[bhavin]

One would wonder if there were any code reviews in place or not? Any code that has monetary effects has to go through a series of code reviews (saying from my experience working with a client in banking industry) and tests. I would be curious as to how the 'bug' went undetected until deployment!

[bdunbar]

Any code that has monetary effects has to go through a series of code reviews

The article reported that he installed malware on select ATMs.

I acknowledge that this leaves a great deal to the imagination, but one suspects a code review would not catch the problem. The code was clean, the implementation on certain machines went awry.

[smackfu]

Ideally, any software that runs on the system would be digitally signed by the development shop, after their code review process. Otherwise anyone with direct physical access to the hardware (or to the distribution system for code updates) could add malware like this guy did.

[AndyKelley]

In other words, he did some kind of internal hacking to install his code - illegally bypassing the code review process.

[bdunbar]

Maybe? I can only speculate that the hack wasn't in the code at all, but something he installed on the individual ATM.

"Oh, look: you can login to the ATM after installing the code. Hey what if I ..."

If so he didn't bypass the code review so much as skip around it, whistling a jaunty 'nope nothing illegal here' tune.