As per a report by The South China Morning Post, via The Verge, Qin Qisheng, a 43-year-old senior programmer with the Huaxia bank managed to siphon off $1 million from the financial institution over a period of two years by exploiting a bug in the company’s core operating system. While the bank forgave the employee as he cited that he was simply testing the flaws in the system, he was still jailed. As per the report, because of the bug, cash withdrawals done around midnight were not recorded in the bank’s system. While this scenario should typically throw an error saying the transaction has failed, Qin inserted some scripts in the system so that there would be no such an alert. The bug has since been fixed.
Qin reportedly proceeded to withdraw money from the bank in amounts ranging between 5,000 and 20,000 Yuan (Rs 53,052 approx - Rs 2,12,211 approx) using a dummy account that the bank uses for testing its systems. This resulted in the withdrawal of over seven million Yuan by January 2018 from the bank. Qin is said to have deposited the amount in his own bank account and invested some of it in the stock market. When the unauthorised activity from the dummy account was detected, it was reported to the bank, which in turn alerted the authorities. Qin was arrested, found guilty by the court and sentenced to 10 and a half years in jail with a fine of 11,000 Yuan (Rs 1,16,745 approx).
When Qin said that he was simply testing the internal security of the system, the Huaxia bank accepted his explanation and asked the court to pardon him. However, the authorities disagreed and said that the institution itself previously stated that his activities were in violation of formal procedures. “On the one hand, [the bank] said that the accused’s behaviour was in violation of the rules. On the other hand, he said that he could conduct relevant tests. This is self-contradictory,” said the judge. Qin returned the entire amount before being arrested.