BDO ATM on Command Line

Yup, that is indeed odd. SCARY!!!

Probably those two guys were from BDO, their bodyguards went ahead of them (which I believe is against the protocols). I’ve seen a few incidents where the guy or guys who have the “master” card was left alone by their bodyguards because he was “simply” doing a final test run.

Which is… dangerous. But regardless.. if those two guys ahead of you were not from the bank, then they got hold of a master card/key, or they’re testing their newly created master card/key.

Although I haven’t seen an ATM CLI in action yet, I have encountered an ATM flashing/showing its XP desktop screen.

What you saw was the “Roll-over”, wherein transaction logs are sent for comparison. This what they check in case there are reports of incomplete transaction (eg: transaction time-out errors with no cash dispensed but it debited your account). It probably run as scheduled job since the CMD window reads svchost.exe, you can just run the script as scheduled command like c:\windows\system32\ftp.exe -s:runftp.txt

Anyway,try the internet banking kiosk at SM-Makati (At ATM center), you can surf net and check your mail. LoL. Im not sure if they reverted my changes to config there yet, but should be easy to figure out yourself how to get net. I’ll try to visit it sometime again and check :D

Finally, a lot of BPI ATMs at Glorieta uses wireless radio, this is not the same as WIFI — I pick them up on my laptop without SSID, its a high grade version maybe similar to WAN Sync. Still it uses the same principle of WIFI connection, easy to eaves drop on.

BTW even here at my neighborhood, you’ll be amazed how much data floats in the airwaves if you set your WIFI to passive read; IM chats, skype calls, even open file shares. :D

So yeah, banks sucks in terms of security because they think nobody understood how these thinks work anyway but an average script kiddie will do a better job than their software development dept. X_X

@Anonymous – we all know that it should have encrypted data transmission and “IT SHOULD” really have. But I think godie is trying to say that “some” of those bank dont do it that way, or maybe they forgot it. LOLZ.. Kidding aside, If godie is saying the truth, mobile banking in the country is at a very high risk if hackers will know about this. To think that there are lots of Filipino who are good in IT, maybe there are some that can break into this.

@godie – Dude, you should not give that info in public. ^_~

Well, as I can see in the CLI. It tells that it runs the svchost.exe. It also connects in a local private ip address. Well svchost.exe is a double-edged blade that runs on window which can be used as secured connection or it can also be used as a backdoor way for hackers. It is also registered as a Trojan. This Trojan allows attackers to access your computer from remote locations, stealing passwords, Internet banking and personal data. This process is a security risk and should be removed from your system. So those 2 guyz ahead of you abe should be the one responsible for that, and to think that it was late in the evening, they might got something to do with it.

I also have an account in BDO. :(

it happened also to me in ucpb machine.

It looks like a scheduled job. I think this specific atm is uploading the transactions to a central server. (172.16.16.106 – looks like a private ip addr)

A look at the file, it seems that the file naming convention includes date/time. (Jan 9, 2009) thus the 090109 in the file name.

that’s scary.. Their local network could be vulnerable to attacks if the command prompt would show up confidential information like account numbers or PINs..

looks like somebody’s using ftp to transfer some files on the atm to another computer.

sana man lang sftp ginamit para encrypted. isipin mo na lang kung me makaka intercept ng network traffic na yan…

hi. just opened an ATM account with BDO. grabe, scary naman yan.
anyway, i have a question.
di ba sa intial deposit (and to the succeeding ones), may receipt sila na ibibigay? yung number ba na nag-appear dun yung account number? i just noticed that the number in that receipt is the same as the one indicated in the confirmation letter that bdo sent me days after i opened an account. ilang digits ba usually yung account number dun? before kasi metrobank ako. thanks a lot.

I promise to myself tonight.. this is going to be my last transaction with any BDO ATM machines. When I made a withdrawal just an hour ago, the screen prompted a successful transaction as in “GET YOUR CASH” tapos I’ve waited for minutes I guess.. biglang temporarily unable to process… TAE!!

mga bobo kayo

Sir, patulong naman po sa problema ko sa bdo. Sa tingin ko po kasi hinohold nila ang funds ko. Bago po kasi nangyari yun eh, nag karoo po ako ng dispute case pero naayos naman na po. Ngayon po ng wiwithdrahin ko na po yung pera ko na halagang 29,300.00 pesos, eh hanggang ngayon eh pending parin ang status. HIndi ko po alam kung saan na napunta ang pera ko kasi ang sabi nila baka daw ang problema eh sa banco de oro, tapos sa canadian bank daw na nagpaprocess ng payment nila tapos ngayon naman daw eh ikiniclear pa daw ng paypal mismo kung meron daw akong sending limits etc. In case po na hinohold nila ang pera ako or di ko makuha ang pera ko, ano pong gagawin ko?? Salamat po ng marami!!

aw. hndi hack yan pag wala ka alam sa computer bobo ka talaga sabi nga ni huhuhuhu pero kahit din c huhuhu bobo din walang alam talaga>>.<<