×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Diebold Marries VMs with ATMs to Secure Banking Data

timothy posted more than 2 years ago | from the do-you-machine-take-this-data dept.

Security 151

gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

151 comments

Erm... (4, Insightful)

Spad (470073) | more than 2 years ago | (#38589816)

Presumably the money is all sitting in a VM at one of Diebold's datacentres as well?

Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.

Also, who the hell was storing any significant customer data on the ATMs in the first place?

Re:Erm... (4, Insightful)

lucm (889690) | more than 2 years ago | (#38589896)

Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.

Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

Re:Erm... (5, Insightful)

icebike (68054) | more than 2 years ago | (#38590122)

Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.

I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.
Having the system on a VM seems to be necessary because Diebold insists on using Windows in the boxes. Windows, left laying around in public!! Idiots! By having VMware, running, they can give each customer a fresh virtual machine to run the transaction, saving them a whole lot of programming to make sure all cached data is cleared from memory. (In other words saving them from having to do a competent job in the first place).

A simple terminal system would do the same. There never was a valid use case for having any data resident in the cash machine.

The more you read the story the less you are sure that what they are reporting is actually what is happening, because it is so incredibly dumb. But then this is Diebold, so.....

Re:Erm... (2)

lucm (889690) | more than 2 years ago | (#38590398)

Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.

Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.

I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.

Best case scenario yes, the network is up. But what if the network is down? Do you lock out the customer? Nah, you make sure that the card is valid (simple algorithm or the chip) and you log the transactions so you can consolidate them later (and track down the people who withdrew too much money).

Sometimes when you see a message saying that the account balance is not available, you can bet that you are dealing with a node that is disconnected from the mothership and will stack up transactions until it can upload the details for later consolidation.

People think that ATM are very very high tech but in fact, it's just a tad more optimal than good ol' checks. There is always a consolidation that will occur downstream.

Are you sure? (1)

fuzznutz (789413) | more than 2 years ago | (#38590710)

I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.

Re:Are you sure? (4, Informative)

lucm (889690) | more than 2 years ago | (#38590846)

I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.

It depends on your local ATM I guess, but just for fun, next time you can't get a balance before withdrawing, try to take out more money than you have (if the ATM limit is high enough) and you'll have the answer. They will put a negative balance in your bank account and call you to complain a few days later.

This happened to a friend of mine who was sure the ATM was broken so he kept taking money out. Tsk tsk. Beating the bank - not possible!

Re:Erm... (1)

d4fseeker (1896770) | more than 2 years ago | (#38590812)

Well it's not very surprising considering that at least a Diebold I saw was running Windows 2k and seemingly without ECC-RAM since it kept blue-screening with the same tell-tale message over and over, ran through BIOS, booted up, tried loading it's user interface and eventuelly the cycle began anew...
I'm astonished they manage to keep the things from blowing up all by themselves

Re:Erm... (1)

lucm (889690) | more than 2 years ago | (#38590962)

Well it's not very surprising considering that at least a Diebold I saw was running Windows 2k and seemingly without ECC-RAM since it kept blue-screening with the same tell-tale message over and over, ran through BIOS, booted up, tried loading it's user interface and eventuelly the cycle began anew...

I'm astonished they manage to keep the things from blowing up all by themselves

Your [tax money|banking fees|retailer premium] at work!

Re:Erm... (1)

The Archon V2.0 (782634) | more than 2 years ago | (#38590954)

Best case scenario yes, the network is up. But what if the network is down? Do you lock out the customer?

Last time I was at a Scotiabank that's exactly what they did. Some part of their network went down, all the ATMs were shut down. No idea how big the outage was, but I know for sure the ATMs were nonfunctional. The in-bank ones were even powered off.

Re:Erm... (0)

Anonymous Coward | more than 2 years ago | (#38589932)

I think they'd blow the machine loose for the cash and the data, if any, would be a bonus.

Re:Erm... (2)

cruff (171569) | more than 2 years ago | (#38589936)

Who the hell steals an ATM out of the wall to get customer data?

