Abstract machines for wrong purposes. However, cybercrime has

 

Abstract

The government announced its demonetisation move urging
Indians to shift to a cashless economy run on internet and plastic cards, India
reported its biggest internet banking security breach.  Over 3 million
debit cards and their pin numbers, including those powered by Mastercard and
Visa, were stolen by hackers. The Ministry of Finance reported that Rs 2.5 lakh
was stolen from the accounts of Indians. Multiple public and private banks were
affected.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

And also many of
financial institutions have faced cyber-attacks in the last three months.
Several banks have faced an increase in some form of cyber-attack or
security breach in recent times. The level of preparedness
for cybercrime in India is very basic. Companies need to improve
their response and detection capabilities.

 

Recently
The State Bank of India, the country’s largest bank, and its subsidiary banks
blocked about 6.25 lakh debit cards of their customers after “some unidentified
and suspicious” transactions spiked at third-party ATM machines.This happened a
month ago and some data of customers being compromised. With such large number
of cards involved, Bank thought it was better to replace the cards entirely.
Largely the cards were magnetic-based.

 

Introduction

In
the Modern E-Commerce environment of online processing, maximum of the
information is online and prone to cyber threats. There are a huge number of cyber-attacks
and their behavior is difficult to early understanding hence difficult to
restrict in the early phases of the cyber-attacks. The attacks those are
processed knowingly can be considered as the cybercrime and they have serious
impacts over the society as well as the economy of the country in the form of
economical disrupt, psychological disorder, threat to National defense system etc.
Therefore, the present manuscript provides the sympatheticcyber-crimes and
their impacts over financial institutions with the future trends of cyber-crimes.

 

When
did this new and insidious variety of crime actually come into being? One may
say that the concept of the computer came with the invention of the first
abacus, hence it can be said that “cybercrime” per se has been around ever
since people used calculating machines for wrong purposes. However, cybercrime
has shown itself as a serious threat to society for less than a decade.

 

•         
That
is not surprising considering the fact that the abacus, which is thought to be
the earliest form of a computer, has been around since 3500 B.C. in India,
Japan and China. The era of modern computers, however, began with the
analytical engine of Charles Babbage.

•         
The
first recorded cyber-crime took place in the year 1820!

•         
In
1820, Joseph-Marie Jacquard, a textile manufacturer in France, produced the
loom. This device allowed the repetition of a series of steps in the weaving of
special fabrics. This resulted in a fear amongst Jacquard’s employees that
their traditional employment and livelihood were being threatened. They
committed acts of sabotage to discourage Jacquard from further use of the new
technology. This is the first recorded cyber-crime!

 

1.
1960s & 1970s: SABOTAGE : Direct Damage to Computer Centers

1970-1972: Albert the Saboteur

2.
IMPERSONATION

1970: Jerry Neal Schneider

1980-2003: Kevin Mitnick

Credit Card Fraud

Identity Theft Rises

3.
PHONE PHREAKING :2600 Hz

1982-1991: Kevin Poulsen

4.
DATA DIDDLING: The Equity Funding Fraud (1964-1973)

1994: Vladimir Levin and the Citibank Heist

5.
SALAMI FRAUD

6.
LOGIC BOMBS

7.
EXTORTION

8.
TROJAN HORSES  : The 1988 Flu-Shot Hoax,
Scrambler, 12-Tricks and PC Cyborg, 1994: Datacomp Hardware Trojan, Keylogger
Trojans, The Haephrati Trojan, Hardware Trojans and Information Warfare

 

9.
NOTORIOUS WORMS AND VIRUSES

1970-1990: Early Malware Outbreaks

November 2, 1988: The Morris Worm

Malware in the 1990s

March 1999: Melissa

May 2000: I LOVE YOU

10.
SPAM

1994: The Green Card Lottery Spam

Spam Goes Global

11.
DENIAL OF SERVICE

1996: The Unamailer

2000: Mafia Boy

12.
THE HACKER UNDERGROUND OF THE 1980s & 1990s

1981: Chaos Computer Club

1982: The 414s

1984: Cult of the Dead Cow

1984: 2600: The Hacker Quarterly

1984: Legion of Doom

1985: Phrack

1989: Masters of Deception (MOD)

1990: Operation Sundevil

1990: Steve Jackson Games

1992: L0pht Heavy Industries

2004: Shadowcrew

And many more cases in these decades

13.
Cyber terrorism

14.
Cyberextortion

15.
Cyberwarfare

16. ATM attacks

 

Banks are realizing that fraud is becoming increasingly
pervasive and complex. But legacy fraud management systems have not kept up
with the growing sophistication of fraud across channels.

 

“cyber-crime” means any criminal
or other offence that is facilitated by or involves the use of electronic
communications or information systems, including any device or the Internet or
any one or more of them. Criminal activity or a crime that involves the Internet, a
computer system, or computer technology.

