Programmer with Chinese bank jailed for exploiting bug in bank system to siphon $1 million over 2 years

A senior programmer with the Huaxia Bank managed to transfer over seven million Yuan from the financial institution to his account by inserting scripts in the system to exploit a bug.

Published Date
06 - Feb - 2019
| Last Updated
06 - Feb - 2019
 
Programmer with Chinese bank jailed for exploiting bug in bank sy...

Highlights:

  • Qin Qisheng was a programmer with the Huaxia Bank
  • He reportedly stole over $1 million by exploiting a bug in the bank’s core system


As per a report by The South China Morning Post, via The Verge, Qin Qisheng, a 43-year-old senior programmer with the Huaxia bank managed to siphon off $1 million from the financial institution over a period of two years by exploiting a bug in the company’s core operating system. While the bank forgave the employee as he cited that he was simply testing the flaws in the system, he was still jailed. As per the report, because of the bug, cash withdrawals done around midnight were not recorded in the bank’s system. While this scenario should typically throw an error saying the transaction has failed, Qin inserted some scripts in the system so that there would be no such an alert. The bug has since been fixed.

Qin reportedly proceeded to withdraw money from the bank in amounts ranging between 5,000 and 20,000 Yuan (Rs 53,052 approx - Rs 2,12,211 approx) using a dummy account that the bank uses for testing its systems. This resulted in the withdrawal of over seven million Yuan by January 2018 from the bank. Qin is said to have deposited the amount in his own bank account and invested some of it in the stock market. When the unauthorised activity from the dummy account was detected, it was reported to the bank, which in turn alerted the authorities. Qin was arrested, found guilty by the court and sentenced to 10 and a half years in jail with a fine of 11,000 Yuan (Rs 1,16,745 approx). 

When Qin said that he was simply testing the internal security of the system, the Huaxia bank accepted his explanation and asked the court to pardon him. However, the authorities disagreed and said that the institution itself previously stated that his activities were in violation of formal procedures. “On the one hand, [the bank] said that the accused’s behaviour was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory,” said the judge. Qin returned the entire amount before being arrested. 

Related Reads:

ES File Explorer security flaw can aid hackers to leak data on Android devices: Researcher

Digit NewsDeskDigit NewsDesk  news@digit.in

The guy who answered the question 'What are you doing?' with 'Nothing'.