Bored programmer exploits ATM loophole to withdraw over $1 million | HT Tech

Bored programmer exploits ATM loophole to withdraw over $1 million

Qin Qisheng spotted a loophole in the bank’s core OS which meant cash withdrawals made around midnight were not recorded. He exploited the loophole in the ATMs to withdraw over $1 million.

By: ASIAN NEWS INTERNATIONAL
| Updated on: Feb 09 2019, 17:55 IST
Shot of a young gamer focused on his game - this is an alternative version to iStock file 43952150 - ALL screen content on this image is created from scratch by Yuri Arcurs' team of professionals for this particular photo shoothttp://195.154.178.81/DATA/i_collage/pi/shoots/783867.jpg
Shot of a young gamer focused on his game - this is an alternative version to iStock file 43952150 - ALL screen content on this image is created from scratch by Yuri Arcurs' team of professionals for this particular photo shoothttp://195.154.178.81/DATA/i_collage/pi/shoots/783867.jpg (Getty Images)
Shot of a young gamer focused on his game - this is an alternative version to iStock file 43952150 - ALL screen content on this image is created from scratch by Yuri Arcurs' team of professionals for this particular photo shoothttp://195.154.178.81/DATA/i_collage/pi/shoots/783867.jpg
Shot of a young gamer focused on his game - this is an alternative version to iStock file 43952150 - ALL screen content on this image is created from scratch by Yuri Arcurs' team of professionals for this particular photo shoothttp://195.154.178.81/DATA/i_collage/pi/shoots/783867.jpg (Getty Images)

If you are a programmer at a bank, chances are you are required to find loopholes in the bank's systems and not exploit it. A 43-year-old programmer at a bank exploited a crazy bug in ATMs operated by his employer Huaxia Bank to withdraw over a million.

According to a report on South China Morning Post, Qin Qisheng spotted a loophole in the bank's core OS which meant cash withdrawals made around midnight were not recorded. He exploited the loophole in the ATMs to withdraw over $1 million.

To carry out the exploit, Qin inserted a few scripts in the banking system that allowed him to test the loophole without triggering the alert about any withdrawals.

Interestingly, the bug was discovered in 2016 and for over a year, he continued making cash withdrawals. The bank was aware that he was testing the internal security system and the money he had taken was resting in a dummy account.

However, the money he had amassed was moved to his own account and some had been invested in the stock market, leading to his arrest.

The bank acknowledged that he had been testing the loophole but admitted that some activities were not reported which was in violation of the formal procedures. The courts have sentenced Qin to 10 and a half years in prison.

 

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 09 Feb, 17:55 IST
Tags:
NEXT ARTICLE BEGINS