Another case of ATM jackpotting in Pune
The ATM of another private bank was hit in a method similar to that of four ATMs of another bank that fell prey to the jackpotting attack. The officials of the major private bank have approached the Pune police cyber-crime cell but have not lodged an official complaint yet, according to senior police inspector S Hake who recently took charge of the cyber-crime police station.
Two cases have been registered in the attack mounted on four ATMs of the first bank while only one incident was reported from the second bank in Pune. The bank officials told the police that their ATM in Delhi has also been targeted in a similar attack.
“The operating system used in these ATMs is Windows XP and these are the type of kiosks which have space to go behind,” said PI Hake.
The ATM of the second bank, which had not lodged an official complaint yet, is located in Sasanenagar area of Pune and is estimated to have lost ₹7 lakh. The first victim bank lost close to ₹30 lakh in the four attacks. However, a senior officer of the cyber cell suspects that more than four ATMs of the first victim bank have been attacked.
The two cases registered include one at Shivajinagar and one at Marketyard police station. The cyber-crime cell officials are tracking the two suspects.
“ATMs running on Windows XP are more vulnerable to this attack. Windows OS (operating system) should be updated to newer versions. In India, a considerably large number of ATMs are running on Windows XP. It is high time that these OS are updated. Also, communication between cash dispenser and ATM core software should be encrypted,” reads a part of a skeletal report on ATM jackpotting published by a government agency called National Critical Information Infrastructure Protection Centre (NCIIPC) which is run by the National Technical Research Organisation (NTRO).
The NTRO was formed in 2004 and is under the ambit of the National Security Advisor to the Prime Minister’s Office (PMO), according to its website. This minimal report on jackpotting was published in 2018 when jackpotting attacks were reported on a large scale in America.
In this form of attack, the connection between the ATM and the bank servers is cut off and the machine is tricked into dispensing more amount than what is entered during withdrawal. This is done by inserting manually inserting a device at the back of the ATM.