Eight men have been arrested by the Metropolitan Police's Central e-Crime Unit (PCeU) in connection with a theft of £1.3 million, after taking control of a Barclay's bank branch computer with the use of a KVM switch.
Police revealed that in April 2013 a man purporting to be an IT engineer was able to gain access to a branch of the high street bank, claiming that he was there to fix computers. The man then deployed a 'keyboard, video and mouse switch' KVM switch, a piece of hardware used by many businesses, to a 3G router which was subsequently attached to a branch server, enabling the gang to control systems remotely.
Once control was gained of branch systems in Swiss Cottage, London, it was possible to transfer money to bank accounts owned by the gang.
Following arrests made on Thursday 19 September and Friday 20 September, the men, aged between 24 and 47, are being charged with allegations of conspiracy to steal from Barclays and conspiracy to defraud UK banks.
In a statement the Met noted that this is a 'new and increasing methodology' witnessed by UK law enforcement aimed at low risk, high yield cyber enabled crime.
The theft bears a striking resemblance to a planned attack on fellow high street bank Santander last week. The PCeU arrested 12 men charged with plotting to steal millions of pounds after placing a KVM switch on a Santander branch computer, though the plan was halted before money was taken.
Commenting on the Barclays theft, detective inspector Mark Raymond of the Met's PCeU, said: "These arrests were achieved working in partnership with the Virtual Task Force (VTF), an unique information sharing cyber collaboration between the PCeU and the UK banking sector.
"Those responsible for this offence are significant players within a sophisticated and determined organised criminal network, who used considerable technical abilities and traditional criminal know-how to infiltrate and exploit secure banking systems."
In a statement, Alex Grant, Barclays managing director, Fraud Prevention, said that security remains a "priority" for the bank, and that its customers had suffered no financial loss."Barclays has no higher priority than the protection and security of our customers against the actions of would-be fraudsters," Grant said."We have been working closely with the Metropolitan Police following a security breach at our Swiss Cottage branch in April 2013. We identified the fraud and acted swiftly to recover funds on the same day."We can confirm that no customers suffered financial loss as a result of this action."