A recent court case exposed the work of criminal gangs who have
terrorised UK IT departments over the past three years. Paul Kunert
delves into the increasingly dangerous and murky world of organised
crime and supercomputer theft.
In the late afternoon of 20 November 2000 as the City was busily
trading, three men dressed in black designer suits strolled into
Deutsche Bank's headquarters. They headed for the server room,
ripped out £1.7m worth of Sun circuit boards, placed them in a
holdall and coolly sauntered out through the main reception
area.
The audacity of the crime, which was the fourth against a financial
institution in the Square Mile in three weeks, left the police
scratching their heads.
But it was not until early 2002, when the level of supercomputer
theft reached epidemic proportions, that Operation Sundance was
launched by the National Crime Squad and the National Hi-Tech Crime
Unit to investigate the crimes.
Using CCTV and tip-offs, the investigation led to a man called
Gbenga Biobaku, referred to by the police as Mr Big and already
known as an organised crime leader not afraid to use violence. It
was Biobaku who told the gangs where to hit and organised the
distribution of stolen IT goods to black markets in Africa and
Eastern Europe.
The investigation also found that Biobaku had forged links with
ex-Sun employee Kevin Leslie and paid a total of £35,000 for inside
information on the suppliers' customers.
Biobaku and nine of his henchmen were jailed for a total of 30
years and nine months after they were convicted in April this
year.
The gang was part of a wider network of London-based cells that
terrorised up to 30 IT departments across the country. In a
two-year reign of fear, this one gang alone cost businesses tens of
millions of pounds in insured losses, lost business and increased
security costs.
Even under the cloak of anonymity, IT managers still reeling from
their ordeal are somewhat reluctant to talk about the incidents,
for fear of bad publicity. Firms in the Square Mile are
understandably wary of talking about anything that might damage
their business, but one spokesman from a City institution admitted
that the security budget at his company had "significantly
increased" in the aftermath of the attacks.
Richard Jack, the detective chief inspector at City of London
police who was initially charged with hunting down the gangs, says
they started off targeting smaller Sun systems at small and
medium-sized enterprises. "They were little groups of burglars with
good links to organised crime in London," he says.
But as their confidence grew, the gangs set their sights on larger
organisations and businesses including universities, media firms,
telecoms companies, councils and banking institutions, which all
use heavy-duty computing equipment.
As the size of targets grew, so did the gangs' propensity for
violence. "The attacks were often aggravated," says Jack. "They
would pretend to do a delivery and then handcuff the security
guards and knock them about a bit."
On one occasion, in the early hours of 13 March 2001 at BT's
Salisbury branch, four men dressed in black and wearing ski masks
forced their way into the building before taping up and assaulting
four members of staff. They rifled through the server room and made
off with £1.8m worth of Sun equipment.
However, in the past year there has been a noticeable decline in
the level of supercomputer crime. There were smaller regional gangs
operating in the North East, attacking universities, but police say
they have also been arrested and are awaiting trial .
Mick Bamber, detective inspector at the NCS, believes the
popularity of supercomputer theft has waned. "As far as we are
aware, there have only been one or two offences involving premises
containing Sun equipment since the arrests." Other officers agree.
Jack believes the spate of thefts in 2000 coincided with the growth
of demand for hardware in the emerging IT markets of Africa and
Eastern Europe. This has since tailed off, although businesses have
been made more aware of the threat posed by organised crime.
Sun Security, the arm of Sun Microsystems which investigates thefts
with the help of customers and police agencies, believes
supercomputer theft has declined because of increased customer
vigilance. Although Sun claims to have tracked down stolen
products, it declined to give details of where, when and who was
accepting the equipment.
A Sun Security spokesman says prevention is better than cure and
customers have now realised the value of their computer
infrastructures and taken measures to protect them. "The cost of
tightening security and implementing appropriate security policies
is generally recognised as manageable in comparison to the
potential disruption of a theft," he says.
At the Control Risks Group, an organisation that advises businesses
on the best preventive action to take in deterring thieves, experts
believe the crimes were specialised and that the gangs needed to
have highly organised networks in which to sell the goods and
retain up to 50% of their value.
CRG's deputy director Peter Yapp says, "I would not have thought
the products would stay in this country because the infrastructure
is more formalised. With serial numbers and maintenance checks the
machines are more detectable."
But while supercomputer theft may have abated, shoring up existing
security precautions is no bad idea because, like fashions, crimes
have an awful habit of coming around again.
The nine men arrested by the NCS are serving sentences of between
two and seven years and the market for stolen-to-order
supercomputers may have tapered, but Jack describes the situation
as a "ticking timebomb".
Chip theft is the crime that companies need to be most aware of.
Memory modules and processors became desirable high-ticket items as
soon as the industry took off, but the losses are being felt more
acutely by suppliers at the moment given the current economic
downturn.
The most popular method of stealing chips was from wholesaler
warehouses in ram-raid attacks, but the pattern emerging over the
past year seems to favour nabbing the products in transit at
airports .
Such was the scale of the problem in and around Heathrow that
Operation Grafton, a specialist 18-man team, was formed by
Metropolitan, Surrey and Thames Valley Police in March this
year.
