Hacking raid on Sumitomo bank thwarted

Security experts have praised Sumitomo bank for admitting it was the target of a failed £220 million hacking attempt.

According to media reports the UK's National High Tech Crime Unit has issued a warning to large banks to guard against keylogging, the method adopted by the would-be thieves in an attack on the Japanese bank’s London systems. The intruders tried to transfer money out of the bank via 10 accounts around the world.

Keyloggers record every keystroke made on a computer and are commonly used to steal passwords. Eighteen months ago, US games developer Valve had the source code to its latest version of Half-Life stolen after a virus delivered a keystroke recorder program into Valve’s founder’s computer.

“Generally big businesses don’t like to talk about any security problems they may have,” said Graham Cluley, senior technical consultant at security software company Sophos. “Clearly Sumitomo did very well, they didn’t lose any money and they involved the authorities.”

Arthur Barnes at security integrator Diagonal Security agreed: “I think this is very positive, it warns the rest of the community. Someone was always going to have to stand up and say this is going on. It’s very brave, they’ve really done the right thing. Too often this sort of thing is swept under the carpet.”
He added, however, that he suspected Sumitomo had to have its arm twisted to admit to the security breach especially as it may have involved an insider.

“I have a horrible feeling that if the attempt had been successful, it wouldn’t have been reported,” he said.
The bank confirmed a probe was underway and stressed that no money was lost but declined to talk about the details, citing the ongoing investigation.

"We have undertaken various measures in terms of security and we have not suffered any financial damage," a spokesman said.

Barnes, who has worked with the NHTCU, said he felt the publicised arrest of a man in Israel and Sumitomo’s confirmation of a plot, appeared to point to the NHTCU trying to flush out the thieves and suggested they knew something about them. “It would also serve as a warning to anyone thinking of doing this kind of thing,” he said.

Yeron Bolondi, 32, was seized by Israeli police yesterday after an alleged attempt to transfer some of the cash into his business account. He was reportedly charged with money laundering and deception.
In a statement, Israeli police said there had been an attempt to transfer £13.9 million into the account “by deception in a sophisticated manner”.

Cluley and Barnes said keylogging hacks were more common than anyone would like to admit but the £220 million plot was probably the largest corporate case that had been made public.

Both experts said it was not clear what kind of key-logging had been used.

Barnes said keyloggers had become much more sophisticated in recent times, moving away from software forms to include sniffer-type hardware devices. Both he and Cluley speculated that the perpetrators may not have actually hacked in to the bank’s systems from outside to plant their keylogger.
“They’ve now got little hardware loggers that are like a dongle that you place between the keyboard connection and the base unit,” Barnes said.

“A cleaner could come in and pop one of these things in. No one ever looks around the back [of their PC].”

He said this meant that an organisation’s level of encryption or strength of firewall could become irrelevant.

He pointed out that hacker sites offered keylogging software for free. Keystroke recorders are also sold on seemingly legitimate websites for 10s of US dollars, purportedly for employees to keep an eye on what staff are doing at their computers.

Cluley pointed out that no matter how spectacular the Sumitomo case sounded, attacks on individuals’ machines were an everyday occurrence and users had to be more vigilant.

“[We’re seeing] 15 to 20 new pieces of malware a day and they are worms and trojans that do keylogging. Individuals probably don’t even know about it, the malware doesn’t display a skull and crossbones or play the Blue Danube over your speakers to announce its presence.”
He urged users to update anti-virus software “probably several times a day and not to forget to install Microsoft patches and install a firewall.

“There are constant attempts, it’s staggering how much this is going on,” he said.