If you are a programmer at a bank, chances are you are required to find loopholes in the bank’s systems and not exploit it. A 43-year-old programmer at a bank exploited a crazy bug in ATMs operated by his employer Huaxia Bank to withdraw over a million.
According to a report on South China Morning Post, Qin Qisheng spotted a loophole in the bank’s core OS which meant cash withdrawals made around midnight were not recorded. He exploited the loophole in the ATMs to withdraw over USD 1 million. To carry out the exploit, Qin inserted a few scripts in the banking system that allowed him to test the loophole without triggering the alert about any withdrawals.
Interestingly, the bug was discovered in 2016 and for over a year, he continued making cash withdrawals. The bank was aware that he was testing the internal security system and the money he had taken was resting in a dummy account.
However, the money he had amassed was moved to his own account and some had been invested in the stock market, leading to his arrest.
The bank acknowledged that he had been testing the loophole but admitted that some activities were not reported which was in violation of the formal procedures. The courts have sentenced Qin to 10 and a half years in prison.