Slashdot Mirror
Can Your ATM Play Beethoven?
bpiltz writes "A funk band in Harrisonburg, VA, called Midnight Spaghetti, has posted a story with photos about a newly installed Diebold Opteva 520 ATM at Carnegie Mellon University that crashed, then rebooted. The Windows XP operating system initialized without the actual ATM software. The result was a public desktop computer, with only a touch screen interface, left wide open for the amusement of the students at the most wired university in the U.S. Interestingly, Diebold is one of the leading manufacturers of e-voting machines."
I see you're trying to extract free cash from a bolloxored ATM cum jukebox. May I help you?
Sheesh, evil *and* a jerk. -- Jade
So who got the fastest ATM minesweeper times?
Start --> Programs --> ATM --> Configure --> Flush Cash (sic)
COME ON!!!!!!!!!! Why in the world would someone waste a computer that's capable of running Windows XP (which probably means at least a Pentium with 64 MB RAM?) on an ATM? I mean, the thing is supposed to check your card, pin and then give you a load of cash... Last time I checked, that's a job for something less than an 8080, which could do the job faster, more securely, and cheaper. The right tool for the right job, people! /me rolls eyes
I work at a credit union, and we use OS/2 ATMs. They tried to foist a windows ATM on us, but couldnt get it to work because the tech was too dumb to tell the difference between a D911 (BiSync) and a D912 (LAN). Quite humorous, I played dumb till after he decided to install the OS2 version and then i pointed out to him it was a D912.
Funny side note though, on all our ATMs, the terminal driver (computer) has its own display on the backside of the unit along with a mouse and keyboard. Of course, we arent using the graphics capabilities because our terminal processor is hmm...slightly older than time.
So useful facts to be noted from experience:
1) Diebold techs do not know their rectums from a serial card. (Ive had to carefully hold their hands through IP setup and assigning the correct host:port combo to attach to the terminal processor)
2) Ive never seen an OS2 atm crash, nor have I ever seen it fail to boot the TCS (Terminal control software).
3) Windows driven ATMs have to the stupidist idea ive ever heard of, but cant really use linux...(see point one about said sub-sentient techs.)
4) I fear a world with diebold designed and serviced windows based voting devices. the havoc...the horror....
I remember the same, when I actually trusted ATMs and banks...
After a brief five-year stint in North-Dakota, where time stood still in happy-land, I ended up in Dublin. I read an article about how Windows had made its way into the ATM-business, thinking "uh-oh-mf-cs-sob"...given my past experiences with this OS-king-of-userfriendliness.
Yesterday, I put my Norwegian super-VISA-bank-card into an Ulster Bank ATM and it stole it! It just swallowed the card, proceeding to say something like: "System down, please use another cashpoint."
So, I call Norway, to ensure there isn't a problem with the actual card. It takes me quite a bit of time before I actually managed to call Ulster bank's customer service line. When I get through, I explain the situation (I had to rephrase 'the ATM stole my card' into 'swallowed it' before I could be assisted).
So the customer service rep states that he can't help me. I ask if there's anyone with any authority that can help me get the card back (it takes me a while to get a new one from Norway). He says: "Sorry, Sir. The ATM in question not being directly attached physically to a bank, a contractor does that job for us. Your card will be destroyed when the ATM is serviced."
I state something to the extent of Ulster bank being poorly organized. The little turd on the other end of the line proceeds to tell me: "I'm sorry, but we took the network down for a few minutes. You must have inserted the card just at that moment."
If I find out this particular ATM is Windows-operated, I will hunt down Mr. Gates, roll him in tar and feathers and chase him out of town with a stick. In the meantime I will file a complaint with Ulster Bank for taking away my sole source of cash until next pay-day.
No you fool! You pry the thing open, push the rectangular boxes of money aside and plug a USB keyboard into it and get hacking!
Bottom line is that some one needs to make a new ATM solution that works, propably on an open source platform (is that secure enough, you tell me), and most impotrant is ...IT WORKS....
Platform? One of the nice things about vintage cash machines was the fact that the software was written in assembly. Let's face it, all a bank machine is is just a glorified terminal. It has no need to store information, no need to access disks, mount devices, nor access a network outside of it's banking protocal. There is no need for it to accept new software other then perhaps firmware update from time to time, nor the ability to run background processes. Doesn't need to do cron events or anything above and beyond take card, peform action on account, say thank you.
There is no sanctuary. There is no sanctuary. SHUT UP! There is no shut up. There is no shut up.
I've done some work for the Royal Bank of Scotland (hence the AC) and I know for a fact that Windows is not allowed anywhere near mission critical systems. Home banking and internal user systems are Java/WebSphere/Solaris/Oracle, back-end to everything is a mainframe (can't remember the OS) that interfaces via CICS to the rest of the system. ATMs are custom coded and run a custom OS and communicate directly to the mainframe via CICS. Some of the code in the mainframe is rumoured to have been written in the 60s and even if you want to change one line of code it can take over a month to go through the testing. The whole system is locked down really tightly. No-one has access to all of the systems at the same time, no matter how high up in the company you are.
The only place Windows is allowed is on the desktop, and that is still NT4 hidden behind a Solaris based proxy and firewalled to the hilt. You cannot even go OUT on a port other than 80 or 443, nevermind the other way.
I work as a contractor and run my own company, so am not affiliated with RBS in any way...
The same happened to me in central England.
I just received my new card and had memorised the PIN number, and went to withdraw money. Three times I tried to enter my PIN and the amount of money I want to withdraw. Each time the machine refused to accept the transaction. After the third time, the machine swallowed my card, telling me to contact the bank. So I call them up, and am told "our machine automatically shreds any card after three unsuccessful attempts and sends an electronic notification to your bank", we can't do anything. So I call up my bank, and they tell me I can't get a new card until they written notification from the machine owners. Neither would talk to the other. In the end, I had to pretend that I had lost my card in order to get a replacement.
It seems to me to be more of dodgy protocol implementations rather than anything else.
About a month ago, all of the National City ATMs in Pittsburgh (where CMU is) got switched from ancient working machines to snazzy new Diebold touch screens. Aside from the one playing Beethoven, there has been at least another one that BSOD'd.
The one on this article was funny and everything until that night when I remembered that I have my life savings in National City.
I stopped at some competing banks in the area on Thursday to get some pamphlets and I will be switching banks on Monday.
--------
It's OK to be social, just don't tell anyone about it.
I would disagree. I work for a small community bank with two branches and a third under construction. We recently moved our ATM off of Star to another processor, and in the process switched from straight Frame Relay to a LAN hookup.... thus going from 911 to 912 software in the process.
The Diebold tech came out, I let him into the ATM room, gave him the IP, gateway, and the host IP and port... and he had the system converted in no time flat. Unfortunately, the problem was NOT with Diebold.
Once he had the system up and online, we had to get the software with the screens the public sees downloaded to the ATM. We spent about 5 hours on the phone off and on with a programmer from our processor and with a programmer from Diebold. They argued back and forth about whose fault it was, and finally the guy from Diebold convined them to email him the load they were sending us and the load from a working bank so he could compare. The next day I come in to work, the Diebold tech shows up about 20 minutes later (10 minutes earlier than he had told me he would)... and he immediately starts telling me what's going on. Apparently our processor is sending us an imcomplete load for some reason, less than half the size it should be. All that arguing yesterday, and they never actually took the time to check that they were sending us the right thing.
So we have to sit and wait for them to get into THEIR offices and send the correct and working load to our ATM. When they finally do, the Diebold guy finishes up the install by loading the admin card onto the HD, showing the CSR that will handle it how to balance both from the front of the ATM and from the rear screen, and he was done.
I lay absolutely NONE of the blame on Diebold for the incident. He even said that he wouldn't bill us for the hours that he sat around waiting on someone at the processor to fix the problem. Other than a few frame relay outages (not Diebold's fault) and this little conversion incident (again not Diebold's fault)... this ATM has been rock solid. Unfortunately, we can't get one like that anymore, so the ATM going into our new branch is going to be an Opteva running Windows TCS+.
Long story short, Diebold is a large company that sells everything; the cabinets, the actual vault and vault door, our security system and cameras, the ATM, and even the modular frame for the teller line. To dismiss the whole company because of issues that they have with e-voting is unfair and unfortunate. Yeah, I'm the IT guy.... but I've also helped oversee every aspect of both of our new branches, and have yet to find a complaint about Diebold.
Actually.. I am one of the students that was messing with this machine..
The reason why I'm sure we didn't empty the machine of all its cash (asside from that whole breaking the law thing), is that there was no way to access the money-dispensing mechanism from the controls we had access to (read: only from the touchscreen)
The numberpad was totally useless, as windows didn't recognize it, and the character map is pretty slow for trying to actually do anything useful..
But we had a ton of fun with it anyway.
CoyboyNeal is God
let's say you doused the [credit] card in some poison that is absorbed through touch, and will stick to the card long enough. What kind of liability does the bank accepting and transferring this object open them up to?
Even better, let's say you doused a $20 bill in poison and deposited it in the bank. You know, they don't burn all the cash that's deposited, they reuse it and hand it back out, without even cleaning it first (due to short-sighted laws against laundering money). Shocking, isn't it?
And I daresay paper currency will absorb your poison better than plastic credit card, too. Where it will mix with the cocaine residue, the gasoline contamination from people who've just filled their car, and the bacteria from people who didn't wash their hands after scratching that hemorrhoid itch, forming a lethal brew.
Your best bet for survival is to only accept coins, and to carry a blowtorch to sterilize them with before handling them.
You sure you didn't get your money back automatically after like 3-5 days? Because these things happen every now and then, ie the ATM fails because some local problem (software or mechanical), you don't get the money, and later you see that the amout has disappeared from your account.
But in (almost) every case, the money is not actually withdrawn, only "reserved" (that's what the banks call it) for a number of days, after which they are "unreserved" and show up on your account again.
I had a similar experience with an ATM in Romania once, the ATM software completed the transaction and then crashed before it handed out the money. Later that evening I connected to my bank account from an internet cafe, and of course - that money had disappeared from the account. I called my bank in sweden to report it, but they just told me that the money was not withdrawn, only reserved, and that it would be back on my account in a few days - which it was, to my relief.
Generally, banking systems (including ATMs and card payment terminals) have good failsafe machanisms that aborts the transaction if it encounters a problem in any little detail along the way.