Slashdot Mirror
Diebold Marries VMs with ATMs to Secure Banking Data
gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.
Presumably the money is all sitting in a VM at one of Diebold's datacentres as well?
Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.
Also, who the hell was storing any significant customer data on the ATMs in the first place?
This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?
No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.
it's not way easier to fix an election with a centralized vote tabulating machine. Sigh.
This is a good idea, but it doesn't protect the customer from a skimmer skimming the card and a video camera recording their pin.
I always assumed ATMs stored no data and did everything over the network.
Why virtualize when you can dumb terminal? Anyway... whatever works.
I know thieves can rip information out of ram chips but only whatever was in active memory which in the case of an ATM would be the last client. Hardly seems worth the trouble to just steal one credit card number.
As to logging... by all means have an encrypted flash drive in the machine but don't actually log the actual numbers.
Instead, log some bank ID Code that can be used to FIND an account if you're a bank but can't be used by a customer/client to transfer funds or charge accounts. I'm sure such numbers already exist. Just use those for logging. If you really need to, include the last 4 digits of a card but there's no reason to keep it all there. And of course encrypt it. Doubtless the banks will get lazy and use the same encryption key for every machine and won't change it for ten years. But it will stop some thieves so you might as well.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
ever stored customer data in the ATM terminal itself. I always assumed that the info was all in the bank's server. Things are worse than I imagined.
I think proper use of encryption should protect the customer data on the local machine - store the decryption key on the server and only hand back to the ATM if it requests it over its private secure link. And if the intrusion sensor goes off on the ATM, delete the decryption key along with the public key that the ATM uses to authenticate itself -- make a technician visit the machine and look for tampering before reloading with the authentication key.
I doubt any of these data thieves are keeping the ATM powered until they can take it back to their shop and and use data probes to capture data from a running machine.
But is this really a problem? Do ATM's store easily recoverable data on a hard drive?
I thought skimmers were the way to go if you wanted to steal account data from an ATM.
Zero-client doesn't safeguard you if your network back to the VM is exposed.
That's one of the key problems with voting machines: they are stored for lengthy durations (from a hacking perspective) in thousands of relatively unsecure areas prior to the election, and they are moved, and set up by technically unknowledgable volunteers. Getting them to securely connect to anything after that is going to be challenging.
Why now? Why not years ago? Is this already something commonly done by other ATM manufacturers or is Diebold ahead of the pack for once?
I've heard from someone working in DC for this administration in 'cyber security' that Diebold is primarily an ATM company and that their voting machines division is from a recent acquisition that they're somewhat stuck with.
Option 1: you have a centralized ATM/POS software, no data on the end points. Great security. But your network connection becomes a liability - no network, no transactions, even if the client and the money are in the same physical location.
Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.
Pick one.
lucm, indeed.
I stopped reading when it said that ATMs store customer data on the machine. That's the most ridiculous thing I've ever heard. ATMs have always accessed customer data from central servers.
If that weren't the case, I could just visit all the ATMs for my bank and withdrawl my account balance. There would be no way the machines would know I've made withdrawls.
Fuck, does the Diebold tech just walk from machine to machine each day with a floppy disk?
I've delt with ATMs before, and they usually have a DSL connection with a static IP and a VPN back to the central server. The ones I have worked with run Windows XP. If you steal one, you're just getting a computer. The ATM software won't work because of IP restrictions at the central server (you have to be on the DSL at the location). The firewalls in the ATM providing the VPN connection do not allow anything out or in except over that VPN. There is no customer data. Customer data is stored in RAM by the Diebold software when it is accessed. I suppose that's a security risk, but what else can you do?
I think the entire article is full of shit.
According to Ohio Revised Code 3101.01(A), effective in 2004, marrying VMs and ATMs is illegal.
I am officially gone from
Yes of course 'diebold means secure'. Why using strong words? Everyone knows what i mean.
I don't think it's the data that the thieves are after
Perhaps Diebold should take the same approach to vote-tabulating machines.
I think the 'features' of the Diebold voting machines are desireable to the people who rig, err, run elections.
To run a GUI over a link like that you need some bandwidth and you don't want lag to get to bad.
Now will a very slow redraw / network drop while in use freak people out. Also ATM do keep local LOG's so what happens if the network drops and cash does not come out but NOW there is no log of it and backend thinks the transacton is over. Or it fails you take the cash out and then the network comes back and it spit's out more cash as in a retry of last command.
I almost worked for a company that did kiosks. XP kiosks, delivering media. After asking a few basic questions I discerned;
1) They were all part of one AD domain
2) The systems auto-logged in via a service user that was a domain admin
3) The application had those creds in plaintext config files
4) That AD domain.. the company only had one.. shared with their office users / backoffice.
5) No one really thought it was a big deal to ship a product like that with physical units in the field.
I did not take the job. :-)
The VM thing is a reasonable idea, but there's still going to be communication to a centralized server with authorization requirements etc. That'll be the weak point.. or at least one of them. One of the keys is to look for 'unexpected' downtime.
Physical access is pretty painful to shore up.
Perhaps Diebold should take the same approach to vote-tabulating machines.
Are you kidding? Then the vote-counting fraud can be even more centralized and obfuscated away.
Diebold has always been incompetent.
Who the fuck is making up these stupid names.
Thin client was just fine as a term in the 90s. But since
nearly a couple decades have gone by, we need to change
the name again??
So, the new ATM is a chip or chips that get, everything
including their ROM from the server, every time they are
initialized? I don't think so... I'm sure some code is on there
so... it's not a zero client, it's a thin client.
Welcome to the 21st century Diebold! {11 years later}
-AI
Waiting for a thin client spoof so they can steal even more data.
For me, it is far better to grasp the Universe as it really is than to persist in delusion
All you do there with the VM is move the place that the data can be manipulated from the individual voting machine to the server, and even then, it doesn't stop a hack of the live running VM from affecting the rests it stores to the server.
The reason VMs work for the ATM machines is that the people were physically stealing the ATM machine and then getting the data off the internal memory. This works because when they steal the machine, it losses power and connection to the network where the VM's backstore was located. Once it is off the net, it can not access that data.
This doesn't work for securing a voting machine except from people stealing the voting machine to then get the votes and any other information stored locally from that machine. It still would not prevent someone from having the vote tabulation software from counting all votes for a particular candidate as votes for someone else, or a small portion, or counting each vote twice for someone, etc., etc.... That can only be fixed by having a voter verified printout which then gets stored separately (and can be cross checked later by the voter to verify that his/her particular vote was counted correctly).
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
This is new? Why was client info EVER stored locally? These should have been nothing more than a ( secure ) dumb terminal.
---- Booth was a patriot ----
Perhaps Diebold should take the same approach to vote-tabulating machines.
Sure thing. Then scumbag politicians need only hack one computer to steal an election, rather than having to hack a whole bunch of separate computers.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Damn, when I first read the headline I thought it said they were going to use VMS, one of the most secure OS's out there. Sounded like a good idea.
As others have said I find it astounding that that there would be customer data stored on an ATM. Perhaps they store a transaction log of some sort as an auditing tool.
The "GUI" on the ATM can easily be separated from the data sent to and from the back-end VM. In this sense, once the ATM has authenticated itself with the backend, it is no more than a specialized dumb terminal, even if it has a pretty, graphical display terminal on it.
Probably even makes this aspect of the ATMs slightly cheaper for Diebold to make.
Ummm hey guys have you looked, Diebold isn't even involved in voting machines anymore. To say they should use this there is just silly since they do not produce those products anymore.
"No customer data is captured and stored on the ATM itself."
The keypad is just there for show.
The actual PIN is recorded by mindreading lasers stationed physically inside the VM.
Perhaps Diebold should take the same approach to vote-tabulating machines.
I don't know about that. My way of thinking would be to isolate the machines from the Internet as much as possible. There are many ways in as it is. Allowing Internet access gives hackers another way into the system. As far as the speed issue? What is the hurry, there is a huge amount of time between election and the winner taking office,
Why would one store customer data in any kind of non-volatile storage on an ATM machine in the first place? You can run software on the local machine without storing data. It just seems like moving the software into a VM so as not to store customer data locally is hitting a thumbtack with a sledgehammer.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
Does not parse.
"No customer data is captured and stored on the ATM itself."
No fingerprints, residual heat from fingers, internal cache RAM, no... none at all indeed.
I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.
RE: this summary. OK, ATM is a thin client. Earth-shaking technologically? no. For this business, perhaps, and "why didn't this succeed earlier".
... wait for it... generated printable paper trails on each transaction stated that their solution for voting booth customers was incapable of this same paper trail.
RE: Diebold and vote-tabulating machines in this regard per the summary:
Are you on something? The same Diebold PR mechanism that produced and sold ATMS that
And you expect at this point sheeple to connect the dots?
I'm from Brazil, and worked many years with ATMs (though not with Diebold or its predecessor in Brazil, Procomp).
(1) Thieves steal ATMs to get, well, the money.
(2) No data from customers are kept in ATMs.
The post is crap. Period.
Slightly off topic (although mentioned in summary) I want to strangle anyone who believes in pure electronic voting only slightly less than anyone who wants voting to be done over the internet.
Software architects at Diebold must surely know that adding a virtual machine increases the attack surface that is possibly exploitable by malicious hackers. This move cannot be to improve security. If I were a bank manager forced to utilize this implementation, I would immediately start looking for private engineering firms to search for back doors in this system.
You would think that everything is stored and handled remotely when it's always a case of:
*press "Make a Deposit"*
*stare at a progress bar for 5 seconds*
*press "Deposit a Check"*
*stare at a progress bar for 5 seconds*
*insert a check*
*stare at a progress bar for 5 seconds*
"Would you like a receipt?"
*select a receipt type*
*stare at a progress bar for 5 seconds*
"Printing receipt!"
*stare at a progress bar for 5 seconds*
"Another Transaction or Take Card?"
*press "Take Card"*
*stare at a progress bar for 5 seconds*
*take your card back*
*screen blanks out for 20 seconds before the next person can do anything*
LOOKING AT YOU BANK OF AMERICA!
That's a fancy way of describing thin clients. Multi-user remote desktops have been around forever in many OS flavors. Heck, Citrix has been doing that for a decade. It sounds like they're just adding an extra layer of protection by adding VM barriers between each customer session.
Why have ATM machines ever stored any customer data?
I work in the ATM industry and reading these comments it's obvious that posters on this site are not aware of the global nature of the business.
Is it necessary to store customer data on ATMs in highly connected and highly regulated regions like the US and EU where data can easily be sent to a server? Well no, and in fact it is not.
Now what about ATMs in rural regions of South America, Africa, and East Asia? Many of these locations do not have reliable connectivity. In that case many banks find it cheaper to store data on an ATM and hire an armed guard service for 24/7 security. It's cheaper than working around the infrastructure for barely reliable connectivity and paying for AV and security software that nobody in the region has the knowledge base to maintain anyways. The cost risk/reward of having an ATM ripped from the ground and stolen is cheaper than bringing in high tech infrastructure and personnel.
Also don't imagine that the highly trained tech workers of the US/EU regions are the ones installing and maintaining ATMs in under-developed nations. It's most likely somebody with a US equivalent skill set of "that 8 year old that the local church knows can work the AV equipment better than the older crowd". Far from an expert, but hey, the thing works.
Now with something like virtualization, maybe the cost of getting the connectivity into rural banks becomes worth it to allow the terminal to be run securely and remotely by the highly trained techno people thousands of miles away? Certainly worth thinking about rather than just saying "Hey, some company is dumb b/c they do business I don't understand"