Multiple ATMs of private bank “jackpotted”, over ₹30 lakh cash withdrawn in Pune

PUNE: Multiple bank machines were targeted by a duo who remotely withdrew money from the ATMs without leaving a trace of the transactions. The police suspect a theft of over ₹30 lakh in all the cases.

While only one case has been registered, the incident was reported from ATMs at least three other locations, including Deccan, Vimannagar and Gultekdi area between March 14 and March 20.

One of the four incidents was at the ATM kiosk of a bank located at Fergusson College road in Shivajinagar. The theft happened within 25-30minutes between 7:35pm and 8pm.

“They were both wearing masks and caps to cover their faces. This is new to us and we have reported it to the cybercrime cell. There is no trace of these transactions. In fact, the man withdrew cash from the ATM, and the woman entered after he left,” said police inspector (crime) V Goud of Shivajinagar police station.

The man installed something at the back of the ATM, withdrew ₹1,00,000 around 7:30pm and left. Later, the woman visited the ATM and made multiple transactions (more than 20) of ₹10,000 each and withdrew a total of ₹4,00,000, according to a complaint lodged by an assistant manager at the Shivajinagar branch of the bank.

“The head office of the bank contacted the local branch that a suspicious activity has been reported from these locations. Meanwhile, the accused removed the device and left from the kiosk,” said Goud.

A case under Sections 420 (cheating), 34 (common intention) of Indian Penal Code along with Sections 66(c) and 66(d) of Information Technology Act was registered at Shivajingaar police station.

“This is a case of ATM jackpotting. It is rare is India but is reported in foreign countries. A kind of trojan is installed at the ATM machines using USB. It provides remote access. Once the software is installed, you can access it remotely. This is a possible explanation for what may have happened,” said Rizwan Shaikh, a cybersecurity expert and chief technology officer at Prestine InfoSolutions Pvt Ltd.

“ATMs running on Windows XP are more vulnerable to this attack. Windows OS (operating system) should be updated to newer versions. In India, a considerably large amount of ATMs are running on Windows XP. It is high time that these ATMs’ OS are updated. Also, communication between cash dispenser and ATM core software should be encrypted,” reads a part of a skeletal report on ATM jackpotting published by a government agency called National Critical Information Infrastructure Protection Center (NCIIPC) which is run by the National Technical Research Organisation (NTRO). The NTRO was formed in 2004 and is under the ambit of the National Security Advisor to the Prime Minister’s Office (PMO), according to its website.