Cyber crime gang behind major bank fraud jailed

24 April 2014

An image of the KVM device used by the gang to defraud banks

Nine members of a gang which carried out a sophisticated cyber attack on the UK banking industry, stealing just over £1.25 million by remotely controlling bank accounts, have been sentenced to a total of 24 years and nine months imprisonment today, Thursday, 24 April.

The organised crime group also used bank and credit cards obtained from around one million intercepted or stolen letters to fraudulently purchase Rolex watches, designer jewellery and other high-value items, worth over £1 million.

"Today’s convictions are the culmination of a long and highly complex investigation."

The gang used a device known as a Keyboard, Video, Mouse (KVM) switch to access and control Barclays and Santander bank accounts remotely on three occasions.
 

They were  sentenced as follows at Southwark Crown Court:

Lanre Mullins-Abudu, 25, of Weimar Street, Putney

= conspiracy to commit fraud - three years imprisonment
= conspiracy to steal - three years imprisonment to run consecutively
= conspiracy to steal - two years imprisonment to run consecutively
= possession of articles for use in fraud - three years imprisonment to run concurrently
Total: eight years imprisonment

Steven Hannah, 53, of Bell Street, London, NW1:

= conspiracy to commit fraud - three and a half years imprisonment
= possession of Crystal Meth Class A drugs with intent to supply - two years and four months imprisonment to run consecutively
Total: five years and 10 months imprisonment

Tony Colston-Hayter, 49, of Seymour Street W1

= conspiracy to commit fraud - two and a half years imprisonment
= conspiracy to steal - two years imprisonment to run consecutively
= possession of articles for use in fraud - two and a half years imprisonment to run concurrently
= possession of articles for use in fraud - two and a half years imprisonment to run concurrently
= theft - one year imprisonment to run consecutively
Total: five and a half years imprisonment

Darius Valentin Boldor, 34, of Ebury Bridge Road, London SW1

= fraud - six months imprisonment
= conspiracy to steal - two years imprisonment to run consecutively
Total: two years six months imprisonment

Dean Outram, 32, of Clifford Gardens, NW10

= conspiracy to steal - one and a half years imprisonment
= conspiracy to steal - one and a half years imprisonment to run consecutively
Total: three years imprisonment

Adam Raeburn Jefferson, 38, of Newport Road, New Bradwell, Milton Keynes

= conspiracy to commit fraud - one year and four months imprisonment, suspended for two years
+ six-month tag-monitored curfew

Segun Ogunfidodo [male], 27 , of White City Estate, W12

= conspiracy to commit fraud - nine months imprisonment suspended for two years
+ community work order and three-month tag-monitored curfew

Dola Leroy Odunsi, 28,of Bromfield Rise, Abbots Langley, WD5

= conspiracy to commit fraud - nine months imprisonment suspended for two years
+ community work order and three-month tag-monitored curfew

James Lewis Murphy, 39,  of Wellington Buildings, Ebury Bridge Road, SW1 = possession of criminal property - six months imprisonment (sentence already served in custody).

Michael Victor Harper, 26, of Kiln Place, NW5 and Guy Davies, 49, of Sudbourne Road, London, SW2 and Asad Ali Qureshi, 26, of Old Brompton Road, SW7 are scheduled to be sentenced at Wood Green Court on 13 June for fraud by false representation, conspiracy to commit fraud and conspiracy to money launder respectively.

Stephen Ohunta, 41, of Mafeking Road, E16 is scheduled to be sentenced for conspiracy to commit fraud, theft and possession of criminal property on the same date, at the same court.

+ Martin Thane, 31,  of Eardley Crescent, SW5 was previously sentenced to six months conditional discharge, and ordered to attend a rehabilitation clinic for six months on 8 October 2013, for conspiracy to commit fraud by misrepresentation.

On 4 April 2013, Darius Bolder, 34, entered the bank’s back office, allowing the group to access the IT system of the bank’s Swiss Cottage branch. The group used the KVM device from a nearby hotel to make 128 transfers worth £1,252,490 to a network of mule accounts set up to launder the stolen cash. Barclays reported the cyber attack that day and recovered over £600,000 of the money.

The matter was referred to the Met's Police Central e-Crime Unit (PCeU) who began a lengthy and complex investigation.

On 17 July 2013, Dean Outram, 32 entered a Lewisham branch of Barclays and was able to unlawfully gain access to the bank’s computers where £90,000 was stolen. Barclays reported the matter to the MPS who quickly attended and recovered the KVM device.

On 12 September 2013, the group made another attempt to unlawfully gain access to Santander’s IT system by fitting another KVM device. This time, Dean Outram gained access to the Surrey Quays branch, where he fitted the KVM switch onto the bank’s computers in an effort to access the accounts. Meanwhile Lanre Mullins-Abudu, 25, and Asad Ali Qureshi, 26, attempted to gain access to the Santander banking system in order to transfer what police believe would have been substantial funds.

MPS detectives supported by Territorial Support Group officers raided an address in Kingsley Avenue, Hounslow where Mullins-Abudu, Qureshi and eight others were arrested. Police recovered computers that were logged into Santander bank accounts, but no money was stolen. Outram was also arrested having left the bank.

In addition to the Barclays and Santander cyber attacks, police identified that between May 2012 and September 2013, Mullins-Abudu, Stephen Hannah, 53, Guy Davis, 49, Adam Jefferson, 38, Segun Ogunfidodo, 26, Dola Odunusui, 29, Martin Thane, 31, Michael Harper, 26 and Tony Colston-Hayter, 49, also used what police believe to be around 500 high value bank and credit cards that had been either stolen or intercepted, to purchase Rolex watches worth up to £30,000 each, high-value jewellery and electrical equipment such as Apple Mac computers and iPads.

The value of the credit card fraud is in excess of £1 million. In order to use the cards, the group - led by Hayter - used a sophisticated device to spoof genuine bank telephone numbers in order to fool victims into providing their personal details and PIN numbers.

Detective Chief Inspector Jason Tunn, of the MPS Cyber Crime Unit, said: “Today’s convictions are the culmination of a long and highly complex investigation into an organised crime group whose aim was to steal millions of pounds from London banks and credit card companies.

“Through working with industry partners such as Santander and Barclays, whose efforts in assisting us were immense, we have been able to bring this group to justice.

“This case demonstrates the sheer investigative skill we are able to apply to tackling cyber crime, as we continue working to keep London people and businesses safe from cyber criminals. We are determined to make London a hostile place for cyber criminals and not allow the internet to be a hiding place for those who defraud people in the capital.”

Five others have been charged in connection with this investigation.