"Two men who plotted to steal £229m from a bank using software have been found guilty for their roles in the scam. "Lord" Hugh Rodley, of Gloucestershire, who bought his title, was convicted of conspiracy charges dating back to 2004. Gang members had installed spyware on computers at the London offices of Sumitomo Mitsui bank in order to steal money from big business accounts. Soho sex shop owner David Nash, 47, from Durrington, West Sussex, was also convicted at Snaresbrook Crown Court. He had been used by Rodley to front accounts into which the funds would have been channelled, the trial heard. ... O'Donoghue and the Belgian-based hackers will be sentenced alongside Rodley and Nash on Thursday. A seventh defendant, Rodley's 74-year-old business partner Bernard Davies, committed suicide two days before the trial began." Source: BBC News, 4th March 09.
You couldn't make this stuff up!
These guys nearly pulled off a brazen scam, using hardware keyloggers installed in the bank building in London to steal login credentials and subsequently attempting to wire-transfer big money offshore. A problem with the inter-bank transfers stopped the transaction/s succeeding, leaving them empty handed. Alert employees at the bank spotted that their machines had been interfered with and the scam was blown. Seems it really was mission impossible (not Mission Impossible)!
The incident naturally raised public awareness of the widespread vulnerability to hardware keyloggers (and, by the way, wireless keyboards) but I'd be interested to know more about the controls which foiled the attempt.
The Register reports "Armed with the purloined information, gang members attempted 10 transfers from bank customers including Toshiba and Nomura Holdings to accounts located in Spain, Dubai, Hong Kong, Turkey, and Israel. When the transactions failed, the men returned the following day and tried to transfer an even larger amount of funds to additional accounts located in Liechtenstein and Singapore. Those attempts failed as well. In all, the botched transfers totaled some £229m. They probably would have succeeded were it not for some elementary mistakes the men made in filling out the SWIFT, or Society For Worldwide Interbank Financial Telecommunication, forms." Bank employees spotted the SWIFT errors, presumably on the forms but possibly on error reports from their systems, and raised the alarm.