Bank Forgives Programmer Who Withdrew $1M in Cash after Finding ATM Flaw

Discussion in '[H]ard|OCP Front Page News' started by Megalith, Feb 9, 2019.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    12,890
    Joined:
    Aug 20, 2006
    Qin Qisheng, a senior programmer at Chinese Bank Huaxia, has been jailed for 10 and a half years after taking advantage of “a loophole in the bank’s core operating system that meant cash withdrawals made around midnight were not recorded.” Mr. Qisheng, who was evidently unhappy with his employer’s pay, ultimately managed to collect $1M before he was caught by a manual check. While the bank “accepted his explanation that he had simply been trying to test its internal security and the cash was just resting in his own account before he returned it to his employers,” the courts demanded punishment.

    Qin discovered the flaw in the system in 2016 and in November that year he inserted a few scripts in the banking system which he said would allow him to test the loophole without triggering an alert. For more than a year he made cash withdrawals of between 5,000 yuan and 20,000 yuan (US$740-US$2,965) from a dummy account the bank used to test its systems. By January 2018 he had amassed over seven million yuan – the equivalent of just over a million US dollars – without telling his superiors what he was doing.
     
  2. Amorius

    Amorius n00b

    Messages:
    11
    Joined:
    May 10, 2014
    So, in other words, they punish for doing domestic crimes but reward them for doing international crimes.
     
  3. Spidey329

    Spidey329 [H]ardForum Junkie

    Messages:
    8,660
    Joined:
    Dec 15, 2003
    Why would you test a security hole for over a year? All without letting someone else know?

    He simply got caught before he could make plans to get out of the country with his new fortune (that or he got overconfident / complacent and greedy).
     
    greenman, Burticus and Wrecked Em like this.
  4. Oldmodder

    Oldmodder Limp Gawd

    Messages:
    460
    Joined:
    Aug 24, 2018
    Sound familiar, seem normal.

    Dont get caught with hand in cookie jar, but if you do then deny deny deny deny often work, which is the most amazing thing of all.
     
  5. Brian_B

    Brian_B 2[H]4U

    Messages:
    2,089
    Joined:
    Mar 23, 2012
    I don't know, sounds legit.
     
  6. Paladin21

    Paladin21 Gawd

    Messages:
    529
    Joined:
    Jun 22, 2004
    Didn't he watch Office Space? You burn the building down, go get a job you actually like, and pretend that nothing ever happened.
     
  7. Burticus

    Burticus 2[H]4U

    Messages:
    3,648
    Joined:
    Nov 7, 2005
    Yeah. "Testing". Sure.

    I wonder what the ATM limits are over there though... because if it was the US, and you can only do a single transaction of $500 right at the magic window.... you'd have to pull that trick 2000 times and not get caught. Thats every night for 5 and a half years. That is WAY too many times to not get caught by a random element.

    Honestly I'd get tired of doing it that many times.

    OK so the article says "US$740-US$2,965" per transaction. Even at the maximum amount, it would be 337+ transactions.

    It also says he " had returned all the money to the bank before his arrest, it was not enough to spare him". Wait, so he returned all the money with a semi-valid explanation BEFORE he got caught? Hmmmmm. And the bank accepted his story and declined to press charges, but the court still did. Sounds like he didn't have a good enough lawyer (however that works in China anyway).
     
    mynamehere likes this.
  8. umeng2002

    umeng2002 Gawd

    Messages:
    898
    Joined:
    May 23, 2008
    The real trick was making it seem like he only took out 1 Million bucks.
     
    notarat and greenman like this.
  9. greenman

    greenman Gawd

    Messages:
    526
    Joined:
    Jul 17, 2007
    Nice.
     
  10. katanaD

    katanaD [H]ard|Gawd

    Messages:
    1,992
    Joined:
    Nov 15, 2016
    FTFA:

    WOW.. he was able to withdraw up to $3K at a time?