There is no denying that technology plays an important role in our daily lives. However, since no innovation is perfect, this often means that we may encounter technical errors that can leave a lasting impact on the world. Of course, most of these issues are reported and patched in a timely manner, but some vulnerabilities may not be discovered or exploited for ages. So here are ten interesting tales of people exploiting technological loopholes for their own profit.
1 In 2009, two men began exploiting a bug in a video poker game to win thousands of dollars in jackpots.
In 2009, a man named John Kane discovered a software bug in a video poker game. He then contacted a friend, André Nestor, and the two men worked to exploit it. But how can they reliably exploit the bug? They still have to know that. So, they set out to experiment with different combinations of game types, gameplay, and betting levels until they came up with a step-by-step plan that would work every time. They soon discovered that the machines’ “Double Up” feature had a crucial role to play. With this feature on the error works, but with it off it didn’t work.
For a while, the guys managed a series of prizes winning thousands of dollars. But their luck eventually ran out, and on July 3, 2009, suspicions were raised against Kane after he won several prizes in the space of about an hour. Then engineers from the Nevada Gaming Control Board were called in to check the hardware, which led to the discovery of the bug.
Subsequently, Kane and Nestor are arrested for exceeding authorized access to a protected computer and wire fraud. However, according to Kane’s attorney, all the two men did was “simply press a series of buttons that they are legally entitled to push.” In the end, the authorities decided to drop the charges, and both men were released.
2 An Australian man once discovered a bug in an ATM that allowed him to withdraw cash beyond his bank balance.
One night in 2011, an Australian man named Dan Saunders was drinking and decided to transfer $200 AUD from his credit account into his savings. But the ATM he used canceled the transaction and spat out his card. However, he decided to see if he could withdraw the cash from his savings account. Surprisingly, he succeeded, and Saunders stumbled upon an ATM bug that would soon change his life.
As you can see, between the hours of 1 am and 3 am, the ATM will go offline. At this point in time, a glitch in the system allowed Saunders to “create” money by making a simple transfer between his credit and savings accounts.
Within the first few weeks of this discovery, Saunders was able to transfer and “create” A$20,000. But his exploits only escalated. Soon the man was leading a Hollywood-style life filled with private flights, gambling, fine dining, parties, and more. However, it all came to an end in the end, and he was sentenced to a year in jail for defrauding the bank of A$1.6 million (US$1.1 million). Once out of prison, Saunders chose to go back to being a bartender. Today, he is in the process of writing his life story, which is being developed into a movie.
3 In 2011, 24 people walked through the aisles of a supermarket after a computer error accidentally opened the doors without personnel.
In 2011, a computer glitch caused the doors of Hamilton’s Mill Street PAK’nSAVE to open incorrectly in New Zealand with no employees around. Afterwards, about two dozen people wandered the aisles of the supermarket.
Fortunately for the store, almost half of them headed to the self-checkout counter to buy groceries. But this system had a problem. Some products require a staff member to confirm the customer’s age before the self-checkout system can be unlocked. So, when someone did an alcohol wipe, it stopped working. And with no staff around, there was no one to open the system for other customers. Soon the police were alerted to leave the store with “truckloads of groceries”.
At first, the shopkeeper was afraid of losing thousands of dollars in unpaid merchandise. But after reviewing the security tapes, he decided not to take legal action, and hoped that all the media attention would make people pay up. He also said that all money handed in would be sent to the Christchurch earthquake appeal. Interestingly, this incident led to a discussion about human nature, with a professor of religious studies describing it as a “crazy experiment” that explored human morality.
4 Instead of reporting a bug he discovered, a former Microsoft employee decided to exploit it to make millions.
Volodymyr Kvachuk, a Ukrainian citizen living in the United States, started his journey with Microsoft as a contractor. He later became an employee, but in 2018, he was fired after defrauding millions from the tech giant.
As an employee, Kvashuk is tasked with simulating purchases on Microsoft’s online store and reporting any errors in the payment system. To make these purchases, his team was provided with fake credit cards by the company. Of course the system was programmed to know that these purchases were fake. However, there was still a serious flaw that escaped Microsoft’s notice until Kvashuk found it.
He discovered that this bug allowed him to get real 5×5 codes for free every time he tested buying gift cards. But instead of reporting this, he decided to take advantage of it.
At first, Kvashuk only stole small amounts, taking Xbox gift cards from $10 to $100. However, his earnings quickly escalated, and in about seven months, nearly $2.8 million in Bitcoin had been transferred to his investment and bank accounts. In 2020, Kvachuk was sentenced to nine years in prison and to pay approximately $8.3 million in restitution. He may also be deported after his prison term.
5 In 2009, it was reported that some Nokia 1100 models had a firmware flaw that would allow hackers to access people’s one-time passwords.
