The Kolkata Police has found ATM fraudsters steal around two crores from at least ten unguarded ATMs around the city between the 14th and 22nd of May, 2021. The police report that the hackers have stolen the money by intercepting the two-way encrypted messaging between the ATM and the bank server. They have used a method which the experts refer to as “Man-in-the-middle attack” (MITM attack).
A MITM attack is a cyber-attack where the hackers alter communication between two parties, where the ATMs and the bank servers. These two parties believe that they are directly communicating with each other. But in reality, there is a middle-man interrupting and manipulating the communication illegally to their benefit. The attackers get access to sensitive data, then they manipulate the content of the transmitted messages. The ten unguarded, not updated ATMs lose an amount between 2 to 20 lakhs each. The fraudsters have targeted the same private bank to which all these ATMs belong.
The two suspects caught in the camera have carried out a similar crime in Faridabad of the Delhi/NCR region around two months back. It was a physically orchestrated mission where the camera has caught them installing a “black box” like device into the machines. They stayed for around 30 minutes to an hour. The joint commissioner of police (Crime Department), Mr. Murlidhar Sharma tells the reporters that the company that loads the money will incur the losses.
Kolkata faces a highly sophisticated cyber-attack like this for the first time. The first attacks were in the machines located in the New Market, Jadavpur, and Cossipore police stations. Due to the lack of recent updates in the operating system, there is a loss of around 40 lakhs initially.
There are two ways in which the hackers have performed the breaching between the ATMs and the bank servers. First, the hackers have placed proxy bank servers. So the encrypted messages from the ATM switch reach the proxy bank servers instead of the valid bank server. Then the fraudsters would insert dummy cards to dispense the cash that the proxy bank server allows. In the second one, the fraudster tampers the ATM LAN connection. Here, the external device manipulates the encrypted messages from the bank server authorizing the transaction before it bounces back to the ATM switch.
We can avoid these sophisticated MITM attacks by upgrading the security system with lesser loopholes that would restrict the fraudsters hacking into systems, thus preventing the spewing of cash unethically.