Thiruvananthapuram skimming case: ATM technology was outdated, says cyber experts
Police has sought clarification from SBI officials on the lapses.
Thiruvananthapuram: Police and cyber experts probing the modus operandi of the Romanian skimmers have detected serious security lapses at the State Bank of India Althara branch ATM.
The ATM counter was found to be using an outdated data encryption technology keeping the port connecting the ATM to the bank's network open, and there was even an open power source.
Even as the Romanians managed to install a wireless router in the network by disconnecting the ATM from the network temporarily, the bank failed to detect the suspicious activities. The police is learnt to have sought clarification from the SBI officials on these grave lapses.
"Prima facie, all basic guidelines of Reserve Bank of India regarding the safety of ATMs were thrown to the winds here," a top officer told DC.
As per safety guidelines, the encryption software needs to be updated every three months. The port connecting ATM to bank's network as well as power supply sockets should be inside the ATM service room in such a manner that public can't access them.
"Whenever there is a break in the network connectivity, or an ATM gives out, it would send an alert to the bank. Even as the racketeers managed to install the router by temporarily disconnecting the connectivity, it seems the bank authorities had taken such alerts lightly," they said.
A team of police personnel of the Cyber Dome and cyber experts from agencies like Centre for Development of Advanced Computing were probing their modus operandi under the supervision of IG Thiruvananthapuram-range Manoj Abraham. The police will seek court's permission for a detailed examination of the router as it needs to be cracked to know the exact decryption technique adopted.
The police strongly suspects that the racketeers targeted this ATM for its feeble security features, mainly the open network cable port availability and the outdated encryption technique used.
"Though there were two ATMs in that kiosk, all the victims were those who used the old one," they said.
While the micro camera enabled device fixed on top of the ATM was used to copy the PIN, a wi-fi router installed along the network was used to intrude into the bank's network and loot vital account information, said police sources.