(MSPAlliance) – Thursday, April 20, 2006 – In 2005, thieves dressed as cleaning staff broke in to the U.K. branch of the Japanese bank Sumitomo Mitsui with the help of a security guard. The thieves installed hardware keystroke loggers on the bank’s computers, and these devices captured everything typed into the computers, including administrative passwords for remote access.
Using these passwords, the attackers then installed software keystroke loggers to access the SWIFT (Society for Worldwide Interbank Financial Telecommunication) network and transfer 220 million pounds into accounts in other countries, qualifying the attack as the biggest bank heist in history. The attack was minimally sophisticated, and police foiled the attack and recovered the money. The attackers, however, remain at-large.
Companies should protect against keystroke loggers and system monitors, as this same result could have obtained from e-mailed Trojan horse software, bundled with a legitimate PowerPoint presentation or proposal, for example. Thieves can cause significant financial damage to companies through keystroke loggers by capturing quarterly financial figures before they become public or accessing critical information to an acquisition. It is important that companies always be aware of IT security, implementing a balanced plan focusing on both internal and external threats.