Slashdot Mirror
Diebold Marries VMs with ATMs to Secure Banking Data
gManZboy writes "Automatic teller machine maker Diebold has taken a novel approach to protecting bank customer data: virtualization. Virtualized ATMs store all customer data on central servers, rather than the ATM itself, making it difficult for criminals to steal data from the machines. In places including Brazil, customer data has been at risk when thieves pulled or dynamited ATMs out of their settings and drove off with them. With threats increasing worldwide at many retail points of sale, such as supermarket checkout counters and service station gas pumps, Diebold needed to guarantee the security of customer data entered at the 50,000 ATMs that it manages. Diebold last year partnered with VMware to produce a zero-client ATM. No customer data is captured and stored on the ATM itself." Perhaps Diebold should take the same approach to vote-tabulating machines.
Presumably the money is all sitting in a VM at one of Diebold's datacentres as well?
Who the hell steals an ATM out of the wall to get customer data? You just send out a phishing email and you'll probably get 100x the return without having to blow a bloody wall to pieces and steal what amounts to a large cube of metal.
Also, who the hell was storing any significant customer data on the ATMs in the first place?
This is the company that all but flat-out said they were tampering with a US election, right? And we trust them with... anything?
No, not unless it is completely transparent. They wouldn't even allow review of their source code. Not to mention that all election results would presumably end up under the control of one company. Not a good idea, sorry.
This is a good idea, but it doesn't protect the customer from a skimmer skimming the card and a video camera recording their pin.
Why virtualize when you can dumb terminal? Anyway... whatever works.
I know thieves can rip information out of ram chips but only whatever was in active memory which in the case of an ATM would be the last client. Hardly seems worth the trouble to just steal one credit card number.
As to logging... by all means have an encrypted flash drive in the machine but don't actually log the actual numbers.
Instead, log some bank ID Code that can be used to FIND an account if you're a bank but can't be used by a customer/client to transfer funds or charge accounts. I'm sure such numbers already exist. Just use those for logging. If you really need to, include the last 4 digits of a card but there's no reason to keep it all there. And of course encrypt it. Doubtless the banks will get lazy and use the same encryption key for every machine and won't change it for ten years. But it will stop some thieves so you might as well.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
ever stored customer data in the ATM terminal itself. I always assumed that the info was all in the bank's server. Things are worse than I imagined.
I think proper use of encryption should protect the customer data on the local machine - store the decryption key on the server and only hand back to the ATM if it requests it over its private secure link. And if the intrusion sensor goes off on the ATM, delete the decryption key along with the public key that the ATM uses to authenticate itself -- make a technician visit the machine and look for tampering before reloading with the authentication key.
I doubt any of these data thieves are keeping the ATM powered until they can take it back to their shop and and use data probes to capture data from a running machine.
But is this really a problem? Do ATM's store easily recoverable data on a hard drive?
I thought skimmers were the way to go if you wanted to steal account data from an ATM.
Option 1: you have a centralized ATM/POS software, no data on the end points. Great security. But your network connection becomes a liability - no network, no transactions, even if the client and the money are in the same physical location.
Option 2: you have decentralized ATM/POS, with partially cached information on the end points. That way when the network is down, people can still perform transactions and there is a consolidation that occurs once the network is back. But if people come in your store at night with a big John Deere while the cops are busy playing with their tasers on homeless guys, then data gets stolen.
Pick one.
lucm, indeed.
I stopped reading when it said that ATMs store customer data on the machine. That's the most ridiculous thing I've ever heard. ATMs have always accessed customer data from central servers.
If that weren't the case, I could just visit all the ATMs for my bank and withdrawl my account balance. There would be no way the machines would know I've made withdrawls.
Fuck, does the Diebold tech just walk from machine to machine each day with a floppy disk?
I've delt with ATMs before, and they usually have a DSL connection with a static IP and a VPN back to the central server. The ones I have worked with run Windows XP. If you steal one, you're just getting a computer. The ATM software won't work because of IP restrictions at the central server (you have to be on the DSL at the location). The firewalls in the ATM providing the VPN connection do not allow anything out or in except over that VPN. There is no customer data. Customer data is stored in RAM by the Diebold software when it is accessed. I suppose that's a security risk, but what else can you do?
I think the entire article is full of shit.
According to Ohio Revised Code 3101.01(A), effective in 2004, marrying VMs and ATMs is illegal.
I am officially gone from
I don't think it's the data that the thieves are after
Perhaps Diebold should take the same approach to vote-tabulating machines.
I think the 'features' of the Diebold voting machines are desireable to the people who rig, err, run elections.
To run a GUI over a link like that you need some bandwidth and you don't want lag to get to bad.
Now will a very slow redraw / network drop while in use freak people out. Also ATM do keep local LOG's so what happens if the network drops and cash does not come out but NOW there is no log of it and backend thinks the transacton is over. Or it fails you take the cash out and then the network comes back and it spit's out more cash as in a retry of last command.
I almost worked for a company that did kiosks. XP kiosks, delivering media. After asking a few basic questions I discerned;
1) They were all part of one AD domain
2) The systems auto-logged in via a service user that was a domain admin
3) The application had those creds in plaintext config files
4) That AD domain.. the company only had one.. shared with their office users / backoffice.
