Bored programmer exploits ATM loophole to withdraw over USD 1 million: If you are a programmer in a bank, then it is likely that you need to look for the drawbacks in the bank’s system, not exploit it.
At a bank, a 43-year-old programmer exploited a mad bug in ATM operated by its employer Huaxia Bank to withdraw over a million.
According to a report on South China Morning Post, Qin Qisheng spotted a loophole in the bank’s core OS which meant cash withdrawals made around midnight were not recorded. He exploited the loophole in the ATMs to withdraw over USD 1 million.
As per the report from the South China Morning Post, Qin Qisheng highlighted a flaw in the bank’s core OS, which meant that cash withdrawals made around midnight were not recorded.
They took advantage of the flaws in the ATM to remove more than USD 1 million.
To eliminate exploitation, Qin has put some scripts in the banking system, allowing him to test the flaws without triggering the alarming alert about any withdrawals.
The interesting thing is that the bug was discovered in 2016 and for over a year as he continued making cash withdrawals.
The bank knew he was testing the internal security system and the money he had borrowed was resting in a dummy account.
Nevertheless, the money deposited by him went into his own account and some were invested in the stock market, which led to his arrest.
The bank acknowledged that it was examining the fault, but admitted that some activities were not reported which came in violation of the formal procedures. The courts have sentenced Qin to 10and a half years in prison.