There have been a series of raids in the past eight months which
experts believe are inside jobs. In October 2002, £2.8m worth of
Samsung memory modules were simply loaded into a van near the
Heathrow cargo service centre and driven away.
A similar incident happened earlier this year when an American
Airlines truck was taken after it was left unattended for a few
minutes. More than £6m worth of Pentium chips were stolen, although
some were later recovered after the gang was disturbed while
transferring the goods.
Some of these gangs are also prepared to use violence. In one of
the more menacing incidents on 2 March, a £7m consignment of
processors was hijacked by three men after it had left the Heathrow
cargo centre.
The men ran at the driver and threatened him with claw hammers
before pulling him from the truck. Again, the thieves were spotted
moving the goods into their own vehicle and fled empty
handed.
The transportation of chips is so problematic that insurers are
becoming increasingly edgy about underwriting the cargo. David
Abbott, director at Abbott and Bramwell, one of four companies
worldwide that specialises in shipping chips, says there is a
"complete lack of appetite for this type of risk".
"It is unattractive because the levels of crime involved have
increased so much, it is like moving gold bullion around - you
could easily have £1m worth of chips in a small consignment."
Airport freight forwarders have become targets as security at
distribution warehouses becomes more militarised. But as police
sources confirm, the "whole method of shipping high-value goods
needs to be looked at in terms of advertising loads and internal
procedures".
Abbott says there is always the possibility that the crimes
mentioned above were perpetrated with the help of insiders. "This
removes the need to take a gun. You go in with bogus paperwork or
inside knowledge," he says.
Craig McKinley, detective inspector at Heathrow CID, also suspects
the use of insiders because the criminals seem to know about the
movement of goods. He believes they must be perpetrated by
organised gangs because of the scale and professionalism of the
jobs.
But where do all these stolen chips go? Granted, they are not
specialist items like £200,000 Sun circuit boards and do not need
to be sold through specialist channels, but the sheer volume of
product must mean they have to be disposed of quickly and
reasonably locally.
McKinley says he was informed by IT industry sources that the
stolen Samsung memory modules taken last year were on the grey
market in the Netherlands three days after the theft but never
found.
One million pounds worth of chips may sound like a large amount
but, according to Abbott, they could be traded without too much
difficulty. "The products have serial numbers but they are still
very difficult to track. Operating in an open market means they
could easily go to Hong Kong or Dubai," he says.
Investigations are ongoing and police are following forensic leads,
but as yet there have been no arrests. However, if history is
anything to go by, the thieves could be right on your
doorstep.
Following an "extensive and dangerous" undercover operation to
infiltrate a gang involved in ram-raids and robberies, codenamed
Operation Midas, a police raid in July 2001 turned up some
surprising individuals with close links to the computer
industry.
Of the seven people later found guilty at Reading Crown Court of
conspiring to handle stolen goods from a number of robberies, two
had been company directors of an IT distributor that had gone into
liquidation in 1999.
Before their arrest the men were trading the stolen goods through
online mail order company, Silverplus, based at a warehouse in
Slough. They sold the stolen hardware at just below existing market
prices so as not to raise suspicion.
Ray Blythe, a detective inspector with Surrey Police, says the
likelihood is that the products were going back into the UK
processor market.
"They probably ended up going into smaller businesses and less
scrupulous suppliers. A £200 chip can be sold for £180 by someone
that is well versed in handling stolen goods," he says.
Worryingly for IT departments, Blythe says some stolen components
could find their way into systems that might not be supported by a
manufacturer should they fail.
The advice from Intel, a company significantly affected by the
crimes because it holds 80% of the worldwide processor market, is
to buy from an authorised source and save yourself the
headache.
With organised criminals still casting a keen eye over developments
in the IT industry, one wonders what sector will be next. Jack says
criminal gangs will move to "whatever is current and wherever there
is demand".
So lock up your systems and watch what you buy.
Don't have nightmares.
How to make your server room a strong
room
The cost of installing CCTV is between £500 and £10,000.
Smokecloak alarms may require an investment of up to £2,500 and
steel doors will set you back at least £2,000. But safeguarding
your IT is priceless.
Peter Yapp, deputy director for network forensics IT security at
Control Risks Group, says you can spend as little as £500 on a
basic CCTV system but costs will vary from firm to firm.
Prevention is better than cure, he says, so keep the villains at
bay with intruder-detection and panic alarm facilities, together
with CCTV that covers the entrance.
Newly built properties with a solid construction are preferable,
while the room should be windowless and the walls made of bricks
and mortar as opposed to demountable partitions.
Doors need to be equal to the risk but should be of solid core
construction, fitted with a high-quality lock. Steel lining and
multipoint locking may be appropriate. Access control should be
provided in the form of a swipe card or proximity reader associated
with a keypad and PIN.
Prices of these deterrents may vary:
- 3mm-thick steel security cases, bolted to the floor with lever
locks - £1,200 to £7,000
- Intruder alarm linked to remote monitoring facility -
£1,000
- Steel shutters on the IT room windows and security doors -
£2,500.