A PROGRAMMER HAS BEEN NICKED after he found a loophole in ATM withdrawals that allowed him to take out more than $1m (around £772,000) of 'free money'.
According to the South China Morning Post, programmer Qi Qisheng who worked at the Huaxia Ban figured out that ATM withdrawals carried out at around 12 am were not registered on the bank's systems.
In November 2016, he inserted scripts into the ATM operating system to allow him to extract a load of money without being detected.
And thus, Qisheng went on a spree of taking out some 5,000 to 2,000 yuan at a time, which is around £572 to £2,290 a pop. This cash was deposited in his personal account and invested in stocks, while his bosses were in the dark about the whole loophole.
Eventually, he was caught last January after a branch of the Huaxia Bank found unusual activity on an account being used as a test for security. As such, two months later, Qisheng was caught and detained.
And that's where this story should end, but it gets a bit more bizarre. Qisheng told the bank that he was performing a security test, and the bank believed him, according to the South China Morning Post.
While the situation was reported to Chinese rozzers, the bank asked them to drop the charges as Qisheng had returned the money, despite the fact he'd invested some of it and the allegedly pilfered cash was in his personal account.
"Qin Qisheng said that the matter was complicated and involved lots of work," a Huaxia Bank representative told the trial. "He believed the bank would not pay attention even if he reported it. We think this reason for not reporting is legitimate."
Qisheng also defended himself, seemingly making it sound like he was there hero of the situation for finding the loophole: "The customer generally would not report to the bank, [so] we were not informed about this situation. The problem was definitely there, the bank just couldn't find the reason."
But China's authorities didn't buy it and Qisheng was fined 11,000 yuan and sentenced to 10 and a half years in the clink.
"On the one hand, [Huaxia Bank] said that the accused's behaviour was in violation of the rules," the judge carrying out the sentence said. "On the other hand he said that he could conduct relevant tests. This is self-contradictory."
Qisheng filed for an appeal to the decision, noting that the sentence was too harsh. But the Beijing Intermediate People's Court decided to uphold the verdict and close the case, meaning Qisheng will go to prison.
One could argue that Qisheng was a legit tech bloke finding holes in ATM security; others might say he's an opportunist who took a punt and got burnt. Either way, if you're a hacker or tech-savvy person looking at finding security holes, best try and do it on the right side of the law. µ
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites