Page last updated at 20:43 GMT, Wednesday, 4 March 2009

The big heist that came so close

Ben Ando
BBC crime reporter


Two of the gang were captured on CCTV arriving at the bank

Two men have been convicted for their part in trying to pull off a £229m heist at the Sumitomo Mitsui Bank in London.

In one of the biggest attempted bank thefts in Britain, they used hi-tech equipment to try to steal money from the accounts of big businesses.

Hugh Rodley, 61, of Twyning, near Tewkesbury, Gloucestershire, and sex shop owner, David Nash, 47, from Durrington, West Sussex, were foiled only at the last minute by the complexities of inter-bank money transfers.

On the early evening of 16 September 2006, two men arrived at the reception desk of the Sumitomo Mitsui Bank in London. One asked for the bank's security supervisor, Kevin O'Donoghue.

He had a distinctive European, possibly Belgian, accent but the receptionist thought nothing of it. After all, this was the London branch of a major Japanese merchant bank with global interests and investments.

Hugh Rodley
Hugh Rodley, involved in the heist, is a self-styled lord of the manor

What she did not know was that the two men led upstairs by security chief O'Donoghue were expert hackers - and they had come to the bank to implement the first stage of the most audacious, and potentially lucrative, cyber snatch in history.

Police do not know how long the gang had been planning the operation. And those now convicted are certainly not those behind the plan.

When questioned, Kevin O'Donoghue, 34, from Birmingham, claimed that he had been coerced into helping and that his family had been threatened. He later admitted a charge of conspiracy to steal.

CCTV images showed him laughing and joking as he showed the two Belgian cyber-thieves to a terminal in one of the trading offices.

Jan Van Osselaer from Belgium and Gilles Poelvoorde from France, who admitted a charge of conspiracy to steal, had come prepared.

They used a USB memory stick to instal "keylogger" software on various workstations that recorded every button pressed by users.

'No kingpin'

A few days later, they returned and downloaded the data from the keylogger programmes. They now had the usernames and passwords of every bank employee who had used the infected computers.

But Kevin O'Donoghue had made some mistakes. He had tampered with some of the CCTV cameras - even cutting the wires on one - in an effort to cover the gang's tracks. Other employees started to wonder why he had started enquiring about creating extra access badges.

"He didn't do a very good job," said one source at the Serious Organised Crime Agency (Soca) "In fact, you'd hardly describe him as the kingpin."

A few weeks later, on Friday 1 October, the two were back. It was time to launch their plan.

Luckily the bank realised very quickly that something was wrong
Bill Hughes
SOCA director

Using the employee IDs and passwords they had obtained, they attempted 10 cash transfers from the bank to accounts in other banks in Spain, Dubai, Hong Kong, Turkey and Israel.

The cash was to come from the accounts of major corporations such as Toshiba and Nomura Holdings - the gang knew they would have plenty in them.

But something went wrong. The cash did not move.

Basic error

The next day, a Saturday, they were back to try again. This time they attempted more similar transfers, but included extra accounts in Liechtenstein and Singapore. Again, they failed.

All in all, they tried to steal £229m. But they had made a basic error in filling in the wire transfer information boxes. The plan was starting to unravel.

The following Monday, when staff logged in to their computers, they immediately noticed something was amiss. The transactions were there, and some of the computer cables had been cut.

Managers at the bank acted quickly and called the police.

"Being able to get in there early and quickly gave us vital help in closing this case," explained Soca director Bill Hughes.

"Luckily the bank realised very quickly that something was wrong."

The investigators quickly zeroed in on O'Donoghue who admitted his involvement when shown the CCTV.

Tracing other members of the gang was to be a long and drawn-out process.

Pictures of the two hackers were circulated, and they were traced to Belgium.

David Nash
David Nash fronted some companies used for money laundering

Following the electronic paper trail to the bank accounts that were to have received the money led to numerous dead ends, but eventually to four people.

These were Hugh Rodley, a self-styled lord of the manor, and his business partner Bernard Davies; David Coyne, also known as David Nash, and Inger Britt Marie Malmros - a Swedish national enjoying the sunshine in Las Palmas, Gran Canaria. She was cleared of all charges against her.

Bernard Davies died before the trial began.

The men had all fronted various companies - with names like Mediatel International PLC, Investorscan and Furzefield.

They were all companies with websites, contact addresses and registered names but they did not do anything. They were just fronts for illegal money laundering.

These company accounts, and many others like them, were to be used to filter and clean the money stolen from Sumitomo Mitsui Bank.

Dubai mystery

On the Monday after the attempted transfers, two unknown individuals went into a bank in Dubai and tried to find out whether money had reached their account. It had not and they left. They were never traced.

Rodley too was wondering where the money was, and starting to get desperate, he went from his Gloucestershire home into the town of Cheltenham, and asked to borrow the fax machine in a TV and electrical goods shop.

He sent a fax to a bank in Dubai, asking after the cash and urging that the transfer go ahead.

It did not.

Organised criminals will seek to pervert and corrupt your people and use them against you
Bill Hughes

Ms Malmros was arrested in Spain and extradited to England for trial.

Rodley and Nash were arrested in Spain and Gloucestershire; detectives in Belgium seized Poelvoorde and Van Osselaer.

Poelvoorde will complete his sentence in Belgium where he is already serving a five-year term for an unrelated fraud offence.

But in some ways, the case at Snaresbrook Crown Court leaves more questions than answers.

Who actually planned it? Rodley and the launderers had no contact with O'Donoghue and the hackers - so who was pulling the strings? And who were the mysterious couple in the bank in Dubai?

The Sumitomo Mitsui Bank heist was a failure - thanks to bank security and errors made by the thieves.

In a statement, the bank said it worked closely with SOCA to ensure the investigation came to fruition.

"The attempt to transfer funds failed due to our systems and controls which prevented the fraud from being successful and which promptly alerted systems staff that an attempt had been made," it said.

Detectives are reluctant to say how close the plot came to success - but they are certain that similar attempts will be made in future.

"Organised criminals will seek to pervert and corrupt your people and use them against you," warned Bill Hughes.

"Plus they will increasingly try to use technology to help them. We've since foiled two other similar attacks.

"This was a very real attack that was very well planned and it came very close."

Print Sponsor


The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific