1

Bank programmer steals millions from ATM using loophole

This sound more like a feat seen in movies “bank programmer steals millions from ATM using loophole”. But it actually did happen as confirmed by both The South China Morning Post and Daily Economic News. The programmer finds a loophole and exploited it. This eventually gave him access to withdraw over a $1 million from the cash machine. But can this really happen in one night raid? No, no bank ATM can house such a huge amount of money. In fact, the averagely sized ATM machine can hold as much as $200,000. Although, only a few machines do. But in off hours, most ATM machines contain less than $10,000. This is as a result of withdrawals during the day and it’s a good security measure. For most ATM thefts happen during off hours.

Now, the question is “how was he able to withdraw such a huge amount from a machine with limited cash deposit?”. Could he possible had stolen the money from several machines and accumulated the sums? No, and as already told, he actually did find a loophole and exploited his discovery for years.

Qin Qisheng, 43 years old worked with Huaxia Bank’s technology development center in Beijing, China. He was a senior programmer who saw a loophole in his bank’s core system. Qisheng discovered that the bank’s system couldn’t properly record withdrawals made from the machine around midnight. It was due to time and date change from one day to another at the zero hour. And it eventually made the machine spits out cash without deducting the withdrawn amount from a user’s account. This normally will log an error report on the bank’s server and system maintenance will be carried out. But on discovery this as a programmer and whose job was to report such abnormalities and system failures. Qisheng instead inserted a script (computer program file) into the system to keep the failure alerts unreported. He afterward started withdrawing money from the machine around November 2016 to January 2018 with a total of 1,358 withdrawals amounting to over 7 million yuan ($1 million upwards). He was apprehended when the bank later discovered the program script he inserted in the system with traces to him.

The aftermath of his arrest

The bank decided to let go of the charges against him on the condition that he would return the money. They also did ask the police to drop all charges leveled against Qisheng. Their explanation was “Qisheng as a programmer to the bank was merely testing the bank’s system vulnerability and holding onto the cash to be later given back to the bank.

The Chaoyang district court refused the bank’s request and found Qisheng guilty. They didn’t accept the bank’s explanation and Qisheng was charged for theft. For he moved the stolen funds to his personal bank account, instead of the bank’s dummy account. And did invest some of the money in the stock market. The bank wanted to let go of the charges. This was simply to hid its face from scandals since the loophole has already been fixed. 

Qisheng was supposed to be the good guy and report any lapses discovered about the system, but he took advantage of it. He is now looking at 10 and a half jail sentence after losing his court appeal.

For questions or suggestions, we are a click away.

Please leave a comment below.

Team techablaze

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.