Hacking raid on Sumitomo bank thwarted

TechWorld.com - Security experts are praising Sumitomo Mitsui Banking Corp. for admitting that it was the target of a failed $424 million hacking attempt.
According to media reports, the U.K.'s National High Tech Crime Unit (NHTCU) has issued a warning to large banks to guard against keylogging, the method adopted by the would-be thieves in an attack on the Japanese bank's London systems. The intruders tried to transfer money out of the bank via 10 accounts around the world.
Keyloggers record every keystroke made on a computer and are commonly used to steal passwords. Eighteen months ago, U.S. games developer Valve had the source code to its latest version of Half-Life stolen after a virus delivered a keystroke recorder program into Valve's founder's computer.
"Generally, big businesses don't like to talk about any security problems they may have," said Graham Cluley, senior technical consultant at security software company Sophos PLC. "Clearly, Sumitomo did very well, they didn't lose any money, and they involved the authorities."
Arthur Barnes at security integrator Diagonal Security agreed. "I think this is very positive; it warns the rest of the community," he said. "Someone was always going to have to stand up and say this is going on. It's very brave. They've really done the right thing. Too often this sort of thing is swept under the carpet."
The bank has confirmed that a probe is under way and stressed that no money was lost. But officials declined to offer further details, citing the ongoing investigation.
"We have undertaken various measures in terms of security and we have not suffered any financial damage," a spokesman said.
Barnes, who has worked with the NHTCU, said the publicized arrest of a man in Israel -- along with Sumitomo's confirmation of a plot -- appeared to be an effort to flush out the thieves, and suggests law enforcement officials know something about them. "It would also serve as a warning to anyone thinking of doing this kind of thing," he said.
Yeron Bolondi, 32, was seized by Israeli police yesterday after an alleged attempt to transfer some of the cash into his business account. He was reportedly charged with money laundering and deception.
In a statement, Israeli police said there had been an attempt to transfer $26.7 million into the account "by deception in a sophisticated manner."
Cluley and Barnes said keylogging hacks are more common than thought, and they said the $423 million plot was probably the largest corporate case that had been made public. Both experts said it's unclear

Reprinted with permission from

For more enterprise technology news from the U.K., please visit TechWorld.com. Copyright 2006 IDG, all rights reserved.