Banc of America Article

alex@yuriev.com wrote:

> It could be that BoA's network wasn't flooded / servers infected, but that
> the ATM's do not dial BoA directly, and dial somewhere else (ie, maybe some
> kind of ATM Dial Provider, nationwide wholesale, etc), and then tunnel back
> to BoA to get the data. Could be that the upstream of either the dial
> provider, or BoA was just flooded...

Again, that design makes nearly no sense. The vast majority of the ATMs that
banks own and operate directly are located in the LATAs with bank branches.
Those branches do have good connectivity to the bank processing centers be
that via dedicated links, VPN or carrier pigeons.

While the exact mechanism of BofA's exposure is important it is
nowhere near as important as the fact that they were, and presumably
are still, exposed. My money's on Frame Relay congestion.

Some department at BofA, short on engineers and long on budget-oriented
management, likely made a decision that saving a lot of money was
worth a bit of exposure. I know that decision has been made at
other banks.