Friday, March 29, 2024

Bank Software Cheif Jailed For Finding a Way to withdraw $1M Free Cash From ATM

Qin Qisheng, 43, a senior programmer has been jailed for 10 and a half years for developing a way to withdraw more than US$1 million through ATMs as free cash.

Qin was a former technology department manager in China based Huaxia Banks. He spotted a hole in the bank core operating system allows unrecorded cash withdrawals during midnight.

The flaw was discovered by Qin back in 2016 and in the same year November he added some additional scripts which allow him to test the vulnerability without triggering alerts.

He managed to withdraw between 5,000 yuan and 20,000 yuan in years from bank dummy account used for testing and January 2018 he had amassed over seven million yuan which is equal to million US dollars without reporting to his superiors, reported by South China Morning Post.

Qin deposited the money to his own bank account and invested some in the stock market, the problem is that the system was designed without considering night trading.

The Bank accepted Qin explanation of testing the system for loopholes, but authorities denied it and he was jailed of theft and sentenced him 10 and half years in jail with a fine of 11,000 yuan.

“The bank said that the accused’s behavior was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory.”

“This irregular activity in the dummy account was detected and verified during a manual check at a subsidiary branch in Cangzhou, Hebei in January last year and the bank reported the incident to relevant authorities.”

Huaxia Bank bank asked authorities to drop the case as Qin recovered all the money, but the authorities denied saying the request was not accepted as “legitimate” by law enforcement, and therefore Qin must serve his sentence.

Last December a new tool called KoffeyMaker cybercriminals to steal money from ATM by connecting a laptop with the ATM machine cash dispenser.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Website

Latest articles

IT and security Leaders Feel Ill-Equipped to Handle Emerging Threats: New Survey

A comprehensive survey conducted by Keeper Security, in partnership with TrendCandy Research, has shed...

How to Analyse .NET Malware? – Reverse Engineering Snake Keylogger

Utilizing sandbox analysis for behavioral, network, and process examination provides a foundation for reverse...

GoPlus’s Latest Report Highlights How Blockchain Communities Are Leveraging Critical API Security Data To Mitigate Web3 Threats

GoPlus Labs, the leading Web3 security infrastructure provider, has unveiled a groundbreaking report highlighting...

Wireshark 4.2.4 Released: What’s New!

Wireshark stands as the undisputed leader, offering unparalleled tools for troubleshooting, analysis, development, and...

Zoom Unveils AI-Powered All-In-One AI Work Workplace

Zoom has taken a monumental leap forward by introducing Zoom Workplace, an all-encompassing AI-powered...

iPhone Users Beware! Darcula Phishing Service Attacking Via iMessage

Phishing allows hackers to exploit human vulnerabilities and trick users into revealing sensitive information...
Guru baran
Guru baranhttps://gbhackers.com
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles