Rediff.com« Back to articlePrint this article

What if our ATM network is hacked?

July 20, 2009 16:59 IST

Very often we all have used Automated Teller Machines (ATMs) to withdraw money. But only a few of us think about the repercussions of an attack on a national centralised server which manages the transactions across ATMs.

This article gives an overview of the National Financial Switch which is responsible for all our money transactions on ATMs in India.

Recently, after a long gap of ten years, I had taken a holiday in India. Being accustomed to digital technology, I always believed in carrying my various ATM debit cards rather than large amount of physical money.

Enjoying my trip at Kanyakumari, on April 1, 2009, I tried to withdraw money from a third party ATM centre which complied with VISA cards. As I was totally dependent on the ATM money, to my horror, I found a displayed message 'Transaction Declined'.

After that, I tried at four other ATMs only to find the same message displayed on the ATM monitors.

Exhausted and confused, setting out in search of an ATM of my own bank, I concluded that my exercise was futile.

Later on I realised that thousands of banking customers like me face similar problems across India. I thought banking was made easy. But that does not seem so. That was when I realised the hard lesson that at some particular time all ATMs can indeed go wrong!

Transaction Declined: The cause

On April 3, 2009, several officials from the State Bank of India and ICICI Bank, which have 17,000 of the nearly 40,000 ATMs in India, confirmed that there was problem using third-party ATMs.

The problem was caused due to the huge load on the National Financial Switch, which enables inter-bank transactions.

Technically, transactions on a bank's home ATM network are processed through a different switching system, while inter-bank transactions go through the NFS, the country's largest domestic network for authentication and routing payment details of various e-commerce transactions and e-government activities.

Some of the other reasons for the breakdown in the NFS were the heavy traffic in network towards the weekend and the free usage of third-party ATMs starting from April 1, 2009.

NFS: The national gateway

Having heard about NFS, let us understand its various functionalities. In simple terms, the National Financial Switch is a shared-ATM network, which inter-connects banks ATM switches.

Commercially, the National Financial Switch is an inter-bank network in India managed by Euronet India Pvt Ltd. It is conceived and run by the Institute for Development and Research in Banking (IDRBT), an arm of the Reserve Bank of India.

The Clearing Corporation of India Limited (CCIL) is the clearing and settlement agency for the switch, which also facilitates the NFS Disaster Recovery Site from its premises at Mumbai.

Functionally, the NFS comprises a switch to facilitate inter-connectivity between the bank's switches, and inter-bank payment gateways for authentication and routing the payment details of various e-commerce transactions and e-government activities.

The IDRBT provides high-end Public Key Infrastructure- (PKI) based services and solutions that enable trust and security for individuals, organisations and the government.

As a security measure, individual banks have also implemented security for their networks by using various security systems which takes care of authentication, authorisation, confidentiality and non-repudiation.

Is NFS foolproof?

Generally speaking, network communication links are subject to attacks. There are two techniques through which this could be done:

On the one, they are subject to attacks by the use of passive techniques such as listening. On the other, they might be subject to attacks by active techniques such as data alteration and substitution. Moreover, both techniques can also be used in combination.

On April 1, 2009, we have seen how an unprecedented increase in the usage of third party ATMs choked inter-bank networks that control ATMs of several banks.

This in turn had a cascading effect on the consumers who found it difficult to gain access to any of the participating banks' ATMs.

Also, if there is a technical problem with satellite connectivity, ATM networks would be non-functional. We know that these failures are not caused by sabotage and hence they are not intentional.

Now, coming to the other possibility, what would be the impact if a hacker or a cyber-terrorist gained access to the network and choked the server causing overload in the NFS system or any other financial switch?

Well, one can only imagine the magnitude of the problems one could face!

Even though the hacker scenario is speculative, such a possibility in the future cannot be ruled out completely. It is for the government, and various security agencies and financial institutions, to enhance the security of these sensitive financial networks.

Common switch hacks

A hacker can indeed hack a simple network switch. Some of the methods used for common switch hacks are ARP poisoning, SNMP snarfing, etc. Let us discuss these common switch hacks in brief.

ARP Poisoning: ARP (Address Resolution Protocol) spoofing/poisoning is the cornerstone of all switch hacks. Hackers like this attack because it is simple and it works nine out of 10 times.

ARP spoofing gives unauthorised users access to data in a switched network by poisoning the ARP cache of an end node.

SNMP Snarfing: Most of us buy managed switches for network management. When we talk management, we are talking about Simple Network Management Protocol (SNMP). Hackers have always claimed that that hacking SNMP is an easy task.

The main problem with SNMP is that the authentication method -- public and private community strings [passwords] -- is weak and basic and sent in clear text.

In addition, SNMP is based on User Datagram Protocol (UDP), which is prone to spoofing. So, you have a weak protocol, often forgotten, misconfigured, and misunderstood. This is a hacker's funfest just waiting to happen.

Although the above discussed attacks are on simple network switches and not intended for complex switches such as NFS, there is a possibility that hackers and anti-national elements can take their skills to the highest level and try to disrupt these critical financial networks.

The bottomline

Electronic commerce and finance are growing rapidly in the country. ATMs have gained prominence as a delivery channel for banking transactions in India. Banks have been deploying ATMs to increase their reach.

Increased ATM usage is also helped by the fact that customers have now the flexibility of using ATMs of other banks, as most of the banks are part of major inter-bank networks like National Financial Switch.

New security mechanisms designed to aid electronic commerce should continue to become a trend. The application of cryptography such as Public Key Infrastructure (PKI) in e-commerce transactions has shown that the NFS systems have several security mechanisms to deal with hacker attacks.

But we also know that for malicious intent, how a determined hacker or a cyber-terrorist can still penetrate the financial networks.

In order to prevent such attacks, the combined implementation of physical security, procedural protection and cryptography should be applied in the electronic banking system from time to time.

The author is an independent researcher, specialising in software security. He can be reached at (email@r-manoj.com)

Ramakrishnan Manoj