Month: June 2021

A MITM attack is a cyber-attack where the hackers alter communication between two parties, where the ATMs and the bank servers. These two parties believe that they are directly communicating with each other. But in reality, there is a middle-man interrupting and manipulating the communication illegally to their benefit. The attackers get access to sensitive data, then they manipulate the content of the transmitted messages. The ten unguarded, not updated ATMs lose an amount between 2 to 20 lakhs each.  The fraudsters have targeted the same private bank to which all these ATMs belong.

The two suspects caught in the camera have carried out a similar crime in Faridabad of the Delhi/NCR region around two months back. It was a physically orchestrated mission where the camera has caught them installing a “black box” like device into the machines. They stayed for around 30 minutes to an hour. The joint commissioner of police (Crime Department), Mr. Murlidhar Sharma tells the reporters that the company that loads the money will incur the losses. 

Kolkata faces a highly sophisticated cyber-attack like this for the first time. The first attacks were in the machines located in the New Market, Jadavpur, and Cossipore police stations. Due to the lack of recent updates in the operating system, there is a loss of around 40 lakhs initially.

There are two ways in which the hackers have performed the breaching between the ATMs and the bank servers. First, the hackers have placed proxy bank servers. So the encrypted messages from the ATM switch reach the proxy bank servers instead of the valid bank server. Then the fraudsters would insert dummy cards to dispense the cash that the proxy bank server allows. In the second one, the fraudster tampers the ATM LAN connection. Here, the external device manipulates the encrypted messages from the bank server authorizing the transaction before it bounces back to the ATM switch. 

We can avoid these sophisticated MITM attacks by upgrading the security system with lesser loopholes that would restrict the fraudsters hacking into systems, thus preventing the spewing of cash unethically.

There are three primary key management approaches 

1. Decentralised key management – In this type of key management, the end-users are responsible for their key management. The organization does not handle the governance of the key.
2. Distributed key management – In this type of key management, each team or department in the organization is responsible for handling its key management protocol according to its process and policies. They have the option of contacting or coordinating with other departments.
3. Centralised Key management – In this type of key management, there is one policy throughout the organization. All the team and department of the company follow it. 

In the key management server, the encryption key is created and stored along with its various attributes which include its name, size, ability to delete, activation date, mirroring, key access, etc. The encryption key manager keeps track of the encryption key’s current and previous uses. The key manager would allow the administrator to change the attribute of the keys.

There are four basic types of encryption keys 

1. Symmetric encryption – A single encryption key is used for both data encryption and decryption in this type of cryptography. This type of encryption is used to secure data and is also a quick algorithm.
2. Asymmetric encryption – Both keys are paired and created simultaneously in this type of cryptography. Public and private keys are the two types of symmetric encryption.
3. Public keys – These keys are only used to encrypt the data and not to decrypt it.
4. Private keys – These keys are used to decrypt the data. The encrypted data can be decrypted by this only key. It should be password-protected.

With the size and complexity of the environment, the key management system gets challenging. When a key has been compromised, it is quite difficult to identify the threats until it is exploited. These are some major threats that can be considered:

1. Weak keys: Complex keys help in securing and protecting sensitive data for a while.
2. Incorrect use of keys: For a specific purpose/task only one key should be generated.
3. Reuse of keys: When the keys are reused for multiple purposes, it can be dangerous and put the organization at high risk.
4. Inappropriate storage of keys: Keys should never be stored on a server or a database.
5. Improper protection of keys: Keys should be made available in unencrypted form within a secure tamper-protected environment.
6. Insecure moment of keys: To move keys safely between systems, we wrap the key under a pre-shared transport key which is either a symmetric or asymmetric key.

Ensuring data security is every employee’s business. Here are a few best practices for encryption key management 

1. Secure key stores: Complex keys should be used to achieve optimal security and protect key stores. They must be protected when stored, when in transit, and during backup. The loss of all data is mainly due to improper key storage.
2. Access to key stores: There should be policies governing key stores which use separation of roles to help in controlling access. The entity of a given key and a stored key shouldn’t be the same. All-access to these entities should be limited to particular access.
3. Key backup and recoverability: Secure data backup and recovery solutions must be followed in case there is an accidental loss of the key. A loss of the key would mean the loss of data that was protected by the key, and this might create havoc in the company if the data was deleted unintentionally.