Presumably the real reason for ripping it out of the wall is to get to the cash contained therein. According to TFA, the more refined thieves install some malware on the ATM which is running Windows XP or OS/2 that gathers the information and saves it to an encrypted file on storage local to the ATM, then they read out the encrypted file later. In the virutalization scheme, the ATMs become a thin client only responsible for updating the display and sending key presses and card information back to the centralized VM. Of course, this does not appear to prevent someone from adding some hardware to piggy back on the card reader and keyboard and save it to memory in the skimming device itself.

Re:Erm... (1)

d4fseeker (1896770) | more than 2 years ago | (#38590830)

And that's exactly what they mean when they tell you about everyone saving money through virtualization...
Even the skimmers now only need virtualized skimming devices instead of actually having to produce them...

Re:Erm... (1)

elrous0 (869638) | more than 2 years ago | (#38590038)

Also, who the hell was storing any significant customer data on the ATMs in the first place?

That's exactly what struck me about the summary. What's "novel" about an ATM being networked into a central server where the data is stored? I thought they were ALWAYS like that (long before the modern consumer internet even existed). Even back in the 70's I remember them being networked to the bank's central server.

Re:Erm... (-1)

Anonymous Coward | more than 2 years ago | (#38590042)

I think that Diebold has been successful over other brands of ATM and voting machines due to their close connections with the political parties in power. They think of the parties first, rather than Triton or NCR, who think instead of the company itself first. I think that by catering to the needs of the political parties rather than to the company, they are more successful.

An example is the voter fraud. Diebold wanted to help out their friends in power, whereas the other machines just wanted to make a reliable product. I think this is why Diebold is far and away the most successful ATM machine and voting machine producer.

Secondly, and more importantly, there's a growing issue apart from the first one. This has to do with special situation within human culture. You see, from the very beginning ducks have ruled the world. Yes, ducks. Yellow sitting ducks like you have in your bath tub. Diebold, Tranax, Chase... all really started and owned by ducks. George W. Bush was elected to work as a supposed President of the USA because the ducks thought humans would not be ready for a duck-run country. So while George Bush spoke words like "is", "our", "children" and "learning" to the human public, all the Congressional orders came from the ducks. This is one of the basic misunderstands people have about USA world.

In conclusion, Diebold will always be a successful ATM company. They put the government and politics first, and this is a key method by which they retain their market share.

Re:Erm... (2)

RemyBR (1158435) | more than 2 years ago | (#38590236)

Exactly what I was thinking. Here in Brazil these kinds of ATM robbering using explosives make the news at least once a week, but I can't remember hearing even once that they were after customer data. Actually I ever thought that the ATMs were more like dumb terminals to start with. There's no need to store any kind of customer data on them.

As for the robbering, what banks are doing is to mark the bills with ink when the ATMs are forced open, and there's even regulation in place that say people and commerce should not accept marked bills.

Re:Erm... (0)

Anonymous Coward | more than 2 years ago | (#38590320)

Also, who the hell was storing any significant customer data on the ATMs in the first place?

http://xkcd.com/463/

Why? (1)

Spazmania (174582) | more than 2 years ago | (#38590502)

Why would one store customer data in any kind of non-volatile storage on an ATM machine in the first place? You can run software on the local machine without storing data. It just seems like moving the software into a VM so as not to store customer data locally is hitting a thumbtack with a sledgehammer.

Re:Why? (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38590632)

Ah, but it's hitting a thumbtack with a sledgehammer that you can charge monthly hosting fees for, and disable immediately if the customer doesn't pay up.

The "Provide product, receive money, repeat." business model is, like, totally retro, man. Why do that played-out stuff when you can make the customer pay for the box and build in technological measures to yank the firmware if they ever stop paying, then call it a security feature?

All the cool kids are building in network-dependent 'security' features into their products so that they can get all the benefits of having the customer on the end of a rent-to-never-actually-own agreement; but structure the initial transaction with all the legal flourishes of a genuine sale...

Re:Erm... (4, Insightful)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38590584)

Luckily, some fancy VM setup definitely prevents customer data from passing through the local PIN pad and/or touchscreen controller hardware. Thankfully, hardware keyloggers suddenly give up in defeat if they are asked to log keystrokes going to a super-secure remote VM...

Re:Erm... (0)

Anonymous Coward | more than 2 years ago | (#38590704)

Umm...a VM is LESS secure than an actual computer - its like having a verbose bios that can morph and attain security holes that can't be found with a simple efficient checksum. If you are going for security, go towards the hardware with the logic - hard code the software into chips, but for fuck's sake, don't put it in a VM you fucking morons.

Re:Erm... (1)

Chewbacon (797801) | more than 2 years ago | (#38590756)

I'd say who the hell would try to rob an ATM in the first place, but then people do. My fiancé works at a bank that recently got broken into and the guys tried to break into the ATM. They busted the lock on it at which point the alarm went off (way after they shattered the glass door). It took Diebold 8 hours to drill their own ATM and get the money out. In my old IT job I had to support communications for a few ATMs. The guy that filled it fucked up and put the wrong bills in the wrong slot. So the bank came out and investigated. They downloaded some info from the machine which I assumed was a local log of card swipes and transactions done. It raises the question: if an attacker cut the phone line/cat5 coming out the back, then how would the bank investigate it?

And they can guarantee you Ohio (1)

Toe, The (545098) | more than 2 years ago | (#38589834)

This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?

Re:And they can guarantee you Ohio (2)

Black Parrot (19622) | more than 2 years ago | (#38590090)

This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?

They're more careful with the important stuff, like money.

Re:And they can guarantee you Ohio (1)

icebike (68054) | more than 2 years ago | (#38590146)

This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?

Apparently we trust them with money.

Frightening!

Re:And they can guarantee you Ohio (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38590652)

If our priorities can be inferred from how much effort we put into them, they are as follows:

xbox360/PS3 savegames, then money, then votes.

Re:And they can guarantee you Ohio (1)

neonKow (1239288) | more than 2 years ago | (#38590758)

I'm pretty sure a voting machine's worth of votes is worth more than an ATM filled with money.

Re:And they can guarantee you Ohio (1)

icebike (68054) | more than 2 years ago | (#38591464)

I'm pretty sure a voting machine's worth of votes is worth more than an ATM filled with money.

I'm not so sure.
There were widespread reports of white vans hauling people from polling place to polling place to vote multiple times
for the price of a beer in dozens of Chicago

Even when you get the votes somewhat honestly, by campaigning for them, a vote only costs around
7 bucks according to Slate [slate.com] .

In the contested 2008 House races, the average winner spent $1.3 million and received about 185,000 votes, for a total cost of about $7 per vote. Losers spent an average of $493,000 for 91,000 votes, at a unit cost of $5.42. Neither of those gives an accurate picture of the true cost of a vote, however, since so many people fill in their ballots along party lines, regardless of campaign spending.

I have no idea of the actual amount of money in an ATM or the actual amount of ballots a ballot box holds. But votes can probably be bought easier than easier than breaking into an ATM. As far as I know, you get a wrist slap and a tisk-tisk for selling your vote. Slightly more for buying votes, but only if done on a grand scale.

Re:And they can guarantee you Ohio (0)

Anonymous Coward | more than 2 years ago | (#38591146)

Umm...they may be morally bankrupt, but they pretty much nailed what they promised.

Given their history when it comes ATMs, the question we should be asking isn't why should we trust them when it comes to money, but why we accept the current state of their voting machines since it's clear it's not due to incompetence or apathy.

Re:And they can guarantee you Ohio (1)

slick7 (1703596) | more than 2 years ago | (#38590918)

This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?

The company that screwed with the voting machines in bed with the company that screwed with the economy and the American people. It does not bode well for either.
I gotta feeling it's going to be a long, hot, summer.

Voting machines? (1)

U8MyData (1281010) | more than 2 years ago | (#38589842)

No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.

Re:Voting machines? (1)

lucm (889690) | more than 2 years ago | (#38589916)

No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.

Have you seen the documentary where the guy finds out that the "secure database" where they collate votes is a simple Access file?

Re:Voting machines? (4, Funny)

Pieroxy (222434) | more than 2 years ago | (#38590050)

Have you seen the documentary where the guy finds out that the "secure database" where they collate votes is a simple Access file?

And so? Are you going to tell me that Access is insecure now?

Sheesh, you find these MS haters around every corner these days...

