Qin Qisheng, 43, a senior programmer has been jailed for 10 and a half years for developing a way to withdraw more than US$1 million through ATMs as free cash.
Qin was a former technology department manager in China based Huaxia Banks. He spotted a hole in the bank core operating system allows unrecorded cash withdrawals during midnight.
The flaw was discovered by Qin back in 2016 and in the same year November he added some additional scripts which allow him to test the vulnerability without triggering alerts.
He managed to withdraw between 5,000 yuan and 20,000 yuan in years from bank dummy account used for testing and January 2018 he had amassed over seven million yuan which is equal to million US dollars without reporting to his superiors, reported by South China Morning Post.
Qin deposited the money to his own bank account and invested some in the stock market, the problem is that the system was designed without considering night trading.
The Bank accepted Qin explanation of testing the system for loopholes, but authorities denied it and he was jailed of theft and sentenced him 10 and half years in jail with a fine of 11,000 yuan.
“The bank said that the accused’s behavior was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory.”
“This irregular activity in the dummy account was detected and verified during a manual check at a subsidiary branch in Cangzhou, Hebei in January last year and the bank reported the incident to relevant authorities.”
Huaxia Bank bank asked authorities to drop the case as Qin recovered all the money, but the authorities denied saying the request was not accepted as “legitimate” by law enforcement, and therefore Qin must serve his sentence.
Last December a new tool called KoffeyMaker cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser.