Computer programmer steals insignificant interest on savings?
John Churchill
Hawaii (one of the world's largest banks, due to the protection from
stupid
state banking laws) put in some code in the system which would shave off
the fractions of cents from interest computations in time deposits and
be stored in his own account. The accumulation of these cent fractions
accounted for an increase in his account of about $40,000 per month. He
was eventually caught.
I accepted it as true, until much later when I was getting my BBA, and
my instructor told the story (different situation, but fundamentally the
same) while discussing data security.
Anyone know if this is really a legend or did it really happen somewhere?
John Churchill
UT-Austin MBA
Jolyon Silversmith
>Someone told me this story several years ago. A programmer at Bank of
>Hawaii (one of the world's largest banks, due to the protection from
>the fractions of cents from interest computations in time deposits and
>be stored in his own account. The accumulation of these cent fractions
>accounted for an increase in his account of about $40,000 per month. He
>was eventually caught.
I don't know whether it helped create or merely copied this story, but this is
pretty much what Richard Pryor's character did in Superman III. I certainly
hope that the movie wasn't the original source, because that would mean that a
significant number of people actually saw that awful film...
--
Jolyon ("Jol") Silversmith______________________________________________________
Mather House 188 Former Director: Civil Liberties Union of Harvard
Cambridge, MA 02138 Circulation/Publicity Manager: Lighthouse Magazine
silv...@husc.harvard.edu Editor: The Mather Messenger (House Newsletter)
R.X. Getter
This was part of the movie Superman III, where Richard Pryor finds out that
all employees are really paid an exact figure based on how much they worked
and that the extra fractions of cents are just dropped and no one knows
where they go. So he told the computer to give him all the half cents and he
got some $10,000 dollars. Maybe this was based on the UL, but it's also likely
that this was the origin.
Richard N Kitchen
This story was being told many years ago, when I was in the Air Force,
about a programmer at the Air Force Accounting Office in Denver. This
was long before Superman III came out.
Rick "Funny, you don't look a day over 50" Kitchen
--
Rick Kitchen da...@cleveland.freenet.edu
"If you weren't so cute, I'd lose total respect for myself for liking you."
--Eve Saskatchewan, "Black Tie Affair"
DaveHatunen
>
>This story was being told many years ago, when I was in the Air Force,
>about a programmer at the Air Force Accounting Office in Denver. This
>was long before Superman III came out.
And I recollect reading a similar story about a payroll programmer for
some large company. I remember reading about it in either Time or
Newsweek (which I used to subscribe to for a ridiculously low student rate
of about $0.08/issue) back in the late 1950s or early 1960s. I suppose
that should be findable thru the Reader's Guide to Periodical Literature.
--
--------- DAVE HATUNEN (hat...@netcom.com) ----------
----- Daly City California: almost San Francisco -----
Paul Ryan
> Hawaii (one of the world's largest banks...put in some code in the
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
brought in Accountant/Programmer consultants (a *highly* paid job) to
examine the code to make sure this doesn't happen...
Paul Ryan
> Hawaii (one of the world's largest banks...put in some code in the
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
brought in Accountant/Programmer consultants (a *highly* paid job) to
examine the code to make sure this doesn't happen...
The code must not round off interest, but carry it out to ? decimal
points...
Paul
Paul Ryan
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
Paul Ryan
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
Paul Ryan
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
Paul Ryan
> the fractions of cents from interest computations>
I believe the gist of the story is true. I have worked at companies that
Jonathan Papai
>I believe the gist of the story is true.
Alright already. We believe you.
Looks like the Lawson phenomena, without all the work.
Jon "will round for profit" Papai
Jason R. Heimbaugh
>p...@last.pubs.stratus.com (Paul Ryan) writes:
>>I believe the gist of the story is true.
>
>Alright already. We believe you.
I'm sorry I don't, I missed the original post. Could someone repost it?
--
Jason R. Heimbaugh (CatStyle)
j...@uiuc.edu
"If I leave here tomorrow, would you still remember me?" --Ronnie Van Zant
Jonathan Papai
As seen in comp.risks:
....................................................
Date: Fri, 27 Aug 93 16:55:35 BST
From: Kennet...@prg.ox.ac.uk
Subject: Be careful with your test cases!
The Feedback section of the latest New Scientist relates the following
Computer Weekly story about an unfortunate programmer at an unnamed
bank. Apparently, the bank wanted to target its wealthiest customers
with a mailshot promoting various new services and the programmer in
question wrote a program to select the 2000 wealthiest customers from
the bank's records and to generate an appropriate letter for each. In
the process of testing the program, he made use of a fictitious customer
named Rich Bastard.
Unfortunately, as you may already have guessed, something went amiss and
every single one of the bank's 2000 prize customers received a letter
which began "Dear Rich Bastard, ..."
The risks involved? Well, for one thing, the hapless programmer lost
his job over the incident. More generally, I suppose it's just another
example of the way in which the complex interactions amongst program
development, testing, and maintenance can produce unpredicted and
undesirable consequences. The latter analysis is, of course, rather
generous to the programmer.
.............................................................
This reminds me of the post office printing some nasty phrase
on envelopes a couple of years ago.
Jon "Probably some ivy league-educated programmer" Papai
bill nelson
: Someone told me this story several years ago. A programmer at Bank of
: Hawaii (one of the world's largest banks, due to the protection from
: stupid
: state banking laws) put in some code in the system which would shave off
: the fractions of cents from interest computations in time deposits and
: be stored in his own account. The accumulation of these cent fractions
: accounted for an increase in his account of about $40,000 per month. He
: was eventually caught.
I heard this story, way back in the 60s. I suspect that it did occur, once.
These days, banks do not have programming staff who can access and modify
such code. All the staff programmers can do is produce various types of
reports.
Bill
Michael Meissner
| Someone told me this story several years ago. A programmer at Bank of
| Hawaii (one of the world's largest banks, due to the protection from
| stupid
| state banking laws) put in some code in the system which would shave off
| the fractions of cents from interest computations in time deposits and
| be stored in his own account. The accumulation of these cent fractions
| accounted for an increase in his account of about $40,000 per month. He
| was eventually caught.
The name for this particular type of scam is 'salami' (ie, slicing off very
fine slices and getting a huge pile of tiny slices). It probably occurred in
the punch card/tabulating machine era before computers (and possibly even
before then).
--
Michael Meissner email: meis...@osf.org phone: 617-621-8861
Open Software Foundation, 11 Cambridge Center, Cambridge, MA, 02142
Old hackers never die, their bugs just increase.
Terry Chan
->Someone told me this story several years ago. A programmer at Bank of
->Hawaii (one of the world's largest banks, due to the protection from
->state banking laws) put in some code
[...details of "salami" method deleted]
silv...@husc8.harvard.edu (Jolyon Silversmith) writes:
-I don't know whether it helped create or merely copied this story,
-but this is pretty much what Richard Pryor's character did in
-Superman III. I certainly hope that the movie wasn't the original
-source, because that would mean that a significant number of people
-actually saw that awful film...
John, how do you define "one of the world's largest banks?"
As of several years ago, but Bank of Hawaii didn't even crack
the top 20 US banks (I think they were about 27 in terms of
assets). Considering that only a couple (if not one) US bank
occupies a position in the top 20 banks in the world (due in
no small part to exchange rates), I seriously doubt that Bank
of Hawaii is way up there.
The "salami" method of fraud goes back to at least the 1960s,
which probably predates "Superman III" so I doubt that this
is the original of the UL. We've hashed this one over several
times and while there were some leads (and it's been mentioned
in basic books on the audit of computer accounting systems),
no actual incident has come to light. [Though institutions
are reluctant to report such incidents and be identified.]
Terry "But then, we ARE talking about Superman here"
--
Energy and Environment Division | Internet: TWC...@lbl.gov
Lawrence Berkeley Laboratory | "If you don't have a sense of humor,
Berkeley, California USA 94720 | it's not funny." -- Wavy Gravy
Terry Chan
bi...@hpcvaac.cv.hp.com (bill nelson) writes:
-I heard this story, way back in the 60s. I suspect that it did
-occur, once. These days, banks do not have programming staff
-who can access and modify such code. All the staff programmers
-can do is produce various types of reports.
Well, while most banks have been downsizing, quite a few
institutions still have their own programming staff that
do access and modify such code. It's just that it's
imperative that you have internal controls such as different
programmers coding, writing, and updating program code, along
with supposed means of defeating the "rounding" issue by
carrying out calculations to several decimal places.
Terry "You can bank on it" Chan
Ray Depew
It's actually been part of the storyline of several other forgettable
pieces of fiction. It was already an old gag when RP did it.
