Inside the workings of a failed high-tech bank heist

Criminals had bank's security boss on board and a list of passwords at their fingertips


When raiders hit the City of London offices of Sumitomo Mitsui Banking Corporation they did not prepare themselves with weapons and masks. Instead they simply arrived with a list of passwords jotted down on a bit of paper, logged in and attempted to help themselves to Ł229 million.

Had they succeeded, the audacious theft would have topped the record books, dwarfing the Ł53 million Tonbridge cash heist and even a Ł141 million robbery in Baghdad. The men were not foiled by hi-tech security but because they failed to enter the passwords in the correct fields of the unfamiliar electronic banking forms.

Investigators feared the low-key break-in may have never been made public because of the potentially embarrassing consequences for the bank.

Sharon Lemon, director of e-crime at the Serious Organised Crime Agency (Soca), said the first officers at the scene were confronted with little more than vandalised computer terminals. But once the illicit transactions were found the sheer scale of the theft, which involved a complicated network of front companies, quickly became apparent.

Ms Lemon said: "If the bank had not been bold enough to report this - and it was a potentially sensitive incident - we may never have known about it. This was a global investigation and the crime and effort we made to invest in international relations really paid off. It was a complicated technical and financial investigation, all of our techniques were brought to bear to arrest and convict the offenders. It does not really matter where the criminals come from. If they intend to target the UK then it is our responsibility to track and convict them. Organised criminals are not commodity specific, they are money specific and if an opportunity presents itself then they will take it."

Preparations for the raid on the evening of Friday October 1, 2004, began the previous month with three surreptitious visits by a pair of computer experts.

Corrupt security boss Kevin O'Donoghue led the way for Belgian hackers Jan Van Osselaer and Gilles Poelvoorde using security cards belonging to other staff. He also tampered with CCTV cameras and even severed cables at the Queen Victoria Street offices in a bid to prevent the illicit visits being recorded. O'Donoghue later claimed he was threatened and forced to take part but CCTV footage showed him laughing and joking with the two hackers.

The Belgians, who travelled to Britain specifically to prepare the ground for the electronic attack, downloaded pirate software on to computer systems. This gave the men administrator privileges inside the Japanese bank's sensitive financial database. Crucially, it also enabled them to upload keylogging software to spy on the passwords and log-in details of senior staff.

They intended to use the Society for Worldwide Interbank Financial Telecommunication (SWIFT) transfer system to spirit cash to accounts worldwide.

The men attempted to send 10 massive transfers in Sterling and euros. Toshiba International, Sumitomo Chemical, Nomura Asset Management and Mitsui OSK Lines were among the corporate accounts targeted by the men. Recipient accounts were based in Spain, Dubai, Hong Kong, Singapore, Turkey, United Arab Emirates, Israel, and Liechtenstein.

But the next day, conspirators quickly realised the transactions were not complete and the money would not clear in the target accounts. Following a flurry of phone calls, the two men returned to try a further 11 transactions.

On Monday morning staff arrived for work to find some computer terminals damaged and others registering unusual transactions.

Meanwhile the criminal gang were frantically trying to get their hands on the cash and move it on. Several phone calls were made to a Dubai bank and eventually a fake fax was sent from a Cheltenham corner shop asking for 12 million euros to be released. Two men who also visited the bank but left empty handed have never been identified or traced.

This content continues onto the next page...