Two computer hackers who tried to steal £229 million from Japanese bank Sumitomo Mitsui in London have been found guilty of conspiracy to steal.
“Lord” Hugh Rodley of Gloucestershire, who bought his title, was found guilty at Snaresbrook Crown Court of conspiracy to defraud and transfer criminal property. David Nash was convicted of conspiracy to transfer criminal property.
The scam involved three other men - Kevin O’Donoghue, Jan Van Osselaer and Gilles Poelvoorde - who all admitted conspiracy to steal. All five men are due to be sentenced today. Another defendant, Bernard Davies, committed suicide three days before the trial began in January.
In 2004, the men installed keylogger software on computers in the bank, in order to capture staff logins and passwords. O’Donoghue, who at the time worked as a security guard at the bank, allowed the other men into the London premises at night to install the software.
The men managed to access the accounts of some of the bank’s largest clients, including Toshiba International, Nomura Asset Management and Sumitomo Chemical UK, and subsequently attempted to transfer the £229 million in over 20 separate electronic requests.
But suspicions were raised after failings in the execution of their “bold and sophisticated” plot, the court heard, when they mistyped details on the complex transfer forms, and staff noticed their computers had been tampered with. A four-year investigation by the Serious Organised Crime Agency ensued.
Sumitomo Mitsui told the BBC website its systems and controls had prevented the fraud's success and that customer accounts were not at risk.
But Philip Wicks, security consultant at IT supplier Morse, said it was “very worrying” that the bank’s security systems had not detected the keylogger software being installed.
“Organisations must ensure that that, as well as guarding against hackers, they are protecting themselves from the threat from within,” he said. “As has been shown in this case, insiders within the business are all too often used to give criminals access to IT systems.”