-- Ray
Bill Welch
> In article <25kcef$d...@geraldo.cc.utexas.edu> John Churchill <bone...@ccwf.cc.utexas.edu> writes:
> >the fractions of cents from interest computations in time deposits and
> >be stored in his own account. The accumulation of these cent fractions
> >accounted for an increase in his account of about $40,000 per month. He
> >was eventually caught.
>
> I don't know whether it helped create or merely copied this story, but this is
> pretty much what Richard Pryor's character did in Superman III. I certainly
> hope that the movie wasn't the original source, because that would mean that a
> significant number of people actually saw that awful film...
Long, long before the Superman movies were made, this was supposed to be
how the first banking computer frauds were carried out. Every time a
transaction was made, the fractions of a penny were creamed off.
--
Bill Welch | "You've tried it? You've tried dog?" She was
bi...@moonmoth.demon.co.uk | shocked. "I was told it was chicken. It tasted a
FidoNet 2:250/414 | lot like chicken." (Noble House, by James Clavell)
Brian Leibowitz
>> Hawaii (one of the world's largest banks...put in some code in the
>system which would shave off
>> the fractions of cents from interest computations>
_Computer Capers_ by Thomas Whiteside has many examples of 'shaving'
programs. It includes the round down in an example of sales commisions.
bml
D.M.Procida
(Paul Ryan) writes:
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
>
>The code must not round off interest, but carry it out to ? decimal
>points...
Shit! What are the odds against eight different guys, all called Paul
Ryan, posting eight identical articles within seconds of each other?
Must be astronomical! If we locked these fellows into a room and gave
them each a typewriter all the trans-finite mathematicians would be
able to do some really useful research on them.
Daniele "Aleph-one Paul Ryans coming up, Professor" Procida
--
The Awkward Moments have recorded 14 of their delicious Modern Rock &
Roll songs on a 45 minute cassette. It's yours for #2.50, inc p&p.
THRILL to exciting stories of revenge! APPLAUD the savage attacks on
apathy and boorishness! CRINGE at the tales of painful social disasters!
Lee Rudolph
>Shit! What are the odds against eight different guys, all called Paul
>Ryan, posting eight identical articles within seconds of each other?
>Must be astronomical! If we locked these fellows into a room and gave
>them each a typewriter all the trans-finite mathematicians would be
>able to do some really useful research on them.
>Daniele "Aleph-one Paul Ryans coming up, Professor" Procida
At my site, PaulRyan_1 wrote:
>Lines: 10
>
>In article <25kcef$d...@geraldo.cc.utexas.edu> John Churchill
><bone...@ccwf.cc.utexas.edu> writes:
>> ...A programmer at Bank of
>> Hawaii (one of the world's largest banks...put in some code in the
>system which would shave off
>> the fractions of cents from interest computations>
>
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
and PaulRyan_2 wrote:
>Lines: 15
>
>In article <25kcef$d...@geraldo.cc.utexas.edu> John Churchill
><bone...@ccwf.cc.utexas.edu> writes:
>> ...A programmer at Bank of
>> Hawaii (one of the world's largest banks...put in some code in the
>system which would shave off
>> the fractions of cents from interest computations>
>
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
>
>The code must not round off interest, but carry it out to ? decimal
>points...
and PaulRyan_n, 2<n<MAXINT+1 wrote
>Lines: 14
>
>In article <25kcef$d...@geraldo.cc.utexas.edu> John Churchill
><bone...@ccwf.cc.utexas.edu> writes:
>> ...A programmer at ...put in some code in the system which would shave
>off
>> the fractions of cents from interest computations>
>
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
>
>The code must not round off interest, but carry it out to ? decimal
>points...
Shit! What are the odds against eight different guys, all called Paul
Ryan, posting eight subtly different articles within seconds of each other?
Must be astronomical! If we locked these fellows into a room and gave
them each a typewriter all the philosophers who study the logic of identity
would be able to do some really useful research on them.
Lee "you are in a maze of small, twisty newsgroups, all alike" Rudolph
Alan J Rosenthal
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
Again, this is only evidence that people believe the story, and does not bear
on the story itself.
Terry Chan
-_Computer Capers_ by Thomas Whiteside has many examples of 'shaving'
-programs. It includes the round down in an example of sales commisions.
Sounds good, Brian. Do you know if they actually mention
any documented cases or are these just examples?
Terry "Purely for academic interest, of course" Chan
Brian Leibowitz
>b...@netcom.com (Brian Leibowitz) writes:
> -_Computer Capers_ by Thomas Whiteside has many examples of 'shaving'
> -programs. It includes the round down in an example of sales commisions.
