Refund glitch becomes Rs-1-crore windfall for ATM-rigging gang in Ludhiana.

Ludhiana: It was the ultimate technical oversight: a hardware vulnerability that convinced SBI's servers to refund cash that had already been dispensed. Police have launched a major cybercrime investigation after a coordinated fraud syndicate exploited a glitch in the automated teller machies (ATMs) to siphon almost Rs 1 crore from the State Bank of India.The Ludhiana police commissionerate's cybercrime unit registered a first-information report (FIR) this week following a directive from the Ludhiana sessions court. The legal intervention came after the bank reportedly struggled to initiate a police investigation into the sophisticated tampering of 119 ATMs between 2020 and 2021. The fraud relied on a "man-in-the-middle" physical manipulation of ATM hardware. Inspector Satvir Singh, head of the cybercrime station, claims that the suspects identified a specific vulnerability in the machines' transaction logic. "The accused would visit a kiosk and initiate a withdrawal," Satvir Singh said. "While the cash was being dispensed, they would tamper with the machine manually to trigger a system error."The manipulation ensured that while the suspects walked away with the banknotes successfully, the ATM's internal sensors recorded a "transaction failure". This triggered an automated reversal, with the bank's system refunding the "unsuccessful" amount back into the suspects' accounts, doubling their money effectively.The scale of the operation suggests a highly organised network that targeted 119 separate ATM kiosks across Ludhiana. Investigators believe more than 100 "mule accounts" were used to funnel the funds. Multiple transactions were often made from a single account before it was discarded. The SBI has since identified and patched the technical glitch to prevent further exploitation.The case, registered under sections 420 (cheating) and 120-B (criminal conspiracy) of the Indian Penal Code (IPC), remains focused on identifying the holders of the suspected mule accounts. Police are coordinating with bank officials currently to retrieve years-old CCTV footage and account KYC (know your customer) data. However, investigating authorities have noted that the time elapsed since the year 2020-21 crimes may complicate the recovery of digital and physical evidence. Inspector Satvir Singh said: "Every account holder involved in these transactions will be traced."