Diebold Marries VMs with ATMs to Secure Banking Data 151
gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.
Erm... (Score:5, Insightful)
Presumably the money is all sitting in a VM at one of Diebold's datacentres as well?
Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.
Also, who the hell was storing any significant customer data on the ATMs in the first place?
Re:Erm... (Score:5, Insightful)
Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.
Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.
Re:Erm... (Score:5, Insightful)
Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.
Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.
I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.
Having the system on a VM seems to be necessary because Diebold insists on using Windows in the boxes. Windows, left laying around in public!! Idiots! By having VMware, running, they can give each customer a fresh virtual machine to run the transaction, saving them a whole lot of programming to make sure all cached data is cleared from memory. (In other words saving them from having to do a competent job in the first place).
A simple terminal system would do the same. There never was a valid use case for having any data resident in the cash machine.
The more you read the story the less you are sure that what they are reporting is actually what is happening, because it is so incredibly dumb. But then this is Diebold, so.....
Re: (Score:3)
Who said that they stole ATMs to get customer data? It was a "happy" side effect since the money and the data were stored in the same container. It's like a pickpocket that wants the money in your wallet but also ends up with your swingers club membership card and the pictures of your children.
Are you so sure it actually runs that way, even in Brazil? I've never seen an ATM without a network connection of some sort.
I seriously doubt there is any customer date in the ATM. Refreshing that daily would be a nightmare.
Best case scenario yes, the network is up. But what if the network is down? Do you lock out the customer? Nah, you make sure that the card is valid (simple algorithm or the chip) and you log the transactions so you can consolidate them later (and track down the people who withdrew too much money).
Sometimes when you see a message saying that the account balance is not available, you can bet that you are dealing with a node that is disconnected from the mothership and will stack up transactions until it can u
Are you sure? (Score:2)
Re:Are you sure? (Score:5, Informative)
I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.
It depends on your local ATM I guess, but just for fun, next time you can't get a balance before withdrawing, try to take out more money than you have (if the ATM limit is high enough) and you'll have the answer. They will put a negative balance in your bank account and call you to complain a few days later.
This happened to a friend of mine who was sure the ATM was broken so he kept taking money out. Tsk tsk. Beating the bank - not possible!
Re: (Score:2)
Last time I was at a Scotiabank that's exactly what they did. Some part of their network went down, all the ATMs were shut down. No idea how big the outage was, but I know for sure the ATMs were nonfunctional. The in-bank ones were even powered off.
Re: (Score:2)
Re:Erm... (Score:4, Insightful)
Best security practice is to not have ATMs. Or electronic banking. Or paper checks. Or bank accounts. Or credit/debit cards. Or even cash. All of them have been abused by criminals. However, out here in the real world most people don't live in a constant state of paranoia about what criminals might do, and they don't like it when they can't access their money.
Re: (Score:3)
But even in the real world you want your banks to make a half hearted attempt at security, and they're not even doing that much usually. You don't have to be paranoid to lock your doors at night.
Re: (Score:2)
Banks make a whole lot more then half-hearted attempt at security. Their network security nowadays is a work of art. The problem is that the amount of people who want to hack them is also astronomically higher then anyone else.
Re: (Score:2)
Well it's not very surprising considering that at least a Diebold I saw was running Windows 2k and seemingly without ECC-RAM since it kept blue-screening with the same tell-tale message over and over, ran through BIOS, booted up, tried loading it's user interface and eventuelly the cycle began anew...
I'm astonished they manage to keep the things from blowing up all by themselves
Your [tax money|banking fees|retailer premium] at work!
Re: (Score:2)
Sorry you have to hear it from me, but your PIN is stored on the card. That's why you can't call and change your PIN - you have to put the card in the ATM to do it, and rewrite the mag strip.
Re: (Score:2, Informative)
I work in network operations for a company that does core processing for banks. None of our thousands of ATMs store customer data on the ATM and I can't imagine a reason any of our competitors would do it differently than we do.
The ATM is going to have to report back to whatever server or mainframe maintains the account balance regardless, why would you cache that information on the ATM?
Re: (Score:3)
Who the hell steals an ATM out of the wall to get customer data?