 

•         
Hacking

•         
Computer “Pirates”

•         
Copyright violations have civil and criminal remedies.

•         
Financial crimes

•         
Cyber pornography

•         
Sale of illegal articles

•         
Intellectual Property crimes

•         
Forgery

•         
Cyber Defamation

 

 

 

Fraud and financial crimes

Computer
fraud is any dishonest
misrepresentation of fact intended to let another to do or refrain from doing
something which causes loss. In this context, the fraud will result in
obtaining a benefit by:

·        
Altering in an unauthorized way.
This requires little technical expertise and is common form of theft by
employees altering the data before entry or entering false data, or by entering
unauthorized instructions or using unauthorized processes;

·        
Altering, destroying, suppressing,
or stealing output, usually to conceal unauthorized transactions. This is
difficult to detect;

·        
Altering or deleting stored data;

 

Some of the attacks are Skimming method – Skimming devices
illegally record account data from the mag stripe of a credit or debit
card.  The device includes a card reader and a hidden camera that captures
cardholder PINs.

 

Physical Attacks like smash-and-grab raid, criminals break
into a retail store and steal the ATM. Alternatively; they may steal cash by
physically attacking the ATM’s safe.

 

Also some other methods that we will mention are Stealing Pin
Code, Cash trapping, Gas attacks, Malware, Backdoor ATM, Cyber Attacks and
others.

 

ATM Industry is trying to prevent these attacks through
different type of Security upgrades and compliances.

First level of protection is EMV Migration, then PCI DSS and
Windows 7 OS. Beside this there are different types of fraud prevention
technologies from ATM Vendors.

 

One of the three largest ATM Vendor’s in the world, Wincor
Nixdorf, provide special fraud prevention platform with following features:
Access protection, Intrusion protection, Hard disk encryption, Optical Security
Guard, ProView video surveillance, Fraud prevention and other security
features.

 

Also through this presentation we will mention different
recommendations for physical and logical ATM security. With Bank’s effort and
Vendor solutions we can expect great improvement, customer satisfaction and
overall better results within this area of security?.

 

Card
information is stored in a number of formats. Card numbers – formally the Primary Account Number (PAN) – are often embossed or imprinted on the card,
and a magnetic stripe on
the back contains the data in machine readable format. Fields can vary, but the
most common include:

·        
Name of card holder

·        
Card number

·        
Expiration date

·        
Verification/CVV code

 

Cybercriminals have developed and implemented malware
designed to withdraw cash directly from ATMs without compromising consumers’
debit cards. The ATM malware allows criminals to identify the amount of money
in each cash cassette and manipulate the machine to dispense it.

 

ATM Threat

According to Secure list, a
Kaspersky Lab forensic investigation identified a piece of ATM malware that
allows criminals to attack ATMs directly. Through these direct attacks,
criminals can empty the cash cassettes of ATMs produced by a specific
manufacturer running Microsoft Windows 32-bit.

ATM attacks:
malware, Phishing, Password Attacks, Denial-of-Service (DoS) Attacks, “Man in
the Middle” (MITM), Drive-By Downloads, Malvertising, Rogue Software

 

The ATM malware,
called Typing, has several
features that help it avoid detection:

It
is only active at specific times of the night on certain days of the week,
typically Sunday and Monday.
It
requires a key to be entered based on a random seed. The criminal must
know the algorithm to enter the correct key based on the randomly
displayed seed.
Tyupkin
implements anti-debug and anti-emulation techniques

·        
This
is considered to be a higher-level attack because it attacks the bank directly,
bypassing the need for capturing consumer debit card data using skimming
devices. Unlike skimming attacks, which only require access to the public space
around a machine, the malware attack requires access to the back end of the
ATM. The investigation revealed that only ATMs with no active secure alarm were
infected. Therefore, installing alarms and eliminating the use of master keys
are two easy mitigating controls that can be implemented.

·        
At
ATMs where security alarms are installed, cybercriminals may seek a complicit insider at the bank, ATM
vendor or security service vendor to install the malware. Additionally, bank
personnel could be socially engineered to allow access to the machine by
someone purporting to be associated with a vendor.

 

 

 

ATM’s
in India as per BankwiseAtm / Pos / Card Statistics

ATM’s are not yet common in
India, although more and more are being installed. They are also not evenly
distributed, geographically, so you might have trouble finding ATM’s in rural
areas.

You can usually use every card
that is connected to global payment systems, such as Maestro, MasterCard,
American Express and Visa. Some Indian banks charge a foreign exchange fee on
ATM withdrawals.

Although ATM’s are the most
convenient way to withdraw money in India, their withdrawal amounts might be
limited. This is especially troublesome if you have to make regular cash
payments (i.e. your rent). If your withdrawal is over the ATM limit there is
nothing you can do except withdraw money from a bank counter.