In 2009, hackers were reported to have purchased certain models of Nokia 1100 phones for huge sums of money. Some of these products have even sold for upwards of $30,000. Now, you’re probably thinking, “Sure, to pay that much money for this phone, something fishy must be going on,” right? And you will be correct! As it turned out, Nokia 1100 phones manufactured at a certain factory in Bochum, Germany supposedly had a firmware defect. This flaw allowed cybercriminals to reprogram phones to receive SMS messages from another person. With this, they gain access to people’s one-time passwords which many banks in Europe use to authorize transactions.
When investigators noticed unusual amounts of the device being purchased, they contacted a fraud investigation company called Ultrascan. The company then obtained the hacking software from its network of whistleblowers and successfully reprogrammed one of the Nokia phones to receive a one-time password. Ultrascan was only able to reprogram the phone once, but the company said it plans to run tests to see if it can be done more frequently. Unfortunately, it was not clear how many Nokia 1100 phones have this defect.
6 In 2007, a woman pleaded guilty to exploiting a bug in a company’s website to scam her out of more than $412,000.
Quantina More Berry once discovered a bug on the home shopping network QVC’s website. She then used this error to her advantage and swindled the company out of more than $412,000. Between March and November 2005, Moore Berry received about a thousand items she had not paid for, including handbags, jewelry, electronics, household items, and more. I placed orders for these items and then promptly canceled them, and got a credit. However, due to a glitch on the company’s website, canceled items are still being delivered. Moore Berry then sold the items on eBay, turning a huge profit.
Unfortunately for her, suspicions quickly grew when two of her customers saw that the items were still in their QVC packaging. Then they called the company and reported the fraud. In 2007, the woman pleaded guilty to wire fraud charges in federal court and was released pending sentencing. She also agreed to return more than $412,000 that she earned from the scam.
7 A blind genius discovered by accident that he could make free phone calls by beeping tones on the phone.
Joseph Carl Engersia Jr., later known as “Joybubbles,” was born on May 25, 1949. At a very young age, he made an accidental discovery that eventually landed him in a pivotal role in the 1970s subculture of “phone letters.” Telephone systems of the time were often controlled by different audio frequencies. Joybubbles, a blind genius with excellent pitch, successfully mimics a voice in the background of a long distance call, and the line is cut. This was because his whistle had precisely matched the 2600 Hz signal that was used to signal the end of a call. Doing so will then leave an open carrier line that one can exploit to make free calls.
By the time Joybubbles was at university, he was calling toll-free or non-working numbers to get to a remote switch point. He can then use the whistles to make another call for free and go anywhere in the phone system. However, his telephone abuse did not go completely unpunished. He was suspended from college and even arrested for his activities, but all of this only led to him being lauded as a cultural icon. In 2007, Joybubbles passed away at the age of 58.
8 In 2019, the trading platform reportedly had a bug that allowed users to trade with an unlimited amount of borrowed cash.
In 2019, it was reported that there was a problem with Robinhood Markets, Inc.’s trading system. This bug created an “infinite money cheat code” that allowed users to trade with an unlimited amount of borrowed cash. The flaw was first discovered by Reddit users on the “r/WallStreetBets” forum. One of the posts there even showed a user exploiting the flaw to turn a $4,000 stake into a $1 million position.
To make the unauthorized trade work, users who pay a premium for Robinhood Gold can sell call options with borrowed money through the system. Robinhood then incorrectly adds this to the user’s cash pile, giving them even more capital to trade with. Therefore, the more a user borrows, the more purchasing power the platform will have. It also appears that there is no limit to the amount of this bug that can be exploited. A company spokesperson later stated that Robinhood was aware of the error and was “communicating directly with customers”. Eventually, the company closed the loophole and suspended accounts that were using the bug.
9 An employee of a bookmaker once exploited a glitch that allowed people to bet on past events.
Gavin Thompson was an employee of Coral, a UK-based betting shop chain. In the summer of 2015, it became known that there was a glitch in their computer system that allowed people to bet on events that had already expired. Using his knowledge of the results, he then persuades his friends and clients to place bets on his behalf.
But in January 2016, when a regional risk assessor spotted this flaw, they were able to connect the dots. Then they find several bets that Thompson handled that were placed after the fact. Authorities also revealed that he was earning up to £1,000 per shift by running this scam, earning a total of £40,300 (about $45,000 today). In 2018, Thompson reportedly pleaded guilty to two counts of fraud committed between October 2015 and January 2016.
10 In 2022, DoorDash customers exploited a bug on the company’s website to order free groceries and food.
DoorDash customers found a rare reason to celebrate in 2022 when they discovered a bug on the platform that allowed them to order stuff for free. Using this glitch, people have ordered thousands of dollars’ worth of food and groceries without paying a dime. Given the way we live in a digital age, it was only natural that people would take to social media platforms to discuss this event.
Thus, many of these buyers posted their loot online. Some have also talked about blocking their bank cards to prevent DoorDash from charging them retroactively. However, there were also a few people who simply created pictures about the accident and its possible consequences. A DoorDash spokesperson confirmed the glitch and said the company is actively working to cancel fraudulent orders. The company also said it is trying to ensure that affected merchants receive appropriate compensation.