Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Stealing From Banks One Cent at a Time

CmdrTaco posted more than 6 years ago | from the not-like-atm-fees-steal-from-you dept.

The Almighty Buck 313

JRHelgeson writes "In a story strangely reminiscent of Superman 3, a 'hacker' allegedly stole over $50,000 from PayPal, Google Checkout as well as several unnamed online brokerage firms. When opening an online brokering account it is common practice for companies such as E-trade and Schwab to send a tiny payment — ranging from only a few cents to a couple of dollars — to verify that the user has access to the bank account listed. According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers. He was arrested not for taking the money, but for using false names in order to get it."

cancel ×

313 comments

Comment from said "hacker" (5, Funny)

Digital Vomit (891734) | more than 6 years ago | (#23571371)

When reached for comment, the "hacker" had this to say:

"I don't want to go to jail because there are robbers and rapers and rapers who rape robbers. "

Re:Comment from said "hacker" (1)

PawNtheSandman (1238854) | more than 6 years ago | (#23571509)

What makes him a "hacker"?

Re:Comment from said "hacker" (5, Funny)

rugatero (1292060) | more than 6 years ago | (#23571731)

What makes him a "hacker"?

He used a computer.

Heck he even wrote a script. In the eyes of your average Joe that makes him a diabolical hacking genius.

Re:Comment from said "hacker" (-1)

Anonymous Coward | more than 6 years ago | (#23572133)

lol was pretty pro tho

Re:Comment from said "hacker" (5, Funny)

s.bots (1099921) | more than 6 years ago | (#23571633)

Looks like someone could be doin' time in a "Federal 'pound-me-in-the-ass' Prison"...

Hey Mike! Watch out for your cornhole buddy!

Re:Comment from said "hacker" (5, Funny)

The Clockwork Troll (655321) | more than 6 years ago | (#23571961)

This is an interesting legal situation in that, technically, both the crime and its punishment could be called a "salami attack".

Re:Comment from said "hacker" (5, Funny)

0kComputer (872064) | more than 6 years ago | (#23572167)

I have a client in there right now. He says the trick is to kick someone's ass the first day, or become someone's bitch.

PC load letter?! (5, Funny)

jchillerup (1140775) | more than 6 years ago | (#23571403)

What the fuck does that mean?!

Re:PC load letter?! (1, Redundant)

El_Muerte_TDS (592157) | more than 6 years ago | (#23571479)

It means that you have to fill the paper cassette of the printer with paper of the "letter" size.

Re:PC load letter?! (5, Funny)

jchillerup (1140775) | more than 6 years ago | (#23571969)

Whew. Sounds like someone has a case of the Mondays.

Re:PC load letter?! (0)

Anonymous Coward | more than 6 years ago | (#23571631)

I don't know but this guy is bound for a "federal pound me in the ass" prison for sure.

I just wanted to add the damn quote already (5, Funny)

ReverendLoki (663861) | more than 6 years ago | (#23571943)

Peter: "That virus you're always talking about, right? The one that could, uh, rip off the company for a bunch of money."
Michael: "Yeah, what about it?"
Peter: "Well, how does it work?"
Michael: "It's pretty brilliant. What it does is, every time there's a bank transaction where interest is competed, you know, thousands a day, the computer ends up with these fractions of acent, which it usually rounds off. What this does is, it takes those little remainders and puts it into an account."
Peter: "This sounds familiar."
Michael: "Yeah, they did it in Superman III."
Peter: "Right."
Michael: "Yeah. Underrated movie, actually. And then there were a bunch of hackers, did it in the '70s as well. One of them got busted."
Peter: "Well, so they check for this now."
Michael: "No, here's the thing. Initech's so backed up with all the software we're updating for the year 2000, they'd never notice."
Peter: "You're right. And even if they wanted to, they couldn't check all that code."
Michael: "Thumbs up their asses. Thumbs up their asses."

Superman 3? (5, Informative)

jandrese (485) | more than 6 years ago | (#23571413)

How is this like Superman 3? I thought the point in that movie was to shave off the remainders in interest calculations. This is just a simple case of seeing someone transfer a few cents to your account when you open it and trying to abuse the system. The problem of course is that it's extremely obvious and you'll get caught, just like this guy did.

Re:Superman 3? (3, Insightful)

geoffrobinson (109879) | more than 6 years ago | (#23571477)

No one has seen Superman 3 for years because it is such a bad movie. So it is kind of like the telephone game.

Frankly, the only good thing to come out of the movie was the concept of stealing fractions of pennies so no one notices.

Re:Superman 3? (4, Informative)

lesinator (459276) | more than 6 years ago | (#23571617)

This kind of attack hardly an invention of the movies. The salami attack [wikipedia.org] has been around for a long time.

Re:Superman 3? (3, Informative)

Otter (3800) | more than 6 years ago | (#23572103)

I believe that the reference to Superman 3 is actually a meta-reference to Office Space. (Or maybe the reference being referenced is the meta-reference -- I'm not a philosopher.) As Office Space itself noted, the method long precedes either movie.

Re:Superman 3? (3, Informative)

Blakey Rat (99501) | more than 6 years ago | (#23572247)

The point isn't that Superman 3 invented it, the point is that most people first heard of it from watching Superman 3 and so when you're trying to explain to people what you're doing, you can say "you know, like Superman 3" and they know what you mean. Thus the joke in Office Space:

A:
B: "Huh?"
A: "You know, like in Superman 3."
B: "Oooh, now I get it."

It's funny, damnit. Made funnier than Superman 3 is actually a pretty awful movie. (But it's an awful movie that most everybody's seen.)

Well whaddaya know... (4, Funny)

LynnwoodRooster (966895) | more than 6 years ago | (#23572301)

This kind of attack hardly an invention of the movies. The salami attack has been around for a long time.

Huh. Learned something new - thanks! I always thought Salami Attack was a bad 80s porn movie...

Re:Superman 3? (4, Insightful)

qoncept (599709) | more than 6 years ago | (#23571507)

Are you serious? Do you think it would be dumb to compare a Dell laptop to an IBM because IBM uses Hitachi drives and a 32x CDROM instead of Seagate and 36x?

Since you can't figure it out, let me explain what aspects are similar. He was stealing next to nothing lots of times. Like the guy in Superman.

Re:Superman 3? (1)

Chysn (898420) | more than 6 years ago | (#23571585)

> How is this like Superman 3?

Yeah, I probably would have gone with Office Space. At least that shaky comparison has a bit of pull with geeks.

Re:Superman 3? (2, Informative)

fishbowl (7759) | more than 6 years ago | (#23572207)

This geek didn't miss the fact that the reference to Superman 3 *was* a reference to Office Space.
The indirect reference shows a bit of finesse, and understanding that the geek will get it.

How did he do it? (1)

Thelasko (1196535) | more than 6 years ago | (#23571417)

I have used similar services in the past. They always remove the money after the transaction. How did this guy prevent that from happening?

Re:How did he do it? (2, Informative)

jandrese (485) | more than 6 years ago | (#23571481)

I know Paypal lets you keep the money, I'm guessing the guy chose it and similar services.

Re:How did he do it? (1)

joecasanova (1253876) | more than 6 years ago | (#23571487)

Perhaps he transferred the money to another account before the institutions could withdraw it?

Re:How did he do it? (4, Informative)

Mark J Tilford (186) | more than 6 years ago | (#23571491)

By closing the accounts before Paypal / Google Checkout could remove the money.

Re:How did he do it? (1)

Kamineko (851857) | more than 6 years ago | (#23571521)

Paypal don't. You keep the tiny bit of money they give you.

Re:How did he do it? (2, Informative)

Sturdy (1297351) | more than 6 years ago | (#23571999)

PayPal and E*trade both leave the money.

I seem to remember others...oh wait, those were authorization charges! ("Don't worry, we'll put it back eventually.") Those appear to be the smarter companies in the bunch.

Re:How did he do it? (1)

OS24Ever (245667) | more than 6 years ago | (#23572313)

PayPal and Sharebuilder don't remove the money, I've used both of those.