5) No one really thought it was a big deal to ship a product like that with physical units in the field.
I did not take the job. :-)
The VM thing is a reasonable idea, but there's still going to be communication to a centralized server with authorization requirements etc. That'll be the weak point.. or at least one of them. One of the keys is to look for 'unexpected' downtime.
Physical access is pretty painful to shore up.
Diebold has always been incompetent.
Who the fuck is making up these stupid names.
Thin client was just fine as a term in the 90s. But since
nearly a couple decades have gone by, we need to change
the name again??
So, the new ATM is a chip or chips that get, everything
including their ROM from the server, every time they are
initialized? I don't think so... I'm sure some code is on there
so... it's not a zero client, it's a thin client.
Welcome to the 21st century Diebold! {11 years later}
-AI
Waiting for a thin client spoof so they can steal even more data.
For me, it is far better to grasp the Universe as it really is than to persist in delusion
All you do there with the VM is move the place that the data can be manipulated from the individual voting machine to the server, and even then, it doesn't stop a hack of the live running VM from affecting the rests it stores to the server.
The reason VMs work for the ATM machines is that the people were physically stealing the ATM machine and then getting the data off the internal memory. This works because when they steal the machine, it losses power and connection to the network where the VM's backstore was located. Once it is off the net, it can not access that data.
This doesn't work for securing a voting machine except from people stealing the voting machine to then get the votes and any other information stored locally from that machine. It still would not prevent someone from having the vote tabulation software from counting all votes for a particular candidate as votes for someone else, or a small portion, or counting each vote twice for someone, etc., etc.... That can only be fixed by having a voter verified printout which then gets stored separately (and can be cross checked later by the voter to verify that his/her particular vote was counted correctly).
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
This is new? Why was client info EVER stored locally? These should have been nothing more than a ( secure ) dumb terminal.
---- Booth was a patriot ----
Perhaps Diebold should take the same approach to vote-tabulating machines.
Sure thing. Then scumbag politicians need only hack one computer to steal an election, rather than having to hack a whole bunch of separate computers.
Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
Damn, when I first read the headline I thought it said they were going to use VMS, one of the most secure OS's out there. Sounded like a good idea.
As others have said I find it astounding that that there would be customer data stored on an ATM. Perhaps they store a transaction log of some sort as an auditing tool.
"No customer data is captured and stored on the ATM itself."
The keypad is just there for show.
The actual PIN is recorded by mindreading lasers stationed physically inside the VM.
Perhaps Diebold should take the same approach to vote-tabulating machines.
I don't know about that. My way of thinking would be to isolate the machines from the Internet as much as possible. There are many ways in as it is. Allowing Internet access gives hackers another way into the system. As far as the speed issue? What is the hurry, there is a huge amount of time between election and the winner taking office,
Why would one store customer data in any kind of non-volatile storage on an ATM machine in the first place? You can run software on the local machine without storing data. It just seems like moving the software into a VM so as not to store customer data locally is hitting a thumbtack with a sledgehammer.
Moderating "-1, Disagree" is simple censorship. Have the guts to post your opinion.
I always thought that when the balance was not available meant that the ATM was out of paper. It's the only time I don't get a receipt. I have my profile set to automatically generate a receipt.
RE: this summary. OK, ATM is a thin client. Earth-shaking technologically? no. For this business, perhaps, and "why didn't this succeed earlier".
... wait for it... generated printable paper trails on each transaction stated that their solution for voting booth customers was incapable of this same paper trail.
RE: Diebold and vote-tabulating machines in this regard per the summary:
Are you on something? The same Diebold PR mechanism that produced and sold ATMS that
And you expect at this point sheeple to connect the dots?
Yes. The trite summary is that a blind moron with a Celsius room temperature IQ could have seen that the US federal government was going to helicopter cash out to states to pay for voting "upgrades" following the fiasco in Florida during the 2000 election.
Diebold had a (small) division in South America that did voting machines, but they felt it was better to buy a local company. That company is the fucked up one, with the Microsoft Access, and the antivirus* and the glavens.
*Yes, Randall is a smart guy, but the antivirus in question wasn't running on the voting machines, it was running on the central server. ISTR that in that particular instance, the votes had actually been cast on Scantron style paper ballots.
Software architects at Diebold must surely know that adding a virtual machine increases the attack surface that is possibly exploitable by malicious hackers. This move cannot be to improve security. If I were a bank manager forced to utilize this implementation, I would immediately start looking for private engineering firms to search for back doors in this system.
You would think that everything is stored and handled remotely when it's always a case of:
*press "Make a Deposit"*
*stare at a progress bar for 5 seconds*
*press "Deposit a Check"*
*stare at a progress bar for 5 seconds*
*insert a check*
*stare at a progress bar for 5 seconds*
"Would you like a receipt?"
*select a receipt type*
*stare at a progress bar for 5 seconds*
"Printing receipt!"
*stare at a progress bar for 5 seconds*
"Another Transaction or Take Card?"
*press "Take Card"*
*stare at a progress bar for 5 seconds*
*take your card back*
*screen blanks out for 20 seconds before the next person can do anything*
LOOKING AT YOU BANK OF AMERICA!
Why have ATM machines ever stored any customer data?