Mission Impossible for cyberthieves

How police busted the UK's biggest cybercrime case

A fascinating report has recently been published detailing a failed £229m raid on the Sumitomo Mitsui bank in October 2004.

If the cybercriminals had succeeded they would have pulled of the UK's biggest bank job, and would have netted over five times more than the City's biggest previous robbery.

The report is of particular interest, as it reveals the crooks used commercial keystroke-logging software to capture usernames and passwords needed to make bank transfers. The keystroke logger software iOpus Starr, is a high street product legitimately used by parents to keep an eye on their children's web activities.

Lead police investigator Marc Kirby said. "The use of legitimate technology meant the software was not picked up by anti-virus scanners. And there was no traffic going into or out of the network so it couldn't be detected that way."

There was also inside involvement in the scam, with a security supervisor repeatedly smuggling two male hackers (one French, the other Belgian) into Sumitomo's London office to gain access to the bank's systems.

http://www.theregister.co.uk/2009/03/19/sumitomo_cyberheist_investigation/

Learn more about how keystroke logging can be used by criminals to steal information