Bank IT Manager Gets 10 Years for ATM Exploit
February 06, 2019 / Phil Muncaster
An IT developer at a Chinese bank has been jailed for over a decade after exploiting a vulnerability in its systems to withdraw more than $1m from ATMs. Qin Qisheng, 43, was a manager in Huaxia Bank’s technology development center in Beijing who spotted that a glitch in the lender’s core OS meant cash withdrawals around midnight weren’t recorded. He subsequently tested his theory, deliberately hiding his activity as he did so, making withdrawals of 5,000-20,000 yuan ($740-3000) from a test bank account. After doing so for over a year without telling his superiors, he had built a small fortune of over seven million yuan ($1m) in his own bank account, investing some funds in the stock market. However, his luck ran out after the unusual activity in the test account was spotted at a branch in Hebei. Amazingly, however, the bank wanted police to drop the case, believing Qin’s excuse that he was merely pen-testing.