Presumably the real reason for ripping it out of the wall is to get to the cash contained therein. According to TFA, the more refined thieves install some malware on the ATM which is running Windows XP or OS/2 that gathers the information and saves it to an encrypted file on storage local to the ATM, then they read out the encrypted file later. In the virutalization scheme, the ATMs become a thin client only responsible for updating the display and sending key presses and card information back to the cent
Re: (Score:2)
Re: (Score:2)
Put the ATMs inside the banks, only usable during operating hours. That would solve most of the problems except that customers would cry that the added security is too inconvenient.
If they do have one outside they should secure the transaction to the back office so that man-in-the-middle won't work, and disallow operation if the network is down (yes, some customers will cry that one day a year it doesn't work but ignore them).
Re: (Score:2)
Also, who the hell was storing any significant customer data on the ATMs in the first place?
That's exactly what struck me about the summary. What's "novel" about an ATM being networked into a central server where the data is stored? I thought they were ALWAYS like that (long before the modern consumer internet even existed). Even back in the 70's I remember them being networked to the bank's central server.
Nothing has changed... (Score:2)
Re: (Score:2)
Re: (Score:3)
Exactly what I was thinking. Here in Brazil these kinds of ATM robbering using explosives make the news at least once a week, but I can't remember hearing even once that they were after customer data. Actually I ever thought that the ATMs were more like dumb terminals to start with. There's no need to store any kind of customer data on them.
As for the robbering, what banks are doing is to mark the bills with ink when the ATMs are forced open, and there's even regulation in place that say people and commerce
Re: (Score:2)
I suspect a lot of them just aren't constantly connected to a network but may do periodic connections. Especially in places where there aren't free and abundant internet connections. And you don't trust the internet for this stuff, instead you use the leased line from the bank branch to the back office mainframe.
Why? (Score:2)
Why would one store customer data in any kind of non-volatile storage on an ATM machine in the first place? You can run software on the local machine without storing data. It just seems like moving the software into a VM so as not to store customer data locally is hitting a thumbtack with a sledgehammer.
Re: (Score:2)
The "Provide product, receive money, repeat." business model is, like, totally retro, man. Why do that played-out stuff when you can make the customer pay for the box and build in technological measures to yank the firmware if they ever stop paying, then call it a security feature?
All the cool kids are building in network-dependent 'security' feature
Re:Erm... (Score:5, Insightful)
Re: (Score:3)
The simpler the terminal, the more obvious any modification.
Re: (Score:2)
The one major advantage
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I should kind of hope that it takes them hours to get into the thing.
Re: (Score:2)
Re: (Score:2)
'xactly.
This sounds like someone has put a marketing spin on "we fixed a really dumb security problem we had", and figured out that if they threw in the word VM then someone else may say "cloud" and suddenly we have buzzwords and more sales!
This is, of course, why I'll always be in the engineering department. Marketers are not supposed to make press releases saying "We're sorry it took us so long to stop storing your
Re: (Score:2)
The solution is not necessarily using VM; the solution is to not trust the damned ATM in the first place and use a remote server!
Banks are notoriously awful about security. Security and convenience to not cooperate. So for a time banks would encode the PIN codes on the back of the ATM cards so that they wouldn't have to have a delay while it was verified with the back office; the reasoning I presume is that your typical customer wouldn't own such a complex machine as a card reader. Even today banks still
Re: (Score:2)
Also, who the hell was storing any significant customer data on the ATMs in the first place?
That was my first thought, I assumed they already worked like this!
Voting machines? (Score:2)
Re: (Score:2)
No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.
Have you seen the documentary where the guy finds out that the "secure database" where they collate votes is a simple Access file?
Re:Voting machines? (Score:5, Funny)
Have you seen the documentary where the guy finds out that the "secure database" where they collate votes is a simple Access file?
And so? Are you going to tell me that Access is insecure now?
Sheesh, you find these MS haters around every corner these days...
Re: (Score:2)
Re: (Score:2)
You need to adjust your humor detector sensitivity, nothing more.
Re: (Score:2)
Sure: http://lmgtfy.com/?q=documentary+election+diebold+access [lmgtfy.com]
See first hit
Re: (Score:2)
No, got a link?
https://thepiratebay.org/torrent/4435382/Hacking.Democracy.HBO.Documentary.XviD.DvdRip [thepiratebay.org]
Won't protect from skimming (Score:3)
Re: (Score:3)
I can't believe that even Diebold (Score:5, Interesting)
Re: (Score:3)
So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?
Re: (Score:3)
So they've figured out that they should be doing something that anyone with any sense whatsoever would have been doing from Square One?
Yes. That's called progress. For them at least.
Re: (Score:2)
While working for a Fortune 500 company I was constantly amazed by the low bar set on "innovation". There was a a very strong "If it hasn't been done here then it must be new" mentality.
Re: (Score:2)
Don't worry. They'll realize their mistake soon and go to their back-up method: storing our private info on paper print-outs stored in a built-in plastic tub with a window so ATM maintenance will know when to go empty the paper into the nearest garbage bin.
Re: (Score:2)
I thought this too. Why else do they not work without a network connection?
It must be all server based, it's not going to store the accounts and balances of every supported cardholder... Even if it did, it changes constantly, and still requires networking for current balances, new accounts, etc.
Re: (Score:2)
Maybe it stores local trace data for auditing purposes.
Re: (Score:2)
Back when ATMs were a new thing I financed a holiday on credit by exploiting a bug in ATMs. Apparently the banks in those days did batch processing overnight and were unable to handle messages from their ATMs. So late at night you could withdraw money and push your account into debt.
Re: (Score:2)
Re:I can't believe that even Diebold (Score:4, Informative)
These systems were all built with bad network communication in mind -- verifying over phones, etc, which causes them to have to store this credit card data (PAN data). Because modern systems are just upgrades on these old codebases, little has changed but to give it the bare amount of encryption/etc for PCI compliance, which is routinely ignored by small businesses.
Encryption? (Score:3)
I think proper use of encryption should protect the customer data on the local machine - store the decryption key on the server and only hand back to the ATM if it requests it over its private secure link. And if the intrusion sensor goes off on the ATM, delete the decryption key along with the public key that the ATM uses to authenticate itself -- make a technician visit the machine and look for tampering before reloading with the authentication key.
I doubt any of these data thieves are keeping the ATM powered until they can take it back to their shop and and use data probes to capture data from a running machine.
But is this really a problem? Do ATM's store easily recoverable data on a hard drive?
I thought skimmers were the way to go if you wanted to steal account data from an ATM.
Re: (Score:3)
I think proper use of encryption
I stopped right there. You know we're talking about Diebold right?
Re: (Score:2)
Re: (Score:2)
You make it properly secure and then it's too expensive to sell.
Re: (Score:2)
You make it properly secure and then it's too expensive to sell because there's the Diebold alternative which looks as good to a clueless user.
There. FTFY.
Re: (Score:2)
But is this really a problem? Do ATM's store easily recoverable data on a hard drive?
If they want to give out money even if there is no network connection, then they need to be able to store transactions and execute them later - even after a power-failure or after another type of system failure. Of course that data ought to be stored in an encrypted format with separate keys for encryption and decryption. The ATM ought to delete the decryption key from memory as soon as the network connection is lost, an
Re: (Score:2)
ATMs often use some type of cheap flash memory, and it's easy with basic forensic tools to recover even deleted data from there. As to encryption..some ATMs are quite old, and I wouldn't be surprised if you found a lot of DES implementations out there you can easily crack.
Presumably these old machines wouldn't be the machines that are using this new VM technology.
Re: (Score:2)
I thought skimmers were the way to go if you wanted to steal account data from an ATM.
Irrelevant. Criminals are using electronic devices over the top of ATMs to grab your card keyboard/screen input. They can replicate your card, and know your PIN, plus a few other thousand victims.
Skimmer. [wikipedia.org]
The POS conundrum... again (Score:2)
Option 1: you have a centralized ATM/POS software, no data on the end points. Great security. But your network connection becomes a liability - no network, no transactions, even if the client and the money are in the same physical location.
Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at n
Re: (Score:2)
Option #1. Every time.
Who the fuck would want Option #2?
I can go without making a transaction at Store_ATM_001345716 at a given moment.
Re: (Score:2)
If you are a business owner that will lose money when the shitty DSL modem is blinking, you might have to reconsider.
Re: (Score:2)
Last I knew, Visa, Mastercard, and American Express all require you to have a manual imprinter for when your machines or network are down. Don't know how this changes with the new unembossed cards that are now coming out.
Re: (Score:2)
Re: (Score:2)
Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.
You could have your data stored encrypted on non-volatile ram, but the encryption key in volatile ram that gets wiped whenever the access door is opened or the ATM is removed from its site.
A list of valid encryption keys would be kept at headquarters for maintenance purposes and reinstatement if a stolen ATM is recovered.
This is a remediation for option 2. The VM thing is remediation for option 1. Still no winner!
