Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Bank Of America ATMs Disrupted By Virus
Reuters/Yahoo ^ | 1-25-2003

Posted on 01/25/2003 3:14:11 PM PST by blam

Bank of America ATMs Disrupted by Virus

SEATTLE (Reuters) - Bank of America Corp. said on Saturday that customers at a majority of its 13,000 automatic teller machines were unable to process customer transactions after a malicious computer worm nearly froze Internet traffic worldwide.

Bank of America spokeswoman Lisa Gagnon said by phone from the company's headquarters in Charlotte, North Carolina, that many, if not a majority of the No. 3 U.S. bank's ATMs were back online and that their automated banking network would recover by late Saturday.

Web traffic slowed suddenly and dramatically worldwide for hours after a fast-spreading computer worm clogged pipelines of the global network carrying data, Web pages and e-mail, officials said.

"We have been impacted, and for a while customers could not use ATMs and customer services could not access customer information," Gagnon said.

Gagnon said that the worm, which slows down computer networks by replicating rapidly and spreading to other servers, did not cause any damage to customer information, but slowed down or blocked access to that sensitive information, making transactions difficult.


TOPICS: Business/Economy; Front Page News; Technical
KEYWORDS: america; atms; bank; disrupted
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 next last
To: blam
I haven't been able to get on my Credit Union web site today. Made a couple of withdrawals at two different ATM's (without difficulty) but didn't give me a balance, usually does at those two ATM's. Related?
21 posted on 01/25/2003 5:38:26 PM PST by lilsparky
[ Post Reply | Private Reply | To 1 | View Replies]

To: Rifleman
My understanding is that it is a pain in the arse to apply.


Virus-like attack slows Web traffic

PATCHING NOT SO EASY

While a patch which would have stopped the virus in its tracks has been freely available since July, Microsoft was criticized Saturday because that particular patch was more cumbersome to install than most, said Mikko Hypponen, spokesman for F-secure Corp. Most patches require a simple download and restart of the computer. But this patch required manual editing of critical system files, something many administrators just aren't comfortable doing.

"It isn't that easy, Hypponen said. So many likely waited for the next completely updated version of the software to arrive, what's called a 'service pack' in the industry. The full service pack which would have stopped Slammer just became available Jan. 17. That gave administrators who didn't want to deal with the patch less than a week to install the full service pack before the Slammer worm hit. That bad timing likely contributed to the worm's spread.

And the service pack installation isn't easy either, said Ruben Bybee, general manager of Blue Mountain Internet.

'This process takes between 15 minutes and a couple of hours depending on the speed of your Internet connection and the size of the SQL database,' he said.

Bybee also said there might be additional problem when the Monday workday begins, because some networks use the Microsoft database product to manage logins for all employees. Companies that haven't addresed the problem by Monday companies which haven't managed to install the service pack won't be able to let their employees connect to their network.

22 posted on 01/25/2003 6:18:00 PM PST by Dominic Harr
[ Post Reply | Private Reply | To 19 | View Replies]

To: blam
On the bright side, the same worm has also knocked Microsoft's Windows XP activation servers offline as well.

When the company that makes the software can't install the patch to fix it, you should really worry.

23 posted on 01/25/2003 6:43:06 PM PST by Knitebane
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
Users waive ALL rights by agreeing to the EULA.

MS knows their sw is crap.

24 posted on 01/25/2003 10:07:08 PM PST by Abar
[ Post Reply | Private Reply | To 11 | View Replies]

To: Liberal Classic
I had no idea that their ATMs were connected through the public internet.

The more I learn of this the more I suspect that there is no such thing as a 'public' or 'private' internet. At some point most traffic flows through common infrastructure supported by the various TELCO's.

25 posted on 01/25/2003 10:28:10 PM PST by PFKEY
[ Post Reply | Private Reply | To 4 | View Replies]

To: Abar
Users waive ALL rights by agreeing to the EULA.

Yes, but there were plenty of injured parties who were not using Microsoft software but were harmed by the commercially defective MS product - for instance, backbone providers UUNET and Level 3 whose networks collapsed due to all of the MSSQL connections. Also, five of the 13 DNS root servers crashed.

Between 150,000 and 200,000 Microsoft Windows servers were infected within a few hours today. Although this problem has occurred before, Microsoft has made it difficult to obtain and install the patch. Their failure to distribute an effective way of fixing their security problem has damaged MS customers and non-customers alike.

MS knows their sw is crap.

Everyone knows it, but Microsoft will never admit it.

"There are no significant bugs in our released software that any significant number of users want fixed." - Bill Gates

26 posted on 01/25/2003 10:29:40 PM PST by HAL9000
[ Post Reply | Private Reply | To 24 | View Replies]

To: blam
The patch was available..they should have kept current.
27 posted on 01/25/2003 10:33:20 PM PST by fight_truth_decay (Occupied)
[ Post Reply | Private Reply | To 1 | View Replies]

To: HAL9000
The attack sought to exploit a software flaw discovered by researchers in July 2002 that permits hackers to seize control of corporate database servers. Microsoft deemed the flaw to be critical and offered a free repairing patch, but it was impossible to know how many computer administrators applied the fix.

AOL had no problem.

http://www.eeye.com/html/Research/Flash/AL20030125.html

28 posted on 01/25/2003 10:44:39 PM PST by fight_truth_decay (Occupied)
[ Post Reply | Private Reply | To 11 | View Replies]

To: Rifleman
"My understanding is that it is a pain in the arse to apply."

You can see for yourself here what the six-month-old patch required:

  1. Shut down the program.
  2. Copy two files.
  3. Start the program up again.
Are there people for whom that constitutes a "pain in the arse"? Absolutely—my mother-in-law is one of them. Are any of them sysadmins? Well, apparently so.

For better or worse, the polished graphical UI of Windows makes the bar for administration very low. Unlike some, however, I don't think that's automatically a bad thing. There are hundreds of small businesses out there that can't afford to hire $70K/yr. CS graduates to maintain their servers. In the long run, the productivity boost from making information technology available to untrained users outweighs the productivity hit from the occasional worm—not because the price of worms is low but rather because the value of widespread IT is extremely high.

Car accidents, by analogy, don't just make ATMs inaccessible for a day, they kill people, thousands per year. We could eliminate most of those accidents by limiting driver's licenses to people with degrees in automotive engineering, but the economic suffering that would cause is unimaginable. Just because costs are so often easier to see than benefits doesn't mean costs are often greater than benefits.

29 posted on 01/25/2003 11:30:37 PM PST by Fabozz
[ Post Reply | Private Reply | To 19 | View Replies]

To: Fractal Trader
Bushie, aren't you so GLAD the Microsoft has shown that they can handle mission critical applications like banking?

Considering that a patch was available for this issue last year, you're pissing in the wind...
30 posted on 01/25/2003 11:34:02 PM PST by Bush2000
[ Post Reply | Private Reply | To 17 | View Replies]

To: fight_truth_decay
Verizon did, I called around noon about a bill and they had been down for 8 hrs. Sprint was down also; I overheard a salesperson at Walmart complaining via phone that he had four customers he was trying to activate phones for and was dead in the water. This was around 2p my time in Baton Rouge. Poor guy, the customers were looking at him like they were trying to figure out how to cook him. "HHHMMMMM do we need to make a roux or just brown him and put him in the oven"?
31 posted on 01/25/2003 11:48:39 PM PST by Atchafalaya
[ Post Reply | Private Reply | To 28 | View Replies]

To: Bush2000; Dominic Harr
Considering that most users found the patch "exceptionally difficult" to implement, you can understand why this situation arose. That's the problem with after-the-fact patches: they need to be easy to apply and still need to pass acceptance and integration testing. In this case, many users found that the patch potentially made other applications unstable, so they may have been hesitant in wanting to apply it.

Regardless of the exact details, Microsoft will be remembered for creating an extreme security error that brought the Internet to its knees and took down one company's ATM network. And the defect was so glaring that it never should have gotten in production to begin with. It was a total hack to allow two SQL Server databases to communicate with each other. Probably designed with "performance considerations" in mind. An nobody in their right mind would ever try to exchange information securely using the UDP protocol.

32 posted on 01/26/2003 5:02:44 AM PST by Fractal Trader
[ Post Reply | Private Reply | To 30 | View Replies]

To: Fabozz
I had not looked at the patch before my first post. I have
now. It is a minor pain. Shutting down a SQL server can be
a nontrivial exersize in a 24/7 operation. And if you are not running 24/7 you still have to do the patch at weird ours, which may be unhandy.

In any case, a buffer overrun exploit in a piece of comercial
software is unacceptable today. Proper coding standards OR proper testing OR proper use of code reviews AND there are even some automated tools, can prevent this. It is not like it is a new problem for C and C++ coders. Or they can code in a higher level language with proper memory management.
33 posted on 01/26/2003 6:13:54 AM PST by Rifleman
[ Post Reply | Private Reply | To 29 | View Replies]

To: lilsparky
Made a couple of withdrawals at two different ATM's (without difficulty) but didn't give me a balance, usually does at those two ATM's. Related?

Likely, yes. I believe if an ATM can't contact its master, and as long as the card is valid (not expired, etc.) the default is to allow the transaction and settle up later. It does need to talk to the boss to get you a balance, though.

34 posted on 01/26/2003 6:18:38 AM PST by TechJunkYard (via Cherie)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Dominic Harr
The full service pack which would have stopped Slammer just became available Jan. 17. That gave administrators who didn't want to deal with the patch less than a week to install the full service pack before the Slammer worm hit.

