Cybersecurity

Programmer find ATM loophole that let him withdraw $1 million in cash

This topic contains 1 reply, has 1 voice, and was last updated by hbolic23 2 months, 2 weeks ago.

Creator

Topic
2019-02-06 at 17:16 #57574

apawloski07
Participant

https://www.theverge.com/2019/2/5/18212902/huaxia-bank-qin-qisheng-atm-loophole-hack-china

A person working in a bank in china was able to with draw almost $1 million in cash from an ATM machine by finding a flaw/vulnerability in the ATM. There was a flaw that withdrawing around midnight would not produce a removal amount from the persons account. This would normally red flag it but the programmer inserted a script in the system to get around the red flag and was doing it for months before eventually being caught. This person was an internal threat to the system, as he was able to modify the system from the inside to allow him to carry out this attack.
Creator

Topic

Author

Replies
2019-02-06 at 19:47 #57578

hbolic23
Participant

The bank should’ve taken action as soon as possible. If he’s been doing it for months, that shows that the bank is irresponsible if a worker is literally stealing money from the ATM located in the bank. They should have kept an eye on him from the first time he’s tried/attempted to take money that wasn’t his. This shows that machines such as ATM’s don’t need to be hacked through passwords, all they need is literal time. Something so simple as a bottle machine can be hacked, so a person who is proficient in computers can definitely reprogram an ATM machine to meet the hackers standards.
Author

Replies

You must be logged in to reply to this topic.

The DoD Cybersecurity Policy Chart

This chart captures the tremendous breadth of applicable policies, some of which many cybersecurity professionals may not even be aware, in a helpful organizational scheme.

View the Policy Chart

CSIAC Report - JFAC/DAU/CSIAC Cyber Experiment (CYBEX)

This report details key concerns discussed during the JFAC/DAU/CSIAC Software Assurance (SwA) Cyber Experiment (CYBEX). In addition to evaluating newly developed SwA guides for program managers and developers, the exchange included addressing/bringing back foundational software/system engineering concepts to address root of fundamental SwA issues as well as adopting common language in the areas of functionality and risk in order to identify issues early.

Read the Report

CSIAC Report - Emerging Developments in Cyberlaw: 2019

CSIAC SME and member of the American Bar Association’s Information Security Committee, Richard “Rick” Aldrich, gives a snapshot of emerging developments in cyberlaw, policy, standards, court cases and industry legal frameworks. These slides focus on emerging issues such as consumer privacy rights, forensic border search of computers, search consent, biometrics, expectations of privacy from cloud providers, and cyber insurance.

View the Slides

CSIAC Journal - Launching Innovation Through Medical Modeling and Simulation Technologies

This Special Edition of the Journal will provide a glimpse into current efforts to improve military medical training with simulation-based solutions.

Read the Journal