ZDNet UK


Skip to Main Content

ZDNet.co.uk - Winner of Best Business Website 2007
  1. Home
  2. News
  3. Blogs
  4. Reviews
  5. Prices
  6. Resources
  7. Community
  8. My ZDNet

 

ZDNet UK RSS Feeds


IT Jobs

Security threats Toolkit

Inside the biggest bank raid that never was

Dan Ilet ZDNet.co.uk

Published: 21 Mar 2005 10:25 GMT

  • Email
  • Trackback
  • Clip Link
  • Print friendly
  • Post Comment

As Yaron Bolondi faces charges of money laundering and fraud, police are actively hunting down other suspects in the attempted hacking-based theft of £220m from Sumitomo Mitsui Bank (SMB).

The National Hi-Tech Crime Unit and the bank itself are keeping quiet over the affair, and technical details of the hack are still sketchy, But reports suggest that the would-be thieves used keystroke loggers to snatch sensitive information from SMB's employees and were thus able to manipulate the bank's systems.

If this proves to be true, it still unclear whether the key stroke logging system used was based around a hardware device fitted to the back of certain computers, or was purely software based — potentially sent by an email virus.

"They are being very cagey about how the hack was done," said Graham Cluley, senior technology consultant for antivirus company Sophos. "I even heard that there were no keystroke loggers. In many ways, hardware keystroke loggers are harder to detect than software. They can be fitted easily. So maybe it was an inside job."

Legal experts also feel an internal employee may have facilitated the attack. "My gut feeling is that this came from the inside," said Mark Smith, a solicitor for law firm Olswang. "It shows that you can't rely on perimeter security. Intrusion detection gets a lot of bad press because people don’t know how to operate it, but that can really help."

Chief information security analyst Paul Wood of email security firm MessageLabs said it was unimportant which type of keystroke logger they used as the bank had the right auditing practices in place to catch the thieves.

"Whether it's a hardware or software keystroke logger, that's all supposition," said Wood. "But they are all a threat to business. We don’t know whether the keystroke logger was from an email-borne virus or it was a physical keylogger. There are quite a few ways of detecting [keystroke loggers]. It goes to show that if you have sufficiently strong auditing, you have at least a chance of catching it before it's too late."

Next

Previous

1 2


  • Email
  • Trackback
  • Clip Link
  • Print friendly Print with Dell

Did you find this article useful?
147 out of 279 people found this useful


Talkback

Post a comment


Full Talkback thread

0 comments

Related Links

More In Security threats


Company/Topic Alerts

Create a new alert from the list below:




Related Jobs

SUPPORT ENGINEER - HERTS - c25k - ELECTRONIC FUNDS TRANSFER

Opportunity for a Support Engineer with previous experience of providing 1st line support of Electronic Funds Transfer & Payment Systems / Payment ...

Newly ACA qualified? Bored of practice?

Reporting directly to the Head of Business Risk, you will be in an autonomous role and expected to go into the field and various aspects of ...

IPT Support Engineer

Unity and Unity Connections Voicemail.voice and/or video networks using H.323 / SIP protocols QoS and prioritization techniques Networking directory ...

Featured Talkback

What was achieved there is recognised to be of fundamental importance to both winning the war (Churchill visited to say 'thank you' to them) and the development of the computer. Maybe Bill Gates doesn't want to support this museum because it underlines where electronic computing started i.e. here, not the U.S.

By: 1000103773

Read full story:
Bletchley Park faces bleak future

Sentry Posts Blog

Skype - The Roach Motel

Here is an interesting article from The National Business Review, pointing out once again that you can never delete a Skype account. Never. Period. This is something I am familiar... More

Post a comment

The vPhone: Why Visa Should Go Mobile

The vPhone: Why Visa Should Go Mobile Author: Eric Everson, Founder MyMobiSafe.com With all of the success of Apple’s iPhone, there is a growing case to support a company like Visa... More

Post a comment

The Google Apple Merger: Fantasy or Fu...

The Google Apple Merger: Fantasy or Future? Author: Eric Everson, Founder MyMobiSafe.com Market research suggests that Microsoft controls upwards of 90% of the respective computer-based... More

1 comment

Featured Oracle Resources

businessfirst: Ideas to help small companies retain their successful entrepreneurial spirit

Oracle ONE Magazine: Technology solutions for midsized businesses February 2008 edition

Choosing a Reliable and Powerful IT Infrastructure at a Price You Can Afford

Database Consolidation: Reducing Cost and Complexity

Ensuring Data Protection for Growing Business

Oracle for medium and emerging businesses: protect, strengthen and enhance your organisation

Oracle partner network solutions catalogue

See All White Papers