Dial-a-Word

by The Piano Guy

I've been underemployed for a while now.  One of the companies that I applied at was a bank that actually has their world headquarters within scant miles of my house.  The commute to work would be more than a bike ride, but not much.

I originally applied for IT security positions.  The person in charge of that couldn't be bothered to give me the time of day.  At an Information Systems Audit and Control Association (ISACA) meeting, I finally caught up with some other employees from this bank who got my resume in front of the hiring manager.  I know this because I received a phone call being told, in essence, that I didn't have the skills and that I shouldn't bother her again.

Fast-forward a few weeks.  One of the contract houses sent me to an interview at this bank's corporate offices.  Not to do IT security, but to do break-fix and phone support.  I figured it was a foot in the door.  The guy who interviewed me was very sharp, and told me that the position that I was sent for was much below my skills, but that I should apply for the security openings.  Having told him that I had and that I was being ignored, I further expressed interest in working for him so I could get my foot in the door.  He told me that he would love to do that, but he'd not be doing me any favors if he did.  As it turns out, they start people as low as they can, and no matter how much their skills jump, the raises are small.

I lay all this out to make it clear how management thinks at this fine bank.  I don't bank with this bank, but I do like using their ATM for deposits.  It is one of the more modern NCR models.  It lets you deposit checks one at a time and does not require an envelope.  It tries to do OCR on the check and offers what it thinks is the amount of the check (and it is usually right even for nicely handprinted numbers).  It prints a picture of the check on the receipt, which helps me keep track of who as well as how much and when.

I took care of a few computer clients that day, and then ran off to a music rehearsal.  I realized before I got home that I still had one check in my pocket, and I thought it would be wise to deposit it that night before going home to bed.

My deposit went perfectly fine.  I put in my card.  I put in my PIN.  I put in the check, which it properly read.  I got my receipt, wrote the name of the client on it (belt and suspenders), and put my ATM card away.

As I was about to drive off, the ATM screen flashed, and then went black.  This was at about 10:30 at night.  I thought to myself "Hey, at least I have a receipt, and it probably finished my transaction before it died."  I decided to stay and see what I could learn by watching it go down.

The screen came back to life, and then a Windows XP splash screen came up.  Windows was shutting down.  I was astounded.  This ATM obviously does things that other ATMs which are less modern don't do, yet they still use an OS that is about to hit end of life - forever.  Microsoft recently did a big publicity push to make sure that people realize that using Windows XP makes you eligible for zero days - forever.  I'm now less inclined to use this ATM.

I figured that after Windows shut down, I might get to see more.  Yes, the camera was watching me, but it isn't illegal to watch an ATM shut down.  (I know this ATM has a camera, because I have a picture of myself from it.  I had a bank deposit that I had to make pursuant to an estate I was settling, and the receipt didn't print.  When I got the replacement from the bank, it had my picture on it, taken from when I was sitting in front of the ATM.)

Once it started to reboot, I got to see just how old the CPU was.  The system was running the NCR extended BIOS from 2004.  When I got to see all of the BIOS spit up on the screen, I saw that the unit had many USB ports.  I also figured out that Windows XP is loaded on a CD.  The OS didn't look particularly customized.  It looked like a standard Windows startup.

Then, it started to make a lot of clicking and whirring noises.  I could tell that it was printing a journal of some kind, as it went on and on.  I could also hear clicking and whirring that made me think that it was taking money and offloading it out of the ATM to someplace else.  This would not be a bad thing to do if it were possible, as people have been known to wrap chains around the ATMs and drive off with them.

I noticed a series of front panel light flashes.  It was going through its own little POST.  Then a script window popped up a couple of times.  I figured I'd have my ATM back soon.

Alas, it wasn't meant to be.  The system came up with a blue colored screen (which is not a BSOD) with the message stating that the terminal was currently unavailable, and that they were sorry for the inconvenience.  Then the journal started printing again.

I know more about what I don't know.  I do not know if this cycle happens at 10:30 each night to reconcile.  I do not know if I was the lucky last depositor before the ATM filled up and had to offload deposits.  I do not know if the ATM came back without intervention, as I had to get up early the next morning, and couldn't stay to stake it out.  That, and I knew I was on camera and being recorded, and had been there several minutes already.  I do not know if this is simply breaking down and having enough sense to shut down and stay that way until someone could resolve the issue.

What I do know is that these ATMs use vulnerable software (Windows XP), and that the bank's desire to keep up with the technology times is similar to their management philosophy.

I also know that I plan to start using a different bank's ATM.