Foiled £220m heist reveals banks’ secret battle with cyber criminals

Last week’s attempted £220m electronic heist against Sumitomo bank was one of the most audacious high-tech crimes ever attempted...

Last week’s attempted £220m electronic heist against Sumitomo bank was one of the most audacious high-tech crimes ever attempted in the City of London.

It highlighted a behind-the-scenes battle in which the financial services industry has been under sustained electronic attack from internet criminals for the past 18 months, said Graham Edwards, former security director at Abbey and banking industry IT security consultant.

By attacking the financial industry, organised crime groups are potentially posing a threat to the UK’s critical infrastructure, Edwards warned. "If you want to bring down a country’s infrastructure, attack its finance system," he said.

Banks are engaged in a daily struggle with criminal groups that are developing increasingly sophisticated programs to harvest passwords from internet banking customers, said Edwards.

"Criminal groups are developing sophisticated viruses and Trojans that do nothing but attack financial institutions," he said. "One Trojan carries screens that look like real bank sites. It monitors the user and opens up a fake site, or starts a key logger."

Another Trojan launches denial of service attacks against banks. Although it has had little success, more sophisticated Trojans will follow, Edwards warned.

Denial of service attacks, which disable banking websites by bombarding them with tens of thousands of messages, can have a dramatic impact on banks, disrupting transactions, damaging reputations and denting customer confidence, said Edwards.

Banks have responded by creating systems to direct traffic to back-up websites during attacks. This can buy police time to look for the command strings used by the perpetrators of the denial of service attacks.

There has been a 30% month on month growth in the number of fraudulent phishing e-mails sent to bank customers, and the number of phishing websites has doubled since October, Edwards revealed.

Read more on IT risk management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.