I'll bet whomever authored/released the worm knew this.

Think about it: you know about a software flaw, and you know that the patch is difficult to apply, but then you learn about a new just-released SP which easily eliminates the flaw. What better time?

35 posted on 01/26/2003 6:44:13 AM PST by TechJunkYard (via Cherie)
[ Post Reply | Private Reply | To 22 | View Replies]

To: Liberal Classic; PFKEY
I had no idea that their ATMs were connected through the public internet.

My credit union used to lease 4-wire circuits to connect to their ATMs, but that gets expensive when you've got them in several states. And customers expect to be able to transact on ATMs belonging to other banks. And so...

36 posted on 01/26/2003 6:54:02 AM PST by TechJunkYard (via Cherie)
[ Post Reply | Private Reply | To 4 | View Replies]

To: lilsparky
THis is probably totally unrelated to this story (because it happened earlier this week) but I would like to share my unbeleivable tale with my Freeper Friends.

On Thursday of this week my husband went on-line to look at our checking account balance and to verify that his paycheck had been deposited for the week. When he looked into our account he saw that a company (we think it is in Germany) by the name of Peter Borowski Sound & Berlin DE. had made an electronic withdrawal from our account in the amount of $2167.00. Needless to say we never authorized this withdrawal.

I immediately called our Credit Union (it was 5:30 pm)and reported this "theft". My husband at the same time drove to the bank and started the paperwork. He had to file an affidavid stating that neither he nor I had made any purchase with this company. I also started looking at our account and realized earlier in the week there had been two other "strange" withdrawals. One was in the name of Save the Children London GB for $3.84 and another for an Animal Protection Preston GB for $8.63. So now I realized that someone had gotten our account info and probably were "testing" our account to see if it was active. We assume they were in such small amounts because that is something we wouldn't notice right away. I also assume that it is a frickin liberal giving my money to PETA like groups.(Think I can take them as tax write-offs? LOL.

Back to the bank... Because by the time my husband finished the original paperwork it was after 6:00pm, the main branch office had closed for the night. We were assured that the investigation would start first thing in the morning. They also assured us that the Credit Union was insured for up to $100,000.00 per account and that we will eventually get our money back.

The next morning when I got up the first thing I did was look at my account on-line. To my horror, overnight Peter Borowski Sound & Berlin DE had withdrawn another $2175.00 from the account virtually wiping it out (about $500.00 left), so as soon as the bank opened my husband and I were on their doorsteps filling out more affidavids. We have also filed a police report, and the investigation has started. They assure us that the money will be re-deposited withing 10 working days, but it will be a long 10 working days in this house. The truly ironic part is that on a normal day we would not have that much money in our account. The only reason we did was because our son is having braces put on on Wednesday and that was the money that we needed to pay the Orthodondist.

We as of today have no idea how they got our account info. We do not know if someone got access to our check card, or if someone was putting in random numbers and came up with a hit. That would explain the 2 small amounts withdrawn earlier in the week.

well thats my story and I am sticking to it. HA HA

37 posted on 01/26/2003 7:28:07 AM PST by codercpc
[ Post Reply | Private Reply | To 21 | View Replies]

To: Bush2000
Considering that a patch was available for this issue last year, you're pissing in the wind...

When the billion dollar class action lawsuit is filed, perhaps the MS customers who failed to apply the patch can be named as co-defendants along with Microsoft and John Doe the hacker.

38 posted on 01/26/2003 7:39:11 AM PST by HAL9000
[ Post Reply | Private Reply | To 30 | View Replies]

To: Fractal Trader
That's the problem with after-the-fact patches: they need to be easy to apply and still need to pass acceptance and integration testing.

Yes, the real culprit here is the habit of MS, and other big software houses:

MS will deservedly be blamed for this internet-wide problem.

39 posted on 01/26/2003 7:50:47 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 32 | View Replies]

To: TechJunkYard
I'll bet whomever authored/released the worm knew this.

I guarantee you're right.

They were sitting on knowledge of this exploit, and pulled the trigger when the full service pack was released.

Most shops are on an upgrade 'cycle', we upgrade and apply patches once a month, no more often, because they're production servers that just can't be rebooted at a whim.

And we'd *never* install a service pack from MS without some serious testing first, anyway. They have been known to break things.

I do think that the DBA's should have patched this with the first patch.

But since no competent DBA would use SQLServer on purpose, I'd say that most SQLServer DBAs would have been hesitant to monkey with the config lines like they needed to.

This is MS's fault, and they will, rightly, be remembered/blamed. Just like Code Red and Nimda.

40 posted on 01/26/2003 7:55:32 AM PST by Dominic Harr
[ Post Reply | Private Reply | To 35 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-67 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson