Fraudsters’ new modus operandi to withdraw money from ATMs

New Delhi, April 18

All banks have been asked to enhance their safety norms for ATMs through end-to-end encryption in their LAN network in view of the increasing incidents of Man in the Middle (MiTM) attacks on ATMs, officials said.

The officials said recently a written communication has been sent to all banks in which they have been told about increasing trend in the MiTM attacks in which messages sent by “ATM Switch” to “ATM Host” are altered by attackers for fraudulent withdrawal of cash. The officials said cyber fraud gangs had started adopting a new modus operandi to withdraw money from ATMs. Giving details, security agency officials said the fraudsters first tampered with the network (LAN) cable of the ATM and then declined messages from “ATM Switch” were altered to successful cash withdrawal transaction responses, and subsequently cash was withdrawn from the ATM.

The banks have been directed to ensure end-to-end encryption in the communication between the “ATM Terminal” or PC and the “ATM Switch”, the officials said, suggesting that the banks should “conceal and physically secure or protect” the network cables, input/output port within the ATM premises. A similar advisory had also been issued by the Reserve Bank of India, they added. — TNS

Tampering with network

• Man in the Middle (MiTM) attacks have been increasing under which messages sent by ‘ATM Switch’ to ‘ATM Host’ are altered by attackers to withdraw cash.
• The fraudsters first tamper with the network (LAN) cable of the ATM. Declined messages from ‘ATM Switch’ are altered to successful cash withdrawal transaction responses, and subsequently cash is withdrawn.