I always hook up my three accounts I have, sure, I get less than $1.00 each time but feels like I'm fighting the man somehow.

You know... (2, Funny)

scubamage (727538) | more than 6 years ago | (#23571427)

I had this very idea a few days ago when paypal put two 40 cent payments in my checking account. Thank god I didn't go with it, eh?

Let's (1)

zoomshorts (137587) | more than 6 years ago | (#23571901)

Sign up for a gazillion Paypal accounts, use ONE bank account, and after Paypal
deposits the money, withdraw the money and close the account.

Profit !!!!! And a fitting end to Paypal. Pennies DO add up. The transaction
costs alone would bankrupt Paypal. Somebody write a script ... hurry.

Re:Let's (5, Informative)

tha_mink (518151) | more than 6 years ago | (#23571991)

Sign up for a gazillion Paypal accounts, use ONE bank account, and after Paypal deposits the money, withdraw the money and close the account.
Tried it. Paypal doesn't allow multiple accounts with the same bank account information.

They pay me? (2, Interesting)

MaXMC (138127) | more than 6 years ago | (#23571429)

No.. when I change my credit card information on PayPal they deduct 15SEK that and then I get them back on my PayPal account (from which they take a percentage?) So it's realy PayPal that steals?

Re:They pay me? (1)

dintech (998802) | more than 6 years ago | (#23571565)

It's not stealing if you agree to if first. It's just being a bastard. Also this not similar to mugging before you suggest that. :P

Re:They pay me? (2, Interesting)

MaXMC (138127) | more than 6 years ago | (#23571759)

Well, the first time I did it, I did indeed agree to it. But the next time I just changed my VISA number and a few days later they had withdrawn 15 SEK.

Submitter gets it wrong (3, Informative)

nurightshu (517038) | more than 6 years ago | (#23571447)

As far as I can tell, the article doesn't actually mention that Largent managed to rip off PayPal, only that PayPal, Google Checkout, et al. use the small deposit method for verification. Seriously, reading for comprehension isn't hard, people. Hell, it even mentions the scope right in the lede.

Re:Submitter gets it wrong (3, Informative)

Wister285 (185087) | more than 6 years ago | (#23571629)

The third and fourth paragraphs read:

"According to court documents, Californian Michael Largent used an automated script to open 58,000 such accounts, collecting many thousands of these small payments into a few personal bank accounts.

Largent also performed the same trick with Google's Checkout service, cashing more than $8,000 alone from the service. " [emphasis added]

Am I (and the submitter) missing something?

He stole my idea! (0, Redundant)

joecasanova (1253876) | more than 6 years ago | (#23571449)

Totally stole my idea. That jerk!

Re:He stole my idea! (5, Funny)

norminator (784674) | more than 6 years ago | (#23571645)

But he only stole it a little bit, a whole bunch of times...

Well, yeah... (5, Interesting)

Oxy the moron (770724) | more than 6 years ago | (#23571451)

He was arrested not for taking the money, but for using false names in order to get it.

Of course he wasn't arrested for taking the money. Said institutions willingly deposited that money into his account(s), yes? And these institutions did so under the pretense that this was to identify the customer? So the charge makes sense. The guy didn't steal money, it was given to him... a "him" with a fake identity.

Re:Well, yeah... (0)

Anonymous Coward | more than 6 years ago | (#23572097)

So, how many of you are now doing this with a real identity? This should be a poll question.

First clue (4, Insightful)

tsstahl (812393) | more than 6 years ago | (#23571461)

If you have to make up a name or SSN to open the account, then in fact, you are doing something wrong. Color me simple, but that's the way I see it. :\ This is clearly a case where a novel approach to crime is still, well, criminal.

Who are you arguing with? (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23571895)

"If you have to make up a name or SSN to open the account, then in fact, you are doing something wrong. Color me simple, but that's the way I see it. :\ This is clearly a case where a novel approach to crime is still, well, criminal."

That's nice and all, but no one is arguing that this wasn't illegal, numbnuts.

