device, but it was never operational.

If it had been activated, the crooks could have monitored all activity on the system or operated it themselves from a remote location. It's not thought that any Santander employees were involved in the plot.

The Met police have had a busy day searching properties across London, and seizing equipment thought to be related to the case.

It seems the law had some advance warning of the scheme, as Santander claims to have been working with the police for several months prior to the attempt to fit the device. The arrests happened within hours of the hardware being put in place.

Santander UK, owned by global mega-bank Grupo Santander, was formed from the acquisition of several nationwide savings firms, and has over 1,300 branches and 25,000 employees in the UK.

This size, and the number of people involved in maintaining and running all those branches, must make it hard to keep an eye on all workstations for the addition of rogue hardware, which can be difficult if not impossible for security software to detect.

Hacker. Image courtesy of ShutterstockOf course, even with access to a workstation, there's no telling how much further the crooks would have got.

If the systems were well controlled, secured and monitored, there should still have been plenty of obstacles to overcome before they could find their way into sensitive parts of the network, and move virtual cash out of the bank's systems to somewhere they could turn it into bling and motors.

The partial success of the scheme seems to imply that despite centuries of evolution, the physical security of banks still needs more work, now that computers and cabling need to be monitored as closely as vaults, vans and drawers full of cash.

Let's hope the digital protections are a little more solid.


Image of Santander and hacker courtesy of Shutterstock.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Hawes is Chief of Operations at Virus Bulletin, running independent anti-malware testing there since 2006. With over a decade of experience testing security products, John was elected to the board of directors of the Anti-Malware Testing Standards Organisation (AMTSO) in 2011.