Eight men have been arrested for allegedly stealing £1.3 million from Barclays Bank by installing a remote PC access device in its branch in Swiss Cottage, London.
In April, a man disguised as an IT engineer told branch staff he was there to fix a computer, the Metropolitan Police said today. Instead, he installed a 'keyboard, video and mouse' (KVM) device (pictured) in the branch, which meant PCs could be accessed remotely.
"This enabled the criminal group to remotely transfer monies to predetermined back accounts under the control of the criminal group," the Met said.
Barclays was later able to recover the stolen funds.
The alleged incident closely resembles a failed attempt to rob a branch of Santander last week. Again, a man disguised as an IT engineer tried to install a KVM device, but the Metropolitan Police had been tipped off in advance.
"This new and increasing methodology being seen by UK law enforcement demonstrates the rapidly evolving nature of low risk, high financial yield cyber enabled crime," the Met said today.
A spokesperson for the Met said that whether or not the two incidents are linked "will be part of our investigation".
Speaking to Information Age after the Santander heist, independent security consultant Graham Cluley said the advantage of this kind of attack is that it circumnavigates the bank's software IT security defences. "Hardware is much more difficult to detect, because there's nothing running on the machine," he said.
Clulely said the incident reveals why employees must question anyone unknown who enters the office claiming to be an engineer. He also said this kind of attack can be thwarted by introducing two-factor authentication on employee PCs.