A gang of cyber thieves attempted to steal £229 million from a large Japanese bank, after installing keylogger software on PCs in its London headquarters, a court heard yesterday.
The gang raided the City premises of Sumitomo Mitsui Banking Corporation at night, installing the keylogger programs on its machines in order to capture employee log-in details and passwords, it is alleged.
At the time, one of the men involved, Kevin O'Donoghue, was working at the bank's offices in a security capacity, and was able to allow the Belgians access to the building on several occasions, prosecutors said.
Having captured the details, the thieves attempted to use them to make a series of over twenty electronic transfers over two day period, each worth millions of pounds, from some of Sumitomo’s largest customers including Toshiba and Nomura Asset Management, according to the case against them.
But the alleged plot failed, the court was told, when the hackers mistyped some of the information into transfer forms. The main reason the plot failed was the men's unfamiliarity with the Swift system used to move money to external accounts, which caused them to enter incorrect data in an important field.
Staff at the bank discovered the plot after noticing their computers had been tampered with and informed management, who in turn told the police.
By the time the men were apprehended, the police had been observing them for some time, hoping no doubt to uncover the full extent of the scheme.
Several members of the gang, including two IT experts, Jan Van Osselaer and Gilles Poelvoorde, and the bank’s security supervisor, O'Donoghue, have pleaded guilty to conspiracy to steal in late 2004. Other men, including two British businessmen, Hugh Rodley and David Nash, pleaded not guilty for serving as ‘fronts’ for the companies and the bank accounts set up to receive the stolen money. Another defendant, Bernard Davies, died last weekend.
Simon Farrell, QC, for the prosecution, said: “The attempt was made by surreptitiously entering the bank at night, by corrupting its computer system and by attempting to electronically transfer money.”
At the time news came to light of the attempted theft, the Japanese bank was praised for avoiding the temptation to hide events, which finance houses have been accused of in the past.
"Generally big businesses don't like to talk about any security problems they may have," security expert Graham Cluley of Sophos said at the time.
The jury trial at Snaresbrook Crown Court in London is expected to continue for six weeks.