>
>Sounds good, Brian. Do you know if they actually mention
>any documented cases or are these just examples?
>
>Terry "Purely for academic interest, of course" Chan
He does not specify the companies involved. The source he cites is
Donn B. Parker.
Crime By Computer, New York, Scribner, 1976
and
"A Look at Computer Fraud and Embezzlement in Banking" _Bank Administration_
May 1976
He also refers to being told of cases by Parker, so these articles may
not include as much as is in the Whiteside book.
I'll see if my library can get these for me.
Brian "someone is stealing a bite from every posting and depositing them
in their own account." Leibowit
Drew Lawson
p...@last.pubs.stratus.com (Paul Ryan) writes:
>I believe the gist of the story is true. I have worked at companies that
>brought in Accountant/Programmer consultants (a *highly* paid job) to
>examine the code to make sure this doesn't happen...
I believe you. You must work with bean counters if you file six copies
of everything.
Drew "or he's a civil servant" Lawson
--
Drew Lawson | Your future is managed / and your freedom's a joke
law...@acuson.com | You don't know the difference / as you put on the yoke
Drew Lawson
PA...@kcgl1.eng.ohio-state.edu (Jonathan Papai) writes:
>Looks like the Lawson phenomena, without all the work.
Who said it took work?
Drew "bot bot bot
bot bot I am" Lawson
Drew Lawson
>It's just that it's
>imperative that you have internal controls such as different
>programmers coding, writing, and updating program code, along
>with supposed means of defeating the "rounding" issue by
>carrying out calculations to several decimal places.
I wasn't going to post on this one, but here I go.
Why wasn't I going to post? Because I got tired of this one years
before I got to AFU, even before I heard of Urban Legends.
This was given as an example in a class long ago as an example of the
great computer crime which didn't happen.
I'm not saying that computers cannot be used to imbezle(sp?). I am
addressing the version in Superman III, The Great Half-Cent Theft.
This particular form of the Salami Scam involves shaving off all the
fractional bits of interest and putting them in a special account. The
legend holds that this isn't noticed. This view arises from an
incorrect view of financial systems.
For example, your account is entitled to $1.023 in interest. You get
$1.02. The uninitiated thinks that $0.003 is just "floating" around
lost. In actuality, it isn't lost because it never existed. Common
folk see savings holdings of $NN Million, at a rate of nn%, and think
that the bank _expects_ to pay out the product of those two numbers.
In fact, accounting (bean counter) systems took this into account long
becore computers were used (back when embezling was easier). The bank
expexts to pay out
sum(trunc(balance[i] * rate))
If they actually pay out
sum(balance[i]) * rate
someone will notice _very_quickly.
In accounting systems, each of these interest payments is recorded
separately.
Drew "guess how many fractional cents are in the bottle" Lawson
YuNoHoo
|> b...@netcom.com (Brian Leibowitz) writes:
|> -_Computer Capers_ by Thomas Whiteside has many examples of 'shaving'
|> -programs. It includes the round down in an example of sales commisions.
|>
|> Sounds good, Brian. Do you know if they actually mention
|> any documented cases or are these just examples?
Oh dear, I think Mark Twain said something about people
talking about books they didn't read. Anyway, Whiteside's
book tells many stories about shaving small amounts off
something, but there's nothing but an _explicit_ "it could
have happened" when it comes to shaving fractions of a
cent. However, some books refer to Whiteside giving the
impression that there's at least one documented case of
the shaving-fractions-of-a-cent fraud.
Anyway, shouldn't the correct smallest amount used in
accounting be a tenth of a cent in the US. I believe
my British bank counts my money down to a tenth of a
penny.
---
YuNoHoo "just small, used notes please"
Brian Leibowitz
>This particular form of the Salami Scam involves shaving off all the
>fractional bits of interest and putting them in a special account. The
>legend holds that this isn't noticed. This view arises from an
>incorrect view of financial systems.
>
>For example, your account is entitled to $1.023 in interest. You get
>$1.02. The uninitiated thinks that $0.003 is just "floating" around
>lost. In actuality, it isn't lost because it never existed. Common
>folk see savings holdings of $NN Million, at a rate of nn%, and think
>that the bank _expects_ to pay out the product of those two numbers.
>
>In fact, accounting (bean counter) systems took this into account long
>becore computers were used (back when embezling was easier). The bank
>expexts to pay out
> sum(trunc(balance[i] * rate))
>
>If they actually pay out
> sum(balance[i]) * rate
>someone will notice _very_quickly.
