Posted on 01/25/2003 3:14:11 PM PST by blam
Bank of America ATMs Disrupted by Virus
SEATTLE (Reuters) - Bank of America Corp. said on Saturday that customers at a majority of its 13,000 automatic teller machines were unable to process customer transactions after a malicious computer worm nearly froze Internet traffic worldwide.
Bank of America spokeswoman Lisa Gagnon said by phone from the company's headquarters in Charlotte, North Carolina, that many, if not a majority of the No. 3 U.S. bank's ATMs were back online and that their automated banking network would recover by late Saturday.
Web traffic slowed suddenly and dramatically worldwide for hours after a fast-spreading computer worm clogged pipelines of the global network carrying data, Web pages and e-mail, officials said.
"We have been impacted, and for a while customers could not use ATMs and customer services could not access customer information," Gagnon said.
Gagnon said that the worm, which slows down computer networks by replicating rapidly and spreading to other servers, did not cause any damage to customer information, but slowed down or blocked access to that sensitive information, making transactions difficult.
PATCHING NOT SO EASY
While a patch which would have stopped the virus in its tracks has been freely available since July, Microsoft was criticized Saturday because that particular patch was more cumbersome to install than most, said Mikko Hypponen, spokesman for F-secure Corp. Most patches require a simple download and restart of the computer. But this patch required manual editing of critical system files, something many administrators just aren't comfortable doing.
"It isn't that easy, Hypponen said. So many likely waited for the next completely updated version of the software to arrive, what's called a 'service pack' in the industry. The full service pack which would have stopped Slammer just became available Jan. 17. That gave administrators who didn't want to deal with the patch less than a week to install the full service pack before the Slammer worm hit. That bad timing likely contributed to the worm's spread.
And the service pack installation isn't easy either, said Ruben Bybee, general manager of Blue Mountain Internet.
'This process takes between 15 minutes and a couple of hours depending on the speed of your Internet connection and the size of the SQL database,' he said.
Bybee also said there might be additional problem when the Monday workday begins, because some networks use the Microsoft database product to manage logins for all employees. Companies that haven't addresed the problem by Monday companies which haven't managed to install the service pack won't be able to let their employees connect to their network.
When the company that makes the software can't install the patch to fix it, you should really worry.
MS knows their sw is crap.
The more I learn of this the more I suspect that there is no such thing as a 'public' or 'private' internet. At some point most traffic flows through common infrastructure supported by the various TELCO's.
Yes, but there were plenty of injured parties who were not using Microsoft software but were harmed by the commercially defective MS product - for instance, backbone providers UUNET and Level 3 whose networks collapsed due to all of the MSSQL connections. Also, five of the 13 DNS root servers crashed.
Between 150,000 and 200,000 Microsoft Windows servers were infected within a few hours today. Although this problem has occurred before, Microsoft has made it difficult to obtain and install the patch. Their failure to distribute an effective way of fixing their security problem has damaged MS customers and non-customers alike.
MS knows their sw is crap.
Everyone knows it, but Microsoft will never admit it.
"There are no significant bugs in our released software that any significant number of users want fixed." - Bill Gates
AOL had no problem.
http://www.eeye.com/html/Research/Flash/AL20030125.html
You can see for yourself here what the six-month-old patch required:
For better or worse, the polished graphical UI of Windows makes the bar for administration very low. Unlike some, however, I don't think that's automatically a bad thing. There are hundreds of small businesses out there that can't afford to hire $70K/yr. CS graduates to maintain their servers. In the long run, the productivity boost from making information technology available to untrained users outweighs the productivity hit from the occasional worm—not because the price of worms is low but rather because the value of widespread IT is extremely high.
Car accidents, by analogy, don't just make ATMs inaccessible for a day, they kill people, thousands per year. We could eliminate most of those accidents by limiting driver's licenses to people with degrees in automotive engineering, but the economic suffering that would cause is unimaginable. Just because costs are so often easier to see than benefits doesn't mean costs are often greater than benefits.