Re:Who are you arguing with? (1)

Pollardito (781263) | more than 6 years ago | (#23572145)

there is someone arguing it wasn't illegal:

"Largent explained that he had read the terms of service of the sites he was targeting, and believed he was doing nothing wrong, claiming that he needed the money to pay off debts."

Well Duh (4, Interesting)

oahazmatt (868057) | more than 6 years ago | (#23571463)

Largent used an automated script to open 58,000 such accounts, collecting many thousands of these small payments into a few personal bank accounts.
As much as the bank looks oddly at a sudden amount of large withdrawls, they'd certainly take the time to wonder why someone is getting three cents continuously deposited into their account. How did he figure he would not get caught?

When his bank contacted him about the thousands of small payments, Largent explained that he had read the terms of service of the sites he was targeting, and believed he was doing nothing wrong, claiming that he needed the money to pay off debts.
Oh, well that's okay, then.

Man, they'll throw the "Hacker" label on anyone these days, won't they?

Re:Well Duh (2, Insightful)

mollymoo (202721) | more than 6 years ago | (#23572225)

As much as the bank looks oddly at a sudden amount of large withdrawls, they'd certainly take the time to wonder why someone is getting three cents continuously deposited into their account.

It doesn't strike me as at all inevitable that his bank would notice. Alarms on the automated systems which trigger human intervention would I expect be primarily based on large transactions, not small ones. I suppose there must be a specific trigger for an unusually large number of transactions, or a trigger for a review for accounts operating on the edge of the distribution curve for a variety of parameters. With no trigger no human ever looks - it's all automated. I doubt any human other than me has looked at my bank account in years.

Well it is true.... (5, Funny)

cortesoft (1150075) | more than 6 years ago | (#23571483)

Damn it feels good to be a gangsta.

Relax (2, Funny)

boristdog (133725) | more than 6 years ago | (#23571485)

The most you'll do is a few years in one of those "country club" prisons, right?

Re:Relax (2, Informative)

xgr3gx (1068984) | more than 6 years ago | (#23571639)

No - he'll be sentenced to a Federal "pound me in the ass" prison

What were the crimes again? (2, Funny)

Guppy06 (410832) | more than 6 years ago | (#23571497)

Wire fraud? Bank fraud? Don't you need to have done these actions against actual banks for these kinds of charges to get levied?

Re:What were the crimes again? (2, Insightful)

plague3106 (71849) | more than 6 years ago | (#23571851)

Well, there's always plain old fraud.

Re:What were the crimes again? (2, Insightful)

gmack (197796) | more than 6 years ago | (#23571919)

Payment systems are considered a form of banking.

Re:What were the crimes again? (3, Informative)

willyhill (965620) | more than 6 years ago | (#23572065)

No, they're not. That's why PayPal can get away with the shit they do. It's a common misconception that most people fall into, that because PayPal handles money, they must be a bank and subject to the same set of regulations you trust to put the stops on your bank if they get fresh with your money (including insurance. PayPal is not FDIC insured if you use their "high yield" holding option).

The problem here is that the transactions involved banks. The fact that PayPal was the conduit is irrelevant in this case, I think.

Balasts (4, Funny)

bsDaemon (87307) | more than 6 years ago | (#23571499)

At least his script didn't almost capsize the oil tankers... people would be super pissed off then.

Re:Balasts (1)

elrous0 (869638) | more than 6 years ago | (#23571773)

I hear the son of a bitch used the money to buy a Ferrari.

Re:Balasts (1)

doublee3 (1276070) | more than 6 years ago | (#23572209)

Is this the unnamed account in the Bahamas where the money was to be stashed? 03087-08351-27H I think so :)

Whatever you do.... (5, Funny)

i_want_you_to_throw_ (559379) | more than 6 years ago | (#23571519)

Don't drop the kryptonite in the shower.

No flags raised? (3, Insightful)

GBC (981160) | more than 6 years ago | (#23571533)

The amounts were being deposited into the same few bank accounts. The thing I can't figure out is, given the sheer number of transactions involved, how was this not spotted sooner?

If there was an assumption that it wasn't worth it prior to this (due to the tiny amounts involved in a genuine authentication check), I assume now they will implement a system that flags a bank account which receives authenticating deposits over a certain number.

It was over... (4, Funny)

hyperz69 (1226464) | more than 6 years ago | (#23571549)

when he started using names like...

Haywood Jablome
Connie Lingus
Dick Trickle
Seymour Butts
Hugh Jass
Ben Dover

Should of used a better name generator.

Re:It was over... (1)

PawNtheSandman (1238854) | more than 6 years ago | (#23571775)

Isn't Dick Trickle a NECKCAR driver?

how did it get that far? (1)

planckscale (579258) | more than 6 years ago | (#23571551)

I'll assume the guy was using the same IP address to create the accounts. I wonder why the hosts don't have some kind of software to look for IP's that open multiple accounts?

Re:how did it get that far? (1)

jimicus (737525) | more than 6 years ago | (#23571649)

I'll assume the guy was using the same IP address to create the accounts. I wonder why the hosts don't have some kind of software to look for IP's that open multiple accounts?

Probably wouldn't work very well seeing as most ISPs allocate IP addresses through DHCP - and even if they didn't your idea breaks as soon as someone releases a block of numbers for whatever reason and it gets taken and re-used by someone else.

Re:how did it get that far? (1)

LnxRocks (759556) | more than 6 years ago | (#23571799)

Not to mention that sometimes two people can share an IP address. Two college roommates can't have individual Paypal accounts?

Re:how did it get that far? (2, Interesting)

gmack (197796) | more than 6 years ago | (#23572245)

You can set a time limit on the threshold. Assume 32 days in a month $50 000 would be $1562 per day that's $65 worth of micro payments in an hour. That's a lot of transactions to be spread around not very many providers.

They could flag anything over a certain amount per hour or per day and catch the worst of the offenders.

I'm guessing the only reason they haven't done that so far is because it didn't occur to anyone that the system could be gamed that way.

Pound you in the ass prison... (1)

barfy (256323) | more than 6 years ago | (#23571609)

This is like the penny jar, except a whole lot of pennies and nobody gets hurt.

Re:Pound you in the ass prison... (1, Funny)

xpuppykickerx (1290760) | more than 6 years ago | (#23571803)

How dare you judge me? I mean what are you? You think you're some kind of, like, angel here? No, you're just this penny-stealing... wanna-be criminal... man.

Re:Pound you in the ass prison... (1)

trrwilson (1096985) | more than 6 years ago | (#23571907)

No, that's the jar. I'm talking about the tray, the pennies for everybody.

oh wait.... (5, Funny)

apodyopsis (1048476) | more than 6 years ago | (#23571611)

At least he did not create a script that automatically rounded every payment up to the nearest... oh wait...

Even if he gets a fine, he can always apply to pay off the debt in small payments - say a few cents every time...

Reminds me of a debt my father picked up from a school my sister attended for less then a week. They charged him for a whole year. Not to be deterred he promptly paid them half the amount they invoiced him for. Months later and six angry letters later he paid them half of the sum they asked for. Months later.. ah well, I am sure you can see the pattern here. Fast forward 14 years and they finally wrote of the rest of his debt (I think 1GPB) as a good will gesture (and I am reliably informed he is legend in the schools finance department). I have no idea how much the administration cost to school at the end of it, but it all seemed good natured enough.

Re:oh wait.... (-1, Flamebait)

Anonymous Coward | more than 6 years ago | (#23571905)

THAN you illiterate cunt

Re:oh wait.... (0)

Anonymous Coward | more than 6 years ago | (#23572047)

I did this with my landlord, I overpaid 1 penny then underpaid the next month and so on.

It drives their accounting nuts as they have to track that extra and YOU ARE DOING NOTHING WRONG :)

You paid, the administrative work is on their side :)

Seriously never piss me off I have many ways of getting away with so many annoying things.

Re:oh wait.... (1)

tha_mink (518151) | more than 6 years ago | (#23572095)

Reminds me of a debt my father picked up from a school my sister attended for less then a week.
Someone my wife knows paid $289,000 in back property taxes (that he claimed he didn't owe) in unrolled pennies. Think: dump truck. Think: 3 loads.

$50,000? (5, Funny)

PawNtheSandman (1238854) | more than 6 years ago | (#23571625)

You know what I'd do with $50,000? 2 chicks at the same time.

Re:$50,000? (1)

catdevnull (531283) | more than 6 years ago | (#23571661)

Man, I wish I had mod points today. That's +5 Funny right there, dadgummit!

Re:$50,000? (2, Insightful)

xpuppykickerx (1290760) | more than 6 years ago | (#23571721)

I would do absolutely nothing.

Re:$50,000? (5, Funny)

gmuslera (3436) | more than 6 years ago | (#23571753)

In a few months, filling the gas tank would be another use for that amount of money. Is good that so many online services are willing to cooperate in that hard task.

Re:$50,000? (5, Funny)

Andreaskem (999089) | more than 6 years ago | (#23571899)

Why blow that much money on 2 minutes of entertainment?

Re:$50,000? (1)

blindd0t (855876) | more than 6 years ago | (#23572159)

This is Slashdot... Two minutes is a very generous compliment. ^_^

Re:$50,000? (0)

Anonymous Coward | more than 6 years ago | (#23572137)

Fuckin' A.

I've always wondered (1)

Rik Sweeney (471717) | more than 6 years ago | (#23571637)

if this is worth attempting, especially in the trading industry.

(IANOC)

They really don't care if $2 million goes missing on a trade, so who the hell's going notice that it's a penny short?

Think about it, millions of trades going through the system each day and you, the IT developer, shave a single penny off each one of them. You could almost retire by the end of the month.

Now all I have to do is wait for this Credit Crunch to end and apply for a job working in the Front Office.

Attacker? (1, Interesting)

140Mandak262Jamuna (970587) | more than 6 years ago | (#23571647)

Since when taking money from chumps is called an attack? Google and Paypal set up the system and they paid out carelessly, why call this ingenious programmer an attacker?

Re:Attacker? (1)

oahazmatt (868057) | more than 6 years ago | (#23571813)

I wouldn't call him "ingenious", due to the fact that he overlooked quite a few details. (Namely, using only a handful of bank accounts, and believing no one would notice the activity on the accounts.)

He's more in trouble for misrepresenting himself and using assumed identities. It might fall under "uttering a forged instrument", but I'm not sure.

I remember the interest rounding hacks of the 80s (1)

Qbertino (265505) | more than 6 years ago | (#23571701)

I remember the interest rounding hack of the 80s. Bank IT personell at a few occasions got the smart idea to transfer rounding remainders from interest calculations onto an internal bank account. The extra small micro sums (fractions of currency units) from all interest calculations would quickly add up to many millions, virtually producing money from nothing. A few got caught, but I wonder how many IT guys at banks actually got away with that.

AFAICT the same thing should still be possible today when interests are calculated. Probably such tapering is prevented by tighter controll of IT personell and independant reviewing.

However I think it's still the most elegant form of bank-'robbery'. Has anyone heard of simular more recent incidents of this sort of thing?

Silicon Slim (1, Interesting)

Anonymous Coward | more than 6 years ago | (#23571871)

Such rumors have been common, though it's rare to see documented evidence.

In the 1980's John Forster wrote "The Ballad of Silicon Slim", a country/western ballad song about a home computing thief. An excerpt:

In the dead of night he'd access each depositor's account
And from each of them he'd siphon off the teeniest amount.
And since no one ever noticed that there'd even been a crime
He stole forty million dollars -- a penny at a time!

Little Janet was only eight but she had her own account
And the seven dollars in it was to her a huge amount.
So the day that penny vanished one unhappy little tot
Screamed, "Hey, what happened to my penny?"
And the teller tried to tell her but could not.

    (Or check the Risks Digest of 3 February 1992)

In other news.... (1)

kungfoolery (1022787) | more than 6 years ago | (#23571735)

Banks:

Stealing from customers one cent at a time.

Re:In other news.... (1)

mikael (484) | more than 6 years ago | (#23572165)

Daylight robbery with a smile :)

How many bank accounts did he have? (5, Interesting)

gozu (541069) | more than 6 years ago | (#23571781)

I don't understand how he managed to do this. He can't use 50,000 bank accounts. There aren't 50,000 payment services. So why would any of them send a few cents to the same bank account more than once?

Can anyone explain this to me? It makes no sense at all.

Re:How many bank accounts did he have? (1)

PrescriptionWarning (932687) | more than 6 years ago | (#23571873)

According to the story, the attacker wrote a script that opened thousands of accounts at dozens of these providers.


i think it also implies he created thousands of accounts at paypal/google checkout also and had each of them create new accounts at the broker firms that paid out the pocket change.

Re:How many bank accounts did he have? (4, Funny)

saddino (183491) | more than 6 years ago | (#23572197)

It makes no sense at all.

It sounds like it made a lot of cents.

Re:How many bank accounts did he have? (0)

Anonymous Coward | more than 6 years ago | (#23572215)

I don't understand how he managed to do this. He can't use 50,000 bank accounts. There aren't 50,000 payment services. So why would any of them send a few cents to the same bank account more than once?

Can anyone explain this to me? It makes no sense at all.
I realize slashdotters cannot ever RTFA but at least RTFS "the attacker wrote a script that opened thousands of accounts"

Did you just read the first sentence of the summary and then make up the rest?

Re:How many bank accounts did he have? (0)

Anonymous Coward | more than 6 years ago | (#23572251)

clearly nobody in these institutions thought it would be a problem, otherwise they would've coded for it.

Considering I once thought of doing such a thing (but not having the programming skillz to do it), they really should have thought of it, or at least coded for it, even if it wasnt 'high risk'. Thats just the problem with companies. Risk/pay off/cost assessment by bean counters is usually moronic.

I could tell you about the time I worked for a software company and someone found a show stopper bug they let through because they didnt feel it was important enough and how it bit the company in the ass, but there are plenty of those examples out there...

So ... (1)

goose-incarnated (1145029) | more than 6 years ago | (#23571815)

... does he have a script to return the money?

Tagged: (1)

CompMD (522020) | more than 6 years ago | (#23571827)

penniesforeveryone

Re:Tagged: (1)

FiloEleven (602040) | more than 6 years ago | (#23572331)

penniesfromheaven
 
/obscure?

I wonder (4, Funny)

elrous0 (869638) | more than 6 years ago | (#23571849)

How many hours of community service do you get for 58,000 counts of petty theft?

C'mon now (2, Insightful)

willyhill (965620) | more than 6 years ago | (#23571863)

You absolutely have to tip your hat at this guy. I'm not sure if I feel bad for the financial institutions "bilked" by him (I'm sure they'll recover the money from insurance) or their CEOs that make millions while the stocks underperform, but I feel bad for him. After all he's just playing the system they set up to begin with.

It's obvious he knew exactly what he was doing, and he knew it was wrong. But you have to acknowledge the inventiveness and sheer perseverance.

Only a few personal bank accounts! (0)

Anonymous Coward | more than 6 years ago | (#23571879)

Clearly No QA process to check repeated micropayments to the same bank account number.

Or perhaps this is how he got caught?

The financial industry has such a thin veneer of sophistication.

what's really stupid about this... (0)

Anonymous Coward | more than 6 years ago | (#23571981)

...where the heck are the captcha's?... if there was a solid use of captcha's on the sign-ups, it would take a serious amount of processing to ding through each sign-up. Certainly would take more than "scripts".

Dang, I had to even confirm a captcha just to post this stupid message!

PayPal is a bank? (0)

Anonymous Coward | more than 6 years ago | (#23572113)

PayPal is called a 'bank' now?

Milton (0)

Anonymous Coward | more than 6 years ago | (#23572363)

He should have burned down the interweb!

What to take away... (1)

brickler (1097627) | more than 6 years ago | (#23572375)

What I find interesting about this is that none of the other institutions noticed they were depositing all those separate pennies into the same account. I would think they would have safe guards that would come up and say, hey we already have made a deposit to that account; but, based on the article it was his bank that noticed....
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...