All Northern self-service ticket machines off line 13/7/2021

Dai Corner · 5 Aug 2021

joncombe said:
If they do have SSDs then they can typically only be read and written to a finite number of times. Is it possible this malware continually wrote to the disk so that it fails?

Mechanical drives have a finite life too.

Another consideration is that unless you are absolutely sure a drive isn't infected you'll want to replace it. Malware can survive a format and reimagine or reinstallation of the operating system.

RailUK Forums

Bletchleyite · 5 Aug 2021

Dai Corner said:
Malware can survive a format and reimagine or reinstallation of the operating system.

It can't if you completely wipe the drive including deleting partitions.

Dai Corner · 5 Aug 2021

Bletchleyite said:
It can't if you completely wipe the drive including deleting partitions.

Apparently it can, according to the article I quoted upthread

All Northern self-service ticket machines off line 13/7/2021

I'm going to take an educated guess that if ransomware recovery is taking this long, the backup servers (and authentication needed to access them, either via the 'host' system or directly) were identifiable once the attackers were in the network, and these were also affected. My personal stuff...

www.railforums.co.uk

JRT · 5 Aug 2021

Skipton's two machines due to be fixed yesterday had one working this afternoon.

a_c_skinner · 6 Aug 2021

A little off the main topic, and asked above, does anyone know what happened? I did do a bit of reading about malware damaging HDDs and I gained the impression that such attacks were not happening much/at all in the wild. I can see that replacing the HDDs is actually easier and safer even if the hardware is undamaged. Assuming this is a malware attack it seems unsatisfactory that it isn't public domain as we don't want it happening again.

Bletchleyite · 6 Aug 2021

a_c_skinner said:
A little off the main topic, and asked above, does anyone know what happened? I did do a bit of reading about malware damaging HDDs and I gained the impression that such attacks were not happening much/at all in the wild. I can see that replacing the HDDs is actually easier and safer even if the hardware is undamaged. Assuming this is a malware attack it seems unsatisfactory that it isn't public domain as we don't want it happening again.

It's probably easier/cheaper to image a load of new HDs in an office then give them to a technician to do the simple job of swapping them over on site. HDs aren't particularly expensive (and I doubt a TVM needs a very big one) whereas field engineer time is.

a_c_skinner · 6 Aug 2021

Bletchleyite said:
It's probably easier/cheaper to image a load of new HDs in an office then give them to a technician to do the simple job of swapping them over on site. HDs aren't particularly expensive (and I doubt a TVM needs a very big one) whereas field engineer time is.

What I thought but put better. Unless anyone knows. As far as I can find out (and I'm not James Bond) HDD firmware exploits are about back door access and would need to be invisible, which this event certainly isn't and seems to be under the control of the USA. OTOH if the CIA knows how often we go from Arnside to Grange via Carlisle isn't practical I may have to drive in future.

Vespa · 6 Aug 2021

A machine where I park and ride is up and running but with limited service, no ticket sales or collect, only promise to pay.

Kremlin Stooge · 6 Aug 2021

Freely admitting to being an amateur, but a couple of thoughts occurred:

- were these drives writeable? If they are holding a database of fares for the particular station then WORM (Write Once Read Many) should be the preferred arrangement. Compile the database, apply it to the drive (locally or remotely), then set permissions to read-only.

- were the drives accessible from public-facing http? At the least, they should have been on some kind of private network, even if virtualised.

ServerHoster · 6 Aug 2021

The machine at Sandbach is now back up and running

Not sure if it's like @Vespa's with just promise to pay, or full ticketing, as I used the ticket office, but it was definitely switched on.

Barnsley · 6 Aug 2021

The exile said:
Surely you can ( unless the ticket office is open) - or do the machines sell all locally valid rovers and rangers?

On the Yorkshire side, all stations that have a machine that accepts cash has Promise to Pay disabled, so a bugger if you want a Priv, I emailed RDG, Northern responded to seek out the guard and he’ll sell you a Priv!

oddiesjack · 13 Aug 2021

I noticed a small "banner" in red along the top of the screen of the TVM at Chinley saying that it currently cannot print TOD tickets. Is this peculiar to Chinley, or is it more widespread?

It is not a very obvious notice, to be honest.

The exile · 13 Aug 2021

Barnsley said:
On the Yorkshire side, all stations that have a machine that accepts cash has Promise to Pay disabled, so a bugger if you want a Priv, I emailed RDG, Northern responded to seek out the guard and he’ll sell you a Priv!

Or indeed if you want to buy any of the large range of tickets that no one seems to have bothered to programme ticket machines to sell

pdq · 13 Aug 2021

I was able to collect TOD tickets from the Batley machine last night.

Mat17 · 13 Aug 2021

trebor79 · 13 Aug 2021

Mat17 said:
TOD?

Ticket On Departure. Book online, collect from the ticket machine at the station.

Mat17 · 13 Aug 2021

Ah, that makes sense.

61653 HTAFC · 13 Aug 2021

Batley's machine appears to be back online, but it keeps flashing up a smart card error when nobody is near it. It printed a Promise To Pay for me but I don't know if I'd trust it with my card if i didn't have cash.

py_megapixel · 13 Aug 2021

61653 HTAFC said:
Batley's machine appears to be back online, but it keeps flashing up a smart card error when nobody is near it. It printed a Promise To Pay for me but I don't know if I'd trust it with my card if i didn't have cash.

Unfortunately I think you'd have to try it and be certain that it didn't work - "I don't trust the machine" is unlikely to be an excuse with a revenue inspector.

I agree though that I generally prefer not to put my card into machines that already appear dodgy!

61653 HTAFC · 13 Aug 2021

py_megapixel said:
Unfortunately I think you'd have to try it and be certain that it didn't work - "I don't trust the machine" is unlikely to be an excuse with a revenue inspector.

I agree though that I generally prefer not to put my card into machines that already appear dodgy!

That's why I'll always have cash if I'm boarding a Northern service from an unstaffed station for the time being! Or use their app- which I'd been avoiding/didn't need (as pre-you-know-what I had an MCard), but may give it a try for going to the match tomorrow.

Killingworth · 13 Aug 2021

py_megapixel said:
Unfortunately I think you'd have to try it and be certain that it didn't work - "I don't trust the machine" is unlikely to be an excuse with a revenue inspector.

I agree though that I generally prefer not to put my card into machines that already appear dodgy!

Contactless!

All Northern self-service ticket machines off line 13/7/2021

Established Member

RailUK Forums

Veteran Member

Established Member

Member

Established Member

Veteran Member

Established Member

Established Member

Attachments

Member

Member

Member

Member

Established Member

Member

Member

Established Member

Member

Veteran Member

Established Member

Veteran Member

Established Member