Regardless of the exact details, Microsoft will be remembered for creating an extreme security error that brought the Internet to its knees and took down one company's ATM network. And the defect was so glaring that it never should have gotten in production to begin with. It was a total hack to allow two SQL Server databases to communicate with each other. Probably designed with "performance considerations" in mind. An nobody in their right mind would ever try to exchange information securely using the UDP protocol.
Likely, yes. I believe if an ATM can't contact its master, and as long as the card is valid (not expired, etc.) the default is to allow the transaction and settle up later. It does need to talk to the boss to get you a balance, though.
I'll bet whomever authored/released the worm knew this.
Think about it: you know about a software flaw, and you know that the patch is difficult to apply, but then you learn about a new just-released SP which easily eliminates the flaw. What better time?
My credit union used to lease 4-wire circuits to connect to their ATMs, but that gets expensive when you've got them in several states. And customers expect to be able to transact on ATMs belonging to other banks. And so...
On Thursday of this week my husband went on-line to look at our checking account balance and to verify that his paycheck had been deposited for the week. When he looked into our account he saw that a company (we think it is in Germany) by the name of Peter Borowski Sound & Berlin DE. had made an electronic withdrawal from our account in the amount of $2167.00. Needless to say we never authorized this withdrawal.
I immediately called our Credit Union (it was 5:30 pm)and reported this "theft". My husband at the same time drove to the bank and started the paperwork. He had to file an affidavid stating that neither he nor I had made any purchase with this company. I also started looking at our account and realized earlier in the week there had been two other "strange" withdrawals. One was in the name of Save the Children London GB for $3.84 and another for an Animal Protection Preston GB for $8.63. So now I realized that someone had gotten our account info and probably were "testing" our account to see if it was active. We assume they were in such small amounts because that is something we wouldn't notice right away. I also assume that it is a frickin liberal giving my money to PETA like groups.(Think I can take them as tax write-offs? LOL.
Back to the bank... Because by the time my husband finished the original paperwork it was after 6:00pm, the main branch office had closed for the night. We were assured that the investigation would start first thing in the morning. They also assured us that the Credit Union was insured for up to $100,000.00 per account and that we will eventually get our money back.
The next morning when I got up the first thing I did was look at my account on-line. To my horror, overnight Peter Borowski Sound & Berlin DE had withdrawn another $2175.00 from the account virtually wiping it out (about $500.00 left), so as soon as the bank opened my husband and I were on their doorsteps filling out more affidavids. We have also filed a police report, and the investigation has started. They assure us that the money will be re-deposited withing 10 working days, but it will be a long 10 working days in this house. The truly ironic part is that on a normal day we would not have that much money in our account. The only reason we did was because our son is having braces put on on Wednesday and that was the money that we needed to pay the Orthodondist.
We as of today have no idea how they got our account info. We do not know if someone got access to our check card, or if someone was putting in random numbers and came up with a hit. That would explain the 2 small amounts withdrawn earlier in the week.
well thats my story and I am sticking to it. HA HA
When the billion dollar class action lawsuit is filed, perhaps the MS customers who failed to apply the patch can be named as co-defendants along with Microsoft and John Doe the hacker.
Yes, the real culprit here is the habit of MS, and other big software houses:
This causes MS issues to be more common, more far-reaching and far more serious.
And since you'll never get 100% of the people to upgrade, it also means you will always have unpatched instances of the software running out there.
MS will deservedly be blamed for this internet-wide problem.
I guarantee you're right.
They were sitting on knowledge of this exploit, and pulled the trigger when the full service pack was released.
Most shops are on an upgrade 'cycle', we upgrade and apply patches once a month, no more often, because they're production servers that just can't be rebooted at a whim.
And we'd *never* install a service pack from MS without some serious testing first, anyway. They have been known to break things.
I do think that the DBA's should have patched this with the first patch.
But since no competent DBA would use SQLServer on purpose, I'd say that most SQLServer DBAs would have been hesitant to monkey with the config lines like they needed to.
This is MS's fault, and they will, rightly, be remembered/blamed. Just like Code Red and Nimda.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.