A developer manages to steal a negligible amount of $ XNUMX million from an ATM after finding and exploiting a ridiculous hole in the ATM program.
Sounds like something out of a movie. A disgruntled bank planner discovers the perfect plan to make an ATM withdraw money without charging it to anyone.
But this story is true. The South China Morning Post and Daily Economic News of Chinas report that Qin Qisheng, 43, managed to withdraw over 7 million yuan (over US$1 million) from an ATM operated by his employer bank, Huaxia Bank, by exploiting a loophole.
According to reports, the system of the bank does not correctly record withdrawals made around midnight, resulting in giving cash without removing the total from the user's account. Normally, this would raise a red flag in the system that a transaction has failed, but Qisheng allegedly injected a script into the program and silenced these alerts.
Qisheng started making money from November 2016 to January 2018, and after about 1.358 withdrawals the bank discovered the bad guy code into her system and alerted the authorities to arrest him.
Perhaps the sequel is the most surprising part of this story. Qisheng returned the money and the bank no longer wanted to pursue him. Perhaps he was afraid of bad publicity (apparently the loophole has already been closed), so Huaxia Bank asked the police to drop the case, accepting Qisheng's excuse that he was just testing the better safety of the bank and keeps the money for the bank to request !!!.
However, the court refused and Qisheng faces up to 10,5 years in prison. They were not convinced by the argument, considering that the accused had transferred the money to his personal bank account, and not to a fake bank account, because he was investing the money in the stock market.
it's not the first time which ATMs are made target of smart developers. Today's story, however, is particularly fragile with the concurrence of perpetrator and victim views.