1

Bank programmer steals millions from ATM using loophole

This sound more like a feat seen in movies “bank programmer steals millions from ATM using loophole”. But it actually did happen as confirmed by both The South China Morning Post and Daily Economic News. The programmer found a loophole and exploited it. This eventually gave him access to withdraw over a $1 million from the cash machine. But can this really happen in one night raid? No, no bank ATM can house such a huge amount of money. In fact, the averagely sized ATM machine can hold as much as $200,000. Although, only a few machines do. But in off hours, most ATM machines contain less than $10,000. This is as a result of withdrawals during the day and also a good security measure. For most ATM thefts happen during off hours.

Now, the question is “how was he able to withdraw such a huge amount from a machine with limited cash deposit?”. Could he possibly to had stolen the money from several machines and accumulated the sums? No, and as already told, he actually did find a loophole and exploited his discovery for years.

Who is Qin Qisheng?

Qin Qisheng, 43 years old was an employee of Huaxia Bank’s technology development center in Beijing, China. He was a senior programmer who saw a loophole in his bank’s core system. Qisheng discovered that the bank’s system couldn’t properly record withdrawals made from the machine around midnight. This was due to changes in time and date from one day to another at the zero hour. It eventually made the machine spits out cash without deducting the withdrawn amount from a user’s account. This normally will log an error report on the bank’s server and system maintenance will be carried out immediately. Qisheng job as a programmer of the bank was also to report such abnormalities and system failures anytime there was a discovery. But to him, it was a get rich quick opportunity. Qisheng instead inserted a script (computer program file) into the system to keep the failure alerts unreported. He afterward started withdrawing money from the machine around November 2016 to January 2018 with a total of 1,358 withdrawals amounting to over 7 million yuan ($1 million upwards). His apprehension came after the bank later discovered the program script he inserted in the system with traces to him.

The aftermath of his arrest

Surprisingly the bank decided to let go of the charges against him on the condition that he would return the money. They also did ask the police to drop all charges leveled against Qisheng. Their explanation was “Qisheng as a programmer to the bank was merely testing the bank’s system vulnerability and holding onto the cash to be later given back to the bank.

The Chaoyang district court refused the bank’s request and found Qisheng guilty. They didn’t accept the bank’s explanation and Qisheng was charged for theft. For he moved the stolen funds to his personal bank account, instead of the bank’s dummy account. And did invest some of the money in the stock market. The bank wanted to let go of the charges. This was simply to hid its face from scandals since the loophole has already been fixed. 

Qisheng was supposed to be the good guy and report any lapses discovered about the system, but he took advantage of it. He is now looking at 10 and a half jail sentence after losing his court appeal.

For questions or suggestions, we are a click away.

Please leave a comment below.

Team techablaze

One Comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.