Re: (Score:2)
Option 3: Use option #1, but get a backup 1) phone line for slow verification and 2) GPRS/3G USB radio for internet access, and make sure communication over the network is entirely TLS/SSL.
Chances of both your 3G USB internet card and your DSL/cable going down simultaneously is quite low. Throw in a good old landline and modem to the mix and then there's super high availability.
If all these internet options don't work, chances are some massive disaster prevents your business from operating anyway, eh?
I've been working for a major retailer and that kind of setup was just impossible to get in some regions. It works well in the city, but then in the city you usually can get two ISP or telcos.
So the retailer POS was a lousy standalone client with frequently interrupted data consolidation jobs. And so far nobody came up with a better solution. Yes, there is encryption, landmines, etc that one can use to protect the POS but still.
Re: (Score:2)
Well you are probably right... also the skill set to setup a reliable network is usually not available for a small business where there is a policy to give only one napkin per customer to save money (those napkins add up!)
Re: (Score:2)
Not really (Score:2, Informative)
I stopped reading when it said that ATMs store customer data on the machine. That's the most ridiculous thing I've ever heard. ATMs have always accessed customer data from central servers.
If that weren't the case, I could just visit all the ATMs for my bank and withdrawl my account balance. There would be no way the machines would know I've made withdrawls.
Fuck, does the Diebold tech just walk from machine to machine each day with a floppy disk?
I've delt with ATMs before, and they usually have a DSL conn
Obvious joke (Score:5, Funny)
According to Ohio Revised Code 3101.01(A) [ohio.gov], effective in 2004, marrying VMs and ATMs is illegal.
Re: (Score:2)
According to Ohio Revised Code 3101.01(A) [ohio.gov], effective in 2004, marrying VMs and ATMs is illegal.
Ohio needs to get with it and pass some less restrictive marriage laws!
It would upset their "customers." (Score:2)
Perhaps Diebold should take the same approach to vote-tabulating machines.
I think the 'features' of the Diebold voting machines are desireable to the people who rig, err, run elections.
what about dial up / places that don't have bandwi (Score:2)
To run a GUI over a link like that you need some bandwidth and you don't want lag to get to bad.
Now will a very slow redraw / network drop while in use freak people out. Also ATM do keep local LOG's so what happens if the network drops and cash does not come out but NOW there is no log of it and backend thinks the transacton is over. Or it fails you take the cash out and then the network comes back and it spit's out more cash as in a retry of last command.
true story (units in the field / security) (Score:2)
I almost worked for a company that did kiosks. XP kiosks, delivering media. After asking a few basic questions I discerned;
1) They were all part of one AD domain
2) The systems auto-logged in via a service user that was a domain admin
3) The application had those creds in plaintext config files
4) That AD domain.. the company only had one.. shared with their office users / backoffice.
5) No one really thought it was a big deal to ship a product like that with physical units in the field.
I did not take the job.
Re: (Score:2)
TJMAX?
Zero Client? (Score:2)
Who the fuck is making up these stupid names.
Thin client was just fine as a term in the 90s. But since
nearly a couple decades have gone by, we need to change
the name again??
So, the new ATM is a chip or chips that get, everything
including their ROM from the server, every time they are
initialized? I don't think so... I'm sure some code is on there
so... it's not a zero client, it's a thin client.
Welcome to the 21st century Diebold! {11 years later}
-AI
Waiting for a thin client spoof so they can steal even more
As to the same approach on voting machines.... (Score:2)
The reason VMs work for the ATM machines is that the people were physically stealing the ATM machine and then getting the data off the internal memory. This works because when they steal the machine, it losses power and connection to the network where the VM's backstore
zero-client ATM (Score:2)
This is new? Why was client info EVER stored locally? These should have been nothing more than a ( secure ) dumb terminal.
Re: (Score:2)
It is amazing. The headline should read: Diebold realizes it has negligently stored customer data on ATM machines.
Blue-sky thinking (Score:2)
Perhaps Diebold should take the same approach to vote-tabulating machines.
Sure thing. Then scumbag politicians need only hack one computer to steal an election, rather than having to hack a whole bunch of separate computers.
VMS (Score:2)
Damn, when I first read the headline I thought it said they were going to use VMS, one of the most secure OS's out there. Sounded like a good idea.
As others have said I find it astounding that that there would be customer data stored on an ATM. Perhaps they store a transaction log of some sort as an auditing tool.
Perhaps they run on magic? (Score:2)
"No customer data is captured and stored on the ATM itself."
The keypad is just there for show.
The actual PIN is recorded by mindreading lasers stationed physically inside the VM.
Re: (Score:2)
I suspect they are distinguishing inputs (and outputs) which transit through the device from data which is "captured and stored" on the device. If each keypress on the keypad is just passed to the remote server with nothing recorded locally, that's a lot different than if the you have a stored history of local events.
internet access? (Score:2)
Perhaps Diebold should take the same approach to vote-tabulating machines.
I don't know about that. My way of thinking would be to isolate the machines from the Internet as much as possible. There are many ways in as it is. Allowing Internet access gives hackers another way into the system. As far as the speed issue? What is the hurry, there is a huge amount of time between election and the winner taking office,
THIN CLIENTS (Score:2)
RE: Diebold and vote-tabulating machines in this regard per the summary:
Are you on something? The same Diebold PR mechanism that produced and sold ATMS that
And you expect at this point sh
Wait, they don't do this already? (Score:2)
You would think that everything is stored and handled remotely when it's always a case of:
*press "Make a Deposit"*
*stare at a progress bar for 5 seconds*
*press "Deposit a Check"*
*stare at a progress bar for 5 seconds*
*insert a check*
*stare at a progress bar for 5 seconds*
"Would you like a receipt?"
*select a receipt type*
*stare at a progress bar for 5 seconds*
"Printing receipt!"
*stare at a progress bar for 5 seconds*
"Another Transaction or Take Card?"
*press "Take Card"*
*stare at a progress bar for 5 seconds*
Re: (Score:2)
LOOKING AT YOU BANK OF AMERICA!
Stop looking at Bank of Whatever and start looking for a local credit union. You're not obligated to help shady corporations generate profit and buy yachts and stadiums.
The National Credit Union Administration [ncua.gov] has a CU locator on their home page.
NCUA's slogan: Protecting credit unions and the consumers who own them through effective regulation.
What? (Score:2)
Why have ATM machines ever stored any customer data?
Re: (Score:3)
This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?
They're more careful with the important stuff, like money.
Re: (Score:2)
People care more about their money than their freedom.
Re: (Score:2)
This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?
Apparently we trust them with money.
Frightening!
Re: (Score:2)
xbox360/PS3 savegames, then money, then votes.
Re: (Score:2)
I'm pretty sure a voting machine's worth of votes is worth more than an ATM filled with money.
Re: (Score:2)
I'm pretty sure a voting machine's worth of votes is worth more than an ATM filled with money.
I'm not so sure.
There were widespread reports of white vans hauling people from polling place to polling place to vote multiple times
for the price of a beer in dozens of Chicago
Even when you get the votes somewhat honestly, by campaigning for them, a vote only costs around [slate.com].
7 bucks according to Slate
In the contested 2008 House races, the average winner spent $1.3 million and received about 185,000 votes, for a total cost of about $7 per vote. Losers spent an average of $493,000 for 91,000 votes, at a unit cost of $5.42. Neither of those gives an accurate picture of the true cost of a vote, however, since so many people fill in their ballots along party lines, regardless of campaign spending.
I have no idea of the actual amount of money in an ATM or the actual amount of ballots a ballot box holds. But votes can probably be bought easier than easier than breaking into an ATM. As far as I know, you
Re: (Score:2)
This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?
The company that screwed with the voting machines in bed with the company that screwed with the economy and the American people. It does not bode well for either.
I gotta feeling it's going to be a long, hot, summer.
Re: (Score:2)
Re: (Score:2)
Yes. The trite summary is that a blind moron with a Celsius room temperature IQ could have seen that the US federal government was going to helicopter cash out to states to pay for voting "upgrades" following the fiasco in Florida during the 2000 election.
Diebold had a (small) division in South America that did voting machines, but they felt it was better to buy a local company. That company is the fucked up one, with the Microsoft Access, and the antivirus* and the glavens.
*Yes, Randall is a smart guy, b
Re: (Score:2)
I don't think it's the data that the thieves are after
It doesn't matter. Once the machine is stolen, you don't know who stole it or for what purpose. Sure, money seems like the obvious target, but you simply do not know what are doing with it, therefore you have to assume anything not encrypted has been compromised. That could be unencrypted transaction data, it could be programs, it could be network configurations, it could be cached Windows credentials, could be private keys, diagnostic log files, the phone number the backup modem dials, it could be anythi