Bank attack used key-loggers costing just £20

The hacker attack on Sumitomo Mitsui bank last month involved the use of keyboard logging devices costing as little as £20 each, according to sources.

Link: International hackers attempt massive heist

Accountancy Age sister publication Computing has learned that the attempt to steal an estimated £220m from the London office of the Japanese bank relied on battery-sized hardware bugging devices plugged into PCs’ USB ports.

Users’ keyboards were connected to these key-loggers, which recorded details of everything typed into the system.

Sources claim that cleaning staff – or people posing as cleaners – were able to attach the devices to machines. When the plot was uncovered, bank investigators found some of the devices still attached to the back of PCs.

The bugging kits, known as hardware key-loggers, can be bought from spy shops for about £20.

They are difficult to detect unless someone physically examines the back of the machine.

The devices can then download passwords and other data used to gain access to the computer system.

‘It is known that people have been using devices such as these because you can buy them from shops. It is highly likely that they have been used in other scenarios,’ said Paul Docherty, technical director of consultancy Portcullis Computer Security.

Many banks are now believed to be permanently connecting keyboards and other devices into their computers to prevent similar attacks. Sources say some banks have also banned wireless keyboards in offices.

‘This type of scam has been going on for a while,’ said a source. ‘This is an old, old issue, and people have been talking about it being a weakness for at least two years now.’

Sumitomo is now believed to have deployed sophisticated software that monitors the electrical current in computer systems and can tell if they are being tampered with. A spokesman for the bank declined to comment on the investigation.

Related reading

HMRC banknotes