Re:Voting machines? (2)

thechemic (1329333) | more than 2 years ago | (#38590174)

It's not about being a MS hating. The reason they used MS Access as a platform to store voting data is so that their cronies could go to Staple-Max and pickup a copy of MS Access. Then with a minute or two in a private voting booth with access to the voting machine you could easily modify the vote and be on your way. Please watch documentaries and read articles regarding Diebold voting fraud. It's been going on for over 15 years now (perhaps longer). You might want to get up to speed on the whole topic before running around calling people haters.

Re:Voting machines? (1)

Anonymous Coward | more than 2 years ago | (#38590298)

Couldn't agree more... and hey, what was that whooshing noise just now? :)

good idea (0)

Anonymous Coward | more than 2 years ago | (#38589860)

it's not way easier to fix an election with a centralized vote tabulating machine. Sigh.

Really? (0)

Anonymous Coward | more than 2 years ago | (#38589878)

I always assumed ATMs stored no data and did everything over the network.

why was data ever stored? (1)

Karmashock (2415832) | more than 2 years ago | (#38589904)

Why virtualize when you can dumb terminal? Anyway... whatever works.

I know thieves can rip information out of ram chips but only whatever was in active memory which in the case of an ATM would be the last client. Hardly seems worth the trouble to just steal one credit card number.

As to logging... by all means have an encrypted flash drive in the machine but don't actually log the actual numbers.

Instead, log some bank ID Code that can be used to FIND an account if you're a bank but can't be used by a customer/client to transfer funds or charge accounts. I'm sure such numbers already exist. Just use those for logging. If you really need to, include the last 4 digits of a card but there's no reason to keep it all there. And of course encrypt it. Doubtless the banks will get lazy and use the same encryption key for every machine and won't change it for ten years. But it will stop some thieves so you might as well.

Re:why was data ever stored? (1)

bugs2squash (1132591) | more than 2 years ago | (#38590482)

They'll probably create a code using things they already know about you, like a social security number, drivers license number etc.

I can't believe that even Diebold (5, Interesting)

Presto Vivace (882157) | more than 2 years ago | (#38589908)

ever stored customer data in the ATM terminal itself. I always assumed that the info was all in the bank's server. Things are worse than I imagined.

Re:I can't believe that even Diebold (2)

tverbeek (457094) | more than 2 years ago | (#38589982)

So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?

Re:I can't believe that even Diebold (2)

Pieroxy (222434) | more than 2 years ago | (#38590076)

So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?

Yes. That's called progress. For them at least.

Re:I can't believe that even Diebold (1)

GumphMaster (772693) | more than 2 years ago | (#38590288)

While working for a Fortune 500 company I was constantly amazed by the low bar set on "innovation". There was a a very strong "If it hasn't been done here then it must be new" mentality.

Re:I can't believe that even Diebold (1)

neonKow (1239288) | more than 2 years ago | (#38590804)

Don't worry. They'll realize their mistake soon and go to their back-up method: storing our private info on paper print-outs stored in a built-in plastic tub with a window so ATM maintenance will know when to go empty the paper into the nearest garbage bin.

Re:I can't believe that even Diebold (1)

mirix (1649853) | more than 2 years ago | (#38590034)

I thought this too. Why else do they not work without a network connection?

It must be all server based, it's not going to store the accounts and balances of every supported cardholder... Even if it did, it changes constantly, and still requires networking for current balances, new accounts, etc.

Re:I can't believe that even Diebold (1)

MichaelSmith (789609) | more than 2 years ago | (#38590158)

Back when ATMs were a new thing I financed a holiday on credit by exploiting a bug in ATMs. Apparently the banks in those days did batch processing overnight and were unable to handle messages from their ATMs. So late at night you could withdraw money and push your account into debt.

Re:I can't believe that even Diebold (4, Informative)

Midnight_Falcon (2432802) | more than 2 years ago | (#38590202)

Don't use your credit card at a restaurant then. Almost all point of sale systems cache locally to some extent, often for up to a month!

These systems were all built with bad network communication in mind -- verifying over phones, etc, which causes them to have to store this credit card data (PAN data). Because modern systems are just upgrades on these old codebases, little has changed but to give it the bare amount of encryption/etc for PCI compliance, which is routinely ignored by small businesses.

Irrelevant (-1)

Anonymous Coward | more than 2 years ago | (#38589912)

That's irrelevant and totally out of the point!

Encryption? (2)

hawguy (1600213) | more than 2 years ago | (#38589942)

I think proper use of encryption should protect the customer data on the local machine - store the decryption key on the server and only hand back to the ATM if it requests it over its private secure link. And if the intrusion sensor goes off on the ATM, delete the decryption key along with the public key that the ATM uses to authenticate itself -- make a technician visit the machine and look for tampering before reloading with the authentication key.

I doubt any of these data thieves are keeping the ATM powered until they can take it back to their shop and and use data probes to capture data from a running machine.

But is this really a problem? Do ATM's store easily recoverable data on a hard drive?

I thought skimmers were the way to go if you wanted to steal account data from an ATM.

Re:Encryption? (0)

Anonymous Coward | more than 2 years ago | (#38590024)

Irrelevant. Criminals are using electronic devices over the top of ATMs to grab your card keyboard/screen input. They can replicate your card, and know your PIN, plus a few other thousand victims.

Re:Encryption? (1)

hawguy (1600213) | more than 2 years ago | (#38590388)

I thought skimmers were the way to go if you wanted to steal account data from an ATM.

Irrelevant. Criminals are using electronic devices over the top of ATMs to grab your card keyboard/screen input. They can replicate your card, and know your PIN, plus a few other thousand victims.

Skimmer. [wikipedia.org]

Re:Encryption? (2)

Pieroxy (222434) | more than 2 years ago | (#38590092)

I think proper use of encryption

I stopped right there. You know we're talking about Diebold right?

Re:Encryption? (1)

fuzzyfuzzyfungus (1223518) | more than 2 years ago | (#38590716)

This is the division of Diebold that handles stuff we care about, not the division(now "Premier election systems") that handles ceremonial functions.

Re:Encryption? (1)

Midnight_Falcon (2432802) | more than 2 years ago | (#38590230)

ATMs often use some type of cheap flash memory, and it's easy with basic forensic tools to recover even deleted data from there. As to encryption..some ATMs are quite old, and I wouldn't be surprised if you found a lot of DES implementations out there you can easily crack.

Re:Encryption? (1)

hawguy (1600213) | more than 2 years ago | (#38590378)

ATMs often use some type of cheap flash memory, and it's easy with basic forensic tools to recover even deleted data from there. As to encryption..some ATMs are quite old, and I wouldn't be surprised if you found a lot of DES implementations out there you can easily crack.

Presumably these old machines wouldn't be the machines that are using this new VM technology.

Network layer security (0)

Anonymous Coward | more than 2 years ago | (#38589944)

Zero-client doesn't safeguard you if your network back to the VM is exposed.

That's one of the key problems with voting machines: they are stored for lengthy durations (from a hacking perspective) in thousands of relatively unsecure areas prior to the election, and they are moved, and set up by technically unknowledgable volunteers. Getting them to securely connect to anything after that is going to be challenging.

Just now? (0)

Anonymous Coward | more than 2 years ago | (#38589964)

Why now? Why not years ago? Is this already something commonly done by other ATM manufacturers or is Diebold ahead of the pack for once?

Diebold Jokes Aside (0)

Anonymous Coward | more than 2 years ago | (#38589980)

I've heard from someone working in DC for this administration in 'cyber security' that Diebold is primarily an ATM company and that their voting machines division is from a recent acquisition that they're somewhat stuck with.

The POS conundrum... again (1)

lucm (889690) | more than 2 years ago | (#38589988)

Option 1: you have a centralized ATM/POS software, no data on the end points. Great security. But your network connection becomes a liability - no network, no transactions, even if the client and the money are in the same physical location.

Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.

Pick one.

Re:The POS conundrum... again (1)

Samalie (1016193) | more than 2 years ago | (#38590060)

Option #1. Every time.

Who the fuck would want Option #2?

I can go without making a transaction at Store_ATM_001345716 at a given moment.

Re:The POS conundrum... again (1)

lucm (889690) | more than 2 years ago | (#38590412)

If you are a business owner that will lose money when the shitty DSL modem is blinking, you might have to reconsider.

Re:The POS conundrum... again (0)

Anonymous Coward | more than 2 years ago | (#38590064)

Option 3: Cash only, it gets removed from the store every day, and all the employees are armed.

Re:The POS conundrum... again (1)

Midnight_Falcon (2432802) | more than 2 years ago | (#38590270)

Option 3: Use option #1, but get a backup 1) phone line for slow verification and 2) GPRS/3G USB radio for internet access, and make sure communication over the network is entirely TLS/SSL.

Chances of both your 3G USB internet card and your DSL/cable going down simultaneously is quite low. Throw in a good old landline and modem to the mix and then there's super high availability.

If all these internet options don't work, chances are some massive disaster prevents your business from operating anyway, eh?

Re:The POS conundrum... again (1)

lucm (889690) | more than 2 years ago | (#38590326)

Option 3: Use option #1, but get a backup 1) phone line for slow verification and 2) GPRS/3G USB radio for internet access, and make sure communication over the network is entirely TLS/SSL.

Chances of both your 3G USB internet card and your DSL/cable going down simultaneously is quite low. Throw in a good old landline and modem to the mix and then there's super high availability.

If all these internet options don't work, chances are some massive disaster prevents your business from operating anyway, eh?

I've been working for a major retailer and that kind of setup was just impossible to get in some regions. It works well in the city, but then in the city you usually can get two ISP or telcos.

So the retailer POS was a lousy standalone client with frequently interrupted data consolidation jobs. And so far nobody came up with a better solution. Yes, there is encryption, landmines, etc that one can use to protect the POS but still.

Re:The POS conundrum... again (1)

Midnight_Falcon (2432802) | more than 2 years ago | (#38590382)

I'm pretty sure you can get HughesNet anywhere, but the cost might be prohibitive for certain businesses.

Re:The POS conundrum... again (1)

lucm (889690) | more than 2 years ago | (#38590444)

Well you are probably right... also the skill set to setup a reliable network is usually not available for a small business where there is a policy to give only one napkin per customer to save money (those napkins add up!)

Re:The POS conundrum... again (1)

godel_56 (1287256) | more than 2 years ago | (#38590278)

Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.

You could have your data stored encrypted on non-volatile ram, but the encryption key in volatile ram that gets wiped whenever the access door is opened or the ATM is removed from its site.

A list of valid encryption keys would be kept at headquarters for maintenance purposes and reinstatement if a stolen ATM is recovered.

Re:The POS conundrum... again (1)

lucm (889690) | more than 2 years ago | (#38590302)

Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.

You could have your data stored encrypted on non-volatile ram, but the encryption key in volatile ram that gets wiped whenever the access door is opened or the ATM is removed from its site.

A list of valid encryption keys would be kept at headquarters for maintenance purposes and reinstatement if a stolen ATM is recovered.

This is a remediation for option 2. The VM thing is remediation for option 1. Still no winner!

Re:The POS conundrum... again (0)

Anonymous Coward | more than 2 years ago | (#38590294)

ATM/POS as in ass to mouth/piece of shit?

Re:The POS conundrum... again (0)

Anonymous Coward | more than 2 years ago | (#38590454)

It can be made secure for a while by requiring closed hardware modules on the endpoints that have tamper-resistant chips in them, and using a proprietary protocol. This is how GSM works, and it has been pretty secure for over a decade now. Similar with satellites, where the piracy rate (AFAIK) is pretty much zero these days.

I'd probably go with option 3: A hardened, encrypted cache appliance that watches its GPS position and cell tower proximities, and would purge data if disconnected or moved, and has physical tamper resistance. It also would use a closed protocol [1] for moving data back and forth. This can be designed cheaply enough to foil almost all but intel agencies.

[1]: Probably something like ssh or TLS, and then a symmetric key (different for every ATM) over that. This way, if the symmetric key for that ATM is found, things are still secure, and if there is a factoring breakthrough making public key encryption pointless, the symmetric keys will keep some security going. Straying too far from a known and tested protocol is asking for it.

Re:The POS conundrum... again (1)

bugs2squash (1132591) | more than 2 years ago | (#38590536)

option 3: Make the ATMS thin and for locations that have a secure vault have a second server in the bank vault that can proxy for the network if it goes down for a few hours and if you want, have two network connections. That should cover most eventualities.

Not really (2, Informative)

Anonymous Coward | more than 2 years ago | (#38589994)

I stopped reading when it said that ATMs store customer data on the machine. That's the most ridiculous thing I've ever heard. ATMs have always accessed customer data from central servers.

If that weren't the case, I could just visit all the ATMs for my bank and withdrawl my account balance. There would be no way the machines would know I've made withdrawls.

Fuck, does the Diebold tech just walk from machine to machine each day with a floppy disk?

I've delt with ATMs before, and they usually have a DSL connection with a static IP and a VPN back to the central server. The ones I have worked with run Windows XP. If you steal one, you're just getting a computer. The ATM software won't work because of IP restrictions at the central server (you have to be on the DSL at the location). The firewalls in the ATM providing the VPN connection do not allow anything out or in except over that VPN. There is no customer data. Customer data is stored in RAM by the Diebold software when it is accessed. I suppose that's a security risk, but what else can you do?

I think the entire article is full of shit.

Diebold = secure (0)

Anonymous Coward | more than 2 years ago | (#38590070)

Yes of course 'diebold means secure'. Why using strong words? Everyone knows what i mean.

It would upset their "customers." (1)

erroneus (253617) | more than 2 years ago | (#38590112)

Perhaps Diebold should take the same approach to vote-tabulating machines.

I think the 'features' of the Diebold voting machines are desireable to the people who rig, err, run elections.

what about dial up / places that don't have bandwi (1)

Joe_Dragon (2206452) | more than 2 years ago | (#38590132)

To run a GUI over a link like that you need some bandwidth and you don't want lag to get to bad.

Now will a very slow redraw / network drop while in use freak people out. Also ATM do keep local LOG's so what happens if the network drops and cash does not come out but NOW there is no log of it and backend thinks the transacton is over. Or it fails you take the cash out and then the network comes back and it spit's out more cash as in a retry of last command.

Re:what about dial up / places that don't have ban (0)

Anonymous Coward | more than 2 years ago | (#38590376)

The "GUI" on the ATM can easily be separated from the data sent to and from the back-end VM. In this sense, once the ATM has authenticated itself with the backend, it is no more than a specialized dumb terminal, even if it has a pretty, graphical display terminal on it.
Probably even makes this aspect of the ATMs slightly cheaper for Diebold to make.

true story (units in the field / security) (1)

forgottenusername (1495209) | more than 2 years ago | (#38590140)

I almost worked for a company that did kiosks. XP kiosks, delivering media. After asking a few basic questions I discerned;

1) They were all part of one AD domain
2) The systems auto-logged in via a service user that was a domain admin
3) The application had those creds in plaintext config files
4) That AD domain.. the company only had one.. shared with their office users / backoffice.
5) No one really thought it was a big deal to ship a product like that with physical units in the field.

I did not take the job. :-)

The VM thing is a reasonable idea, but there's still going to be communication to a centralized server with authorization requirements etc. That'll be the weak point.. or at least one of them. One of the keys is to look for 'unexpected' downtime.

Physical access is pretty painful to shore up.

Seriously? (0)

Anonymous Coward | more than 2 years ago | (#38590156)

Perhaps Diebold should take the same approach to vote-tabulating machines.

Are you kidding? Then the vote-counting fraud can be even more centralized and obfuscated away.

Zero Client? (1)

AlienIntelligence (1184493) | more than 2 years ago | (#38590198)

Who the fuck is making up these stupid names.

Thin client was just fine as a term in the 90s. But since
nearly a couple decades have gone by, we need to change
the name again??

So, the new ATM is a chip or chips that get, everything
including their ROM from the server, every time they are
initialized? I don't think so... I'm sure some code is on there
so... it's not a zero client, it's a thin client.

Welcome to the 21st century Diebold! {11 years later}

-AI

Waiting for a thin client spoof so they can steal even more data.

