UK hacker exploits online bank loophole to steal £100,000

A UK hacker has been jailed for stealing almost £100,000 from a bank by exploiting a bug in the bank’s online banking system.

James Ejankowski, who’s 24, defrauded Clydesdale and Yorkshire Banking Group of more than £99,000 in December 2016.

He spent the money on a BMW, a Range Rover and tattoos for his face.

He lied to his family that he had won the money on a scratchcard, according to the prosecutor.

Ejankowski discovered that if he used the Clydesdale Bank’s online banking software to transfer notional funds between his current account and his savings account between midnight and 01:00, the transaction would work and the bank would not find out.

“For one hour there was a credit balance in his account even though he did not have any money,” Prosecutor Shaun Dryden told Teesside Crown Court on Monday, according to the Teesside Evening Gazette.

He used his partner Charlotte Slater’s Natwest account to funnel £53,399. In addition to making purchases for himself, Ejankowski, who is unemployed, also used the money to pay off debts and to give two thousand pounds to his aunt and £1,362 to his father-in-law.

Four weeks after he began stealing the funds, he turned himself in to the police on Boxing Day and made a full admission of guilt, saying he only had £40 left.

Clydesdale Bank has so far been able to recover £34,000.

Ejankowski has been sentenced to 16 months’ imprisonment for fraud. Slater received a suspended sentence over her supporting role in the crime.

Ejankowski was previously convicted in May 2015 for seven offences of fraud over selling items on the internet. He received a community service punishment of 200 hours of unpaid work, which was later replaced by a curfew.

A Clydesdale Bank spokesperson told the BBC News website: “This was a one-off isolated incident. We take fraud very seriously and note the court’s decision.”