On 16.07.2018 at 17:28 Sean Coughlin wrote:
Thanks for working on this and getting in contact with the
I think I should be the contact person since I plan to take responsibility
for setting up and guarding the machine itself.
Thanks for the time and attention to be the contact person, I think all
or most of us agree you are the perfect choice.
My thoughts & concerns are as follows:
- What level of trust do we have with the ATM operator?
The operator is a good customer according to the ATM manufacturer. If
you want, I can ask specific questions like 'how long have they been a
customer?' or 'how many machines do they operate?'
- Do they have experience working with 3rd parties who handle the
security of the ATM?
Once you become involved in the email flow, you can ask them this
question. I don't know the answer, and am waiting for permission to add
you to the thread.
- Will the ATM operator allow us to have exclusive control over
and keep the door keys?
They have not yet answered my question in which I 'request that we
maintain control over the machine'. It's likely that both parties trust
one another enough to share control. It's possible (likely?) that we
retain full control and they get none.
- If so, how do we assure the ATM operator that we won't
There is likely a log that they can access to see what cash they deserve
and will simply ask us for it.
We are a reputable cryptocurrency project and they are a reputable
cryptocurrency exchanger so unless there is evidence of risk we'll
probably trust one another to make the arrangement work, unless anyone
objects with a better alternative.
- Note that if they don't return to pick up their cash
then we can send it to their address by certified mail, which
protects us legally.
I guess so. This would need to follow some neglect on their part, and
it's unlikely we forget to tell them of the possibility.
- If not, how do we ensure that the ATM operator will return
keys and pick up their cash on Sunday?
There is no way to ensure that the operator returns keys or takes their
money. You can probably soon ask them yourself, what method we have to
ensure that they take the money out of our village.
- If we can't open the machine then we can't send it
on to its
next destination and we will be in legal trouble.
- What do we do if someone steals the BATM during the conference
The same procedure for all day and overnight theft.
- Does the hotel have insurance to protect us, and if so do we
to work with hotel security for this?
There is no contract between the hotel and the Monero Project. I haven't
heard of any insurance against fire, theft, injury, or worse. It's
possible that all the villages are missing this insurance, or that some
of them have it.
Do you want me to ask the Defcon organizer if our village is protected
by a insurance policy for any particular thing? Should I make the
question general (stating no particular thing?)
- Should I move the BATM offsite overnight to prevent this,
should I get security to make sure there's no criminal activity involved?
Our loan machine is the smallest model, so the idea of putting it in a
hotel room after hours is maybe a good idea.
The hotel security already has a list of priorities, which we cannot
influence. It's almost certain that avoiding criminal activity is one of
Don't forget that there are only two people with keys to our evening
locked doors (aside from the hotel staff.) That is our floor manager and
the Defcon village contact.
Hotel security guards patrol the village doors and areas after hours,
but I don't think there is a guard stationed at each village. They
circulate to ensure there is no after hours activity.
- Can we have a daily/nightly cash out with the ATM operator
reduce this risk?
This is a good idea as well, and you should ask them once active on the
- What do we do if a hardware hacker hijacks the device while
conference causing some violation?
We should probably document the violation in the usual theft reporting
way (look up police recommendations for reporting theft) and inform the
operator and General Bytes. They have had exposure for a long time and
can likely provide a good answer.
- Does the ATM operator work allow Monero transactions? If not,
value is this?
I've informed them that we will possibly configure the machine to serve
only Monero transactions. There is no default configuration for the
machine, so we must decide on which speech languages to support as well
Did we decide to only support ATM Monero wallets during our meeting, or
is that just my imagination?
- What types of demonstrations should we give to show off the
One type is to simply open it and tell people to look inside.
Another type is to allow people to guess which operating system is
running and encourage software discussion.
Hands on, there is only so much to demonstrate with a BATM. Probably
once in a while (intermissions between presentations) we announce that a
staff person is going to make a ATM wallet withdrawal.
1) The staff person walks to the ATM
2) The staff person presses the screen twice
3) The staff person inserts bills
4) The staff person withdraws the paper wallet
5) The staff person makes a photo of the screen
6) The staff person scans the paper wallet QR with Monerujo
7) The staff person walks away
Regarding demonstrations, the manufacturer has gone a long way to
accommodate us with wallet research, and has retrofitted our loan BATM
with a NFC reader and supporting software to empower our decision for or
against using NFC wallets. Some BATM machines can dispense black plastic
Everything else relating to NFC transmitted hardware wallets will be
disclosed on site to a very small group, in a demonstration. It is
forbidden to encourage use of village badges for financial applications.
I might be a bit more worried than I need to be but this is going to
most hostile environment imaginable for a high-tech ATM to run. I think
that if the manufacturer and the ATM operator understand the 'dangerous'
situation this is, then we'll be better off.
I think the ATMs one floor below (literally underneath our village) are
sometimes manipulated, so this is a valid concern. It would be good if
you and me to both state in email that there is increased risk and we
recommend limiting transactions in time (one per 5 minutes?) or amount
(maximum 50 USD) or both. We can recommend that they keep a maximum
(100-200 XMR?) in the machine's server. We can limit the XMR provider's
(operator or manufacturer) risk as well by turning the machine on only
when a staff person is standing next to it.
Michael Schloh von Bennewitz
Software Development Engineer
Europalab Networks R&D, Munich
Office: +49(89)44239885 UTC+2
Mobile: Same as 'Office'