Nine members of the gang that carried out last year’s innovative remote KVM attacks on Barclays Bank and Santander have been handed prison sentences totalling 24 years and nine months for a heist that netted £1.3 million ($2.2 million).
The first and attack, on Barclays’ Swiss Cottage branch, happened on 3 April 2013, when a member of the gang managed to plant a wireless keyboard-video-mouse (KVM) device on a bank computer after posing as a repair man.
Accessing the bank system from a nearby hotel, the gang used 128 transfers to move £1,252,490 through a network of mule accounts set up to launder the cash. Although police were called, the gang was able to follow up with a raid on a Barclays branch in Lewisham in July that netted £90,000. Barclays recovered only around £600,000 of the money stolen in the first raid.
By the time the gang tried the same trick on a branch of Santander Bank in Surrey Quays in September, the Police Central e-Crime Unit (PCeU) had sussed the KVM method of attack and were waiting to pounce, raiding several London addresses and making eight arrests.
This uncovered a wider conspiracy in which high-value credit cards had been stolen or intercepted and used to buy expensive items such as Rolex watches, jewellery and Apple Mac computers to the tune of £1 million.
This appears to have been the gang’s original line of business, conducted using a device that could spoof the phone numbers of banks in order to fool target account holders into revealing their PIN numbers during phone calls.
Gang members were this week handed a variety of sentences, but it is the five and a half years given to alleged gang leader and ‘Mr Big’ mastermind Tony Colston-Hayter, 48, that has attracted the most attention.
As a noted 1990’s former acid house rave promoter, Colston-Hayter stands out among the throng of mostly young and often foreign cybercriminals convicted in the UK over the last ten years as a restless entrepreneur gone wrong after a company he set up folded with sizable debts.
UK newspaper websites have published pictures of him as a younger man, complete with dark bouffant hair and a huge 1980’s yuppie mobile phone; the images reek of Thatcherite aspiration that offer only vague clues to the mindset of a man accused of dreaming up one of the UK’s most novel bank heists since the Great Train Robbery.
Adding more colour to the crime, Colston-Hayter was also accused of hacking the email account of comedy writer, Stephen Merchant, a change that will remain on his file.
Other members of the white-collar gang included former TV executive, Steven Hannah, 53, who was sentenced to five years and ten months for his part in the attacks.
“Today’s convictions are the culmination of a long and highly complex investigation into an organised crime group whose aim was to steal millions of pounds from London banks and credit card companies,” said DCI Jason Tunn of the MPS Cyber Crime Unit (which succeeded the PCeU unit that started the investigation).
“We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital.”