>
>In accounting systems, each of these interest payments is recorded
>separately.
I was told the same by two different friends who have programmed for
banks. (although a thief could take this into account.)
I was also told that bank employees are forced to take vacations and
when they do, a certain amount must be continuous. This is so that
any irregularities will have a period of "normal" activity that would
indicate a problem. Also, it means that other employees will be working
on the accounts/programs/files and have a chance to find any evidence
of embezzling. An employee who does not want to take vacations is
suspect.
The Whiteside book does list other salami scams with names of companies,
people and prosecutors. These are manipulating inventory and diverting
products to themselves. he lists cases with Exxon, Pacific Telephone &
Telegraph, and Penn Central Railroad (stealing rail cars).
Brian "but I love my job and I'm bored with that old yacht" Leibowitz
Terry Chan
Leibowitz) writes:
-I was also told that bank employees are forced to take vacations and
-when they do, a certain amount must be continuous. This is so that
-any irregularities will have a period of "normal" activity that would
-indicate a problem. Also, it means that other employees will be working
-on the accounts/programs/files and have a chance to find any evidence
-of embezzling. An employee who does not want to take vacations is
-suspect.
The enforced taking of vacations (or more importantly, the
interruption of work at fixed intervals) is an old internal
control. The idea is that most types of fraud will not be
successful without the constant presence of someone who is
able to circumvent the other internal controls. Hence
removing that individual will allow other automated or human
controls to uncover any problems.
While many organizations use this method, a number of banks
have begun to move away from such a policy, believing that
the other controls in place allow them to have a more flexible
policy for their employees.
Terry "I have six weeks of vacation, but there's nothing worthwile here" Chan
Tony Lezard
>Anyway, shouldn't the correct smallest amount used in
>accounting be a tenth of a cent in the US. I believe
>my British bank counts my money down to a tenth of a
>penny.
Standard accounting and banking practice (as well as what we implement
in the accounting package we write at Mantis) is to keep four digits to
the right of the decimal point (hundredths of a penny).
--
Tony Lezard
to...@mantis.co.uk
"Just my 0.0002 pence worth"
YuNoHoo
|> In article <1993Aug31.1...@nntp.nta.no>, YuNoHoo <st...@nta.no> wrote:
|> >Anyway, shouldn't the correct smallest amount used in
|> >accounting be a tenth of a cent in the US. I believe
|> >my British bank counts my money down to a tenth of a
|> >penny.
|>
|> Standard accounting and banking practice (as well as what we implement
|> in the accounting package we write at Mantis) is to keep four digits to
|> the right of the decimal point (hundredths of a penny).
Well then, correction, my British bank may be counting it's
money down to 1/100 penny, but they only tell me the tenths.
---
YuNoHoo "and, the branch manager pockets 5/100 penny every now and then?"
Ray Rose
John Churchill <bone...@ccwf.cc.utexas.edu> writes:
>Someone told me this story several years ago. A programmer at Bank of
>Hawaii (one of the world's largest banks, due to the protection from
>state banking laws) put in some code in the system which would shave off
>the fractions of cents from interest computations in time deposits and
>be stored in his own account. The accumulation of these cent fractions
>accounted for an increase in his account of about $40,000 per month. He
>was eventually caught.
A variation of this one made the rounds in IBM several years ago, and may
still be resurfacing today. Non-exempt employees (those who get overtime
pay) would get a paycheck every week for their overtime, with a flat
percentage withheld that was supposed to be approximately what they would
owe on their actual tax withholding. Then, when their semi-monthly paycheck
arrived, any overtime money earned during that pay period was added to their
gross, taxes were calculated and withheld on it, and the actual overtime
check amount was subtracted as an advance. But for the last week or two of
the year, the overtime checks weren't issued until after the semi-monthly
salary checks were printed. So there was a sort of imaginary 25'th pay
period in which the employee earned no salary, but the taxes were figured
on the overtime and possibly a small amount was paid.
A lot of people didn't understand the purpose of this check and they
thought it was an accumulation of all the odd fractions of cents that
had been rounded off during the year. The story was that "A couple years
ago when no one got those year-end checks, it was because a payroll
programmer had siphoned off all those fractional amounts into his own
account, and he was subsequently caught and fired." These checks were
always very small, so no one could really remember whether they had indeed
gotten checks a couple years ago. No one could remember the name of the
payroll programmer either. The whole thing sounded like IBM UL.
Ray Rose