Four of the alleged perpetrators appeared in court over the weekend to be arraigned.
Were they successful? That much is, worryingly, unclear. The police called it an “audacious attempt.” But as a police spokesperson told Reuters, “It is still not clear whether any money was extracted from the computers but we should have more information as the investigation develops.”
The e-Crime Unit of London's Metropolitan Police said the group were able to infiltrate via a keyboard video mouse (KVM) device that allowed them to access and take control of all of the computers at the branch, viewing the desktop contents and transmitting sensitive information back.
A KVM switch is a hardware device that allows a user to control multiple computers from a single keyboard, video monitor and mouse. Network-connected KVMs, which cost about $20 to $30, allow systems administrators to remotely administer machines from their desks. Using a KVM from within a corporate network requires physical access; however, using one on a network that’s connected to the internet means it can be hacked remotely. Apparently this latter scenario is what’s happened in this case.
“A recent KPMG report highlighted the imminent cyber threat that is currently hanging over UK banks, which has now been illustrated by this attempted attack on Santander,” said Raj Samani, CTO for McAfee EMEA, in a comment emailed to Infosecurity. “These arrests prove that the ease with which anybody can conduct what is described as a very significant and audacious cyber-enabled offence requires limited technical knowledge, and questionable moral compass. Simply plugging in a physical device that can be attained from any number of legitimate outlets demonstrates that the bar required to be a ‘cyber-criminal’ is probably at its lowest level.”
The news comes against the backdrop of the government’s new scheme around cybersecurity for the UK financial services sector being launched earlier this year, seeking to ensure greater awareness of cyber risks.
The 12 men were arrested on Friday over a plot involving a Santander branch in southeast London, following an investigation by the e-Crime Unit. Four suspects (25-year-old Lanre Mullins-Abudu, 34-year-old Dean Outram, 27-year-old Akash Vaghela and 35-year-old Asad Ali) were charged late on Friday and appeared on Saturday at Westminster Magistrates' Court. The other eight have been released on bail pending further enquiries.