£220m Sumitomo sting: Was it an inside job?

IT security experts have suggested the foiled Sumitomo bank robbers who attempted to steal £220m from the London-based office of the Japanese investment bank may have had links to the inside of the organisation – possibly even employees past or present.

The attempted heist relied on a piece of key-logging spyware installed on a machine on which access codes and passwords were entered. The application relayed that information to the outside world but one expert said it's unlikely it could have found its way onto the system unaided.

Peter Dorrington, director of fraud solutions at SAS, told silicon.com: "This key-logger had to be within the organisation and it seems it was installed on a specifically targeted machine. It must have been within the organisation and the first big question the bank has to ask is how it got there."

He said investigators will have to consider the likelihood that it was "an inside job", adding that irrespective of all the perimeter security businesses have in place "if somebody effectively walked this through the front door then those defences were instantly by-passed".

Simon Perry, VP security strategy at Computer Associates, told silicon.com: "It's very dangerous to speculate on an ongoing investigation; however, the scope of the proposed theft would tend to indicate that they would have had someone on the inside."

Dorrington added: "It's very unlikely this was some 'fire and forget' random broadcast. This was clearly targeted and very carefully planned."

Perry agreed that it was unlikely to have been somebody just getting lucky infecting random computers and businesses with spyware and striking gold.

"It almost certainly wasn't a random blast out of spyware with the hope of a coincidental install on the critical machines and it almost certainly wasn't a browse-by download from a website that someone surfed from one of those machines."

The investigation is ongoing.