The Sumitomo Mitsuibank bank heist

From Richard Stiennon’s “Lessons Learned from Biggest Bank Heist in History“:

Last year’s news that thieves had managed to break in to Sumitomo Mitsui Bank’s branch in London and attempt to transfer almost $440 million to accounts in other countries should give CIO’s cause for concern. …

First a recap. Last year it came to light that U.K. authorities had put the kibosh on what would have been the largest bank heist in history.

The story is still developing but this is what we know: Thieves masquerading as cleaning staff with the help of a security guard installed hardware keystroke loggers on computers within the London branch of Sumitomo Mitsui, a huge Japanese bank.

These computers evidently belonged to help desk personnel. The keystroke loggers captured everything typed into the computer including, of course, administrative passwords for remote access.

By installing software keystroke loggers on the PCs that belonged to the bank personnel responsible for wire transfers over the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network, the thieves captured credentials that were then used to transfer 220 million pounds (call it half-a-billion dollars).

Luckily the police were involved by that time and were able to stymie the attack.

From Richard Stiennon’s “Super-Glue: Best practice for countering key stroke loggers“:

… it is reported that Sumitomo Bank’s best practice for avoiding a repeat attack is that they now super-glue the keyboard connections into the backs of their PCs.