A remotely controlled device designed to manipulate a bank computing system was sneaked into a bank office in Sweden and was poised to trigger a major theft until an alert bank employee pulled the plug after noticing his machine had been taken over, it emerged last week.
Seven people have been arrested over the attempted theft, on suspicion of attempted fraud and conspiracy to commit fraud.
The devise was found mounted under a desk in the bank in late August 2007. Attackers were at that time about to transfer several million Swedish krona (hundreds of thousands of US dollars) from one of the bank's accounts. However, an employee who had access to that account discovered the attempt.
"We're dealing with very advanced technical equipment with remote control capabilities. The employee discovered someone had taken control of the computer when the mouse pointer moved on its own. He then pulled the plug from the mysterious box," said Christer Nordström, a superintendent with the Uppsala police.
The attempted fraud took place in the local office of Swedbank, one of Sweden's largest banks, in Knivsta, south of Uppsala, Sweden.
According to the police, the unit was hidden during a break-in earlier last summer, when the alarm failed to go off. Fraudsters thereby gained access to the bank's system, authenticating themselves as the employee who later discovered the attempt.
After five months of investigation, six men were arrested last Monday and another one on Tuesday. Police sources said that at the time of arrest they were in the process of preparing two similar attacks.
Malware-based attacks against major banks have gained attention in Sweden in the last year and a half. Most of them have been carried out by the installation of Trojan Horse software on customers' computers. Intrusions into the banks' systems or offices are rare.
"We have never been hit by anything like this before," said Anna Sundblad, a spokeswoman for Swedbank.
The hardware used in the attack was based on standard equipment available in regular stores, police sources said. They did not reveal details, however. The exact nature of the device is a matter of discussion among security professionals. According to Per Hellqvist, a senior analyst with Symantec, a wireless system intercepting the signal from the computer to the keyboard and mouse is likely to have been used, judging from what little information has been released by the police.
"That way they are able to sit within a few hundred metres of the bank, be in contact with the box directly and thereby circumvent the bank's security systems", he said.
The seven men arrested, aged 24 to 63, are the only suspects.