 

Sr No

Bank

On-site

Off-site

1

STATE BANK OF INDIA

19151

29129

2

BANK OF BARODA

6013

3760

3

HDFC BANK LTD

5357

6436

4

CANARA BANK

5243

3909

5

PUNJAB NATIONAL BANK

4761

4043

6

ICICI BANK LTD

4408

8840

7

UNION BANK OF INDIA

4244

2667

8

CENTRAL BANK OF INDIA

3355

1746

9

BANK OF INDIA

3327

4439

10

SYNDICATE BANK

3291

355

11

AXIS BANK LTD

2806

9774

12

INDIAN OVERSEAS BANK

2701

1074

13

ORIENTAL BANK OF COMMERCE

2175

395

14

CORPORATION BANK

2112

915

15

INDIAN BANK

2079

641

16

STATE BANK OF HYDERABAD

1781

569

17

UCO BANK

1775

542

18

IDBI LTD

1652

1558

19

ANDHRA BANK

1509

739

20

VIJAYA BANK

1300

262

21

BANK OF MAHARASHTRA

1299

560

22

DENA BANK

1266

200

23

STATE BANK OF BIKANER AND JAIPUR

1153

781

24

STATE BANK OF PATIALA

1149

339

25

STATE BANK OF TRAVANCORE

1093

565

26

PUNJAB AND SIND BANK

1070

261

27

STATE BANK OF MYSORE

1068

313

28

FEDERAL BANK LTD

1034

511

29

UNITED BANK OF INDIA

887

1128

30

KOTAK MAHINDRA BANK LTD

856

1112

 

Precautionary
measures

ATM
frauds have led to most banks taking precautionary measures by periodically
reminding customers to change their debit card personal identification number
(PIN) or password on a regular basis (every month or in 3-6 months). Banks have
also been asking their customers not to share the password with any other
person, in order to avoid security breaches such as skimming and cloning of
cards that could lead to data theft.

When
police and forensic officials examined an ATM machine recently, they recovered
a skimmer device hidden in the smoke detector on the ceiling. The chip in the
card reader was also found removed and money was withdrawn from a number of
branches in Mumbai. The police recovered video of three foreigners and arrested
one of them from Mumbai.

The
Reserve Bank of India has asked all banks to upgrade their debit cards into
chip-based EMV cards, which have added layers of security. In a chip-based
card, information is not validated by bank servers unless the correct PIN is
used, whereas information on a magnetic strip is easily accessible.

 

Conclusion

This
manuscript put its eagle eye not only on the understanding of the cyber-crimes
but also explains the impacts over the different levels of the security system
in ATM. This will help to the community to secure all the online information
critical organizations which are not safe due to such cyber crimes. The
understanding of the behavior of cyber criminals and impacts of cyber-crimes on
society will help to find out the sufficient means to overcome the situation. Cyber security threat in the Indian banking system,
the Securities and Exchange Board of India (Sebi) has initiated an urgent
review of the overall risk management and has decided to set up a high-level
committee to ensure prudent response and quick, corrective measures for any
cyber threat.An ATM breach means the PIN numbers of not only that
bank’s customers but all those who use that bank’s ATM network
could be compromised. For most customers, using the card at an ATMwould seem a safe transaction,
being monitored by the bank. However, not always so. About 70 per cent of ATMs
in India are running on outdated Operating Systems (OS), making it easier for
fraudsters to exploit.This lack of work requires to improve the existing
work or to set new paradigms for controlling the cyber-attacks.

 

References

1. RBI Reports https://rbi.org.in/Scripts/AnnualReportMainDisplay.aspx

2.Wow Essay (2009), Top Lycos Networks, Available at: http://www.wowessays.com/
dbase/ab2/ nyr90.shtml, Visited: 28/10/2016.

3. Bowen, Mace (2009), Computer Crime, Available at:
http://www.guru.net/, Visited: 28/10/2016.

4. Oracle (2003), Security Overviews, Available at:
http://docs.oracle.com/cd/B13789_01/ network.101/ b10777/overview.htm,

5.Computer Hope (2012), Data Theft, Available at:
http://www.computerhope.com/jargon/d/ datathef.htm,

6. DSL Reports (2011), Network Sabotage, Available at:
http://www.dslreports.com/forum/r26182468-NetworkSabotage-or-incompetent-managers-trying-to-,

7. IMDb (2012), Unauthorized Attacks, Available at:
http://www.imdb.com/title/tt0373414/,

8. Cyber attacks: SBI blocks cards, Axis says no loss from
breach: Available at:

http://www.livemint.com/Industry/Axis-Bank-says-no-loss-from-cyber-attack.html

9. ATM Malware: The Next Generation of ATM Attacks

ATM Malware: The Next Generation of ATM Attacks