Two men were last week convicted for trying to steal £229m from the London branch of a Japanese bank in an elaborate, high-tech scheme that would have been Britain’s biggest bank heist, putting the issue of keylogging devices under the spotlight.
The plot, which would have been worth around £229m if successful, involved the use of complex “keylogging” techniques installed on computer systems within the offices of the Sumitomo Mitsui Bank in London that harvested every keystroke and mouse click made on the infected PC’s. The intention was to then retrieve this data which would, in theory, have contained login details for many of the bank’s security systems.
The scam failed however and last week, Hugh Rodley, 61, of Twyning, Tewksbury was found guilty of conspiracy to defraud and conspiracy to transfer criminal property and David Nash, 47 of Durrington, West Sussex was convicted of conspiracy to transfer criminal property.
The device in question in this instance was a USB hardware based keylogger but software based versions remain in existence, although many are not as sinister as they may seem.
If you’re reading this on a work, school or college PC, then the chances are that you’re using a machine or network that has some form of keylogging software installed. The recording of keystrokes and mouse clicks is a major principle behind many PC monitoring or parental control systems.
There are however, many malicious uses for keylogging software, most examples of which are spread through various forms of adware and spyware.
The software is used by criminals to secretly monitor and record everything that a user types or clicks on your PC in order to harvest your log-in names, passwords, and other sensitive information, before sending it on to the hackers. This can also include any passwords or user names that you may have asked your computer to remember for you, as these are usually held as cookies on your PC.
Some keyloggers also allow the creators to ‘target’ information entered into websites which could be of greater interest to criminals, such as online banking for example.
The software is one of the many reasons behind the growth in identity fraud over recent years and, had the Sumitomo Mitsui Bank come off, it would not have been the first financial institution to come unstuck.
In 2007, keylogging software was used to steal more than US$1m from the Swedish bank Nordea and in the same year, users of an American retirement savings and investment plan for federal employees were targeted by keyloggers, resulting in $35,000 going missing.
With the most common distribution methods for keyloggers being through over forms of malware, including adware, Trojans and spyware, the advice is to ensure that your firewall and antivirus software remains updated and that their copy of Windows is fully patched with the latest security updates.