In recent weeks we have seen two cyber attacks on banks in the UK, involving physical access to the bank. First Santander, and then Barclays:
A gang of hackers stole £1.3 million by hijacking the computer system of a branch of Barclays Bank, police have claimed as they arrested eight men.
To execute the attack, the ‘hackers’ reportedly gained physical access to the target computer, and connected a KVM to a wireless device. This enabled remote control of the target computer. In doing so, they bypassed a traditional security controls such as firewalls, network intrusion detection devices and anti-virus technology.
Why is this a good sign?
I’d argue that the traditional security controls employed by the bank to prevent network based attacks worked. This gang – technically sophisticated – could not seed their attack remotely from a control centre at some far-off part of the Internet. This would be a low-risk operation, but in the face of good network security hard to achieve.
Instead, they had to come out of the shadows of the Internet into the real world and gain physical access to the target computer. An operation this is significantly higher risk, and as shown they get caught.
Criminals will always try to rob banks, “because that’s where the money is.“, but with good cyber security, Barclays (and Santander) have shown they can be forced to take greater risks with physical attacks. Once in the physical world, we have police forces and legal systems that are much better placed to investigate and dispense justice.
As defenders of networks, should we be satisfied when attackers have to resort to physical attacks?