As to the same approach on voting machines.... (1)

Fallen Kell (165468) | more than 2 years ago | (#38590208)

All you do there with the VM is move the place that the data can be manipulated from the individual voting machine to the server, and even then, it doesn't stop a hack of the live running VM from affecting the rests it stores to the server.

The reason VMs work for the ATM machines is that the people were physically stealing the ATM machine and then getting the data off the internal memory. This works because when they steal the machine, it losses power and connection to the network where the VM's backstore was located. Once it is off the net, it can not access that data.

This doesn't work for securing a voting machine except from people stealing the voting machine to then get the votes and any other information stored locally from that machine. It still would not prevent someone from having the vote tabulation software from counting all votes for a particular candidate as votes for someone else, or a small portion, or counting each vote twice for someone, etc., etc.... That can only be fixed by having a voter verified printout which then gets stored separately (and can be cross checked later by the voter to verify that his/her particular vote was counted correctly).

Re:As to the same approach on voting machines.... (0)

Anonymous Coward | more than 2 years ago | (#38590392)

ATM machine? I swear to god, each time someone says that, I want to track them down, rip off their genitals, shove them up their ass, douse them in gasoline, and then light them. The same with PIN number. I want to beat your face in.

zero-client ATM (1)

nurb432 (527695) | more than 2 years ago | (#38590222)

This is new? Why was client info EVER stored locally? These should have been nothing more than a ( secure ) dumb terminal.

Blue-sky thinking (1)

kheldan (1460303) | more than 2 years ago | (#38590254)

Perhaps Diebold should take the same approach to vote-tabulating machines.

Sure thing. Then scumbag politicians need only hack one computer to steal an election, rather than having to hack a whole bunch of separate computers.

VMS (1)

riverat1 (1048260) | more than 2 years ago | (#38590340)

Damn, when I first read the headline I thought it said they were going to use VMS, one of the most secure OS's out there. Sounded like a good idea.

As others have said I find it astounding that that there would be customer data stored on an ATM. Perhaps they store a transaction log of some sort as an auditing tool.

Uhh Diebold isn't even in the voting market game (0)

Anonymous Coward | more than 2 years ago | (#38590434)

Ummm hey guys have you looked, Diebold isn't even involved in voting machines anymore. To say they should use this there is just silly since they do not produce those products anymore.

Perhaps they run on magic? (1)

MrLint (519792) | more than 2 years ago | (#38590484)

"No customer data is captured and stored on the ATM itself."

The keypad is just there for show.
The actual PIN is recorded by mindreading lasers stationed physically inside the VM.

Re:Perhaps they run on magic? (1)

DragonWriter (970822) | more than 2 years ago | (#38591028)

"No customer data is captured and stored on the ATM itself."

The keypad is just there for show.

I suspect they are distinguishing inputs (and outputs) which transit through the device from data which is "captured and stored" on the device. If each keypress on the keypad is just passed to the remote server with nothing recorded locally, that's a lot different than if the you have a stored history of local events.

internet access? (1)

wfstanle (1188751) | more than 2 years ago | (#38590490)

Perhaps Diebold should take the same approach to vote-tabulating machines.

I don't know about that. My way of thinking would be to isolate the machines from the Internet as much as possible. There are many ways in as it is. Allowing Internet access gives hackers another way into the system. As far as the speed issue? What is the hurry, there is a huge amount of time between election and the winner taking office,

Diebold... Secure? (0)

Anonymous Coward | more than 2 years ago | (#38590512)

Does not parse.

"No customer data is captured and stored on the AT (0)

Anonymous Coward | more than 2 years ago | (#38590528)

"No customer data is captured and stored on the ATM itself."

No fingerprints, residual heat from fingers, internal cache RAM, no... none at all indeed.

THIN CLIENTS (1)

toomanyhandles (809578) | more than 2 years ago | (#38591320)

RE: this summary. OK, ATM is a thin client. Earth-shaking technologically? no. For this business, perhaps, and "why didn't this succeed earlier".

RE: Diebold and vote-tabulating machines in this regard per the summary:

Are you on something? The same Diebold PR mechanism that produced and sold ATMS that ... wait for it... generated printable paper trails on each transaction stated that their solution for voting booth customers was incapable of this same paper trail.

And you expect at this point sheeple to connect the dots?
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...