[bdunbar]

Any code that has monetary effects has to go through a series of code reviews

The article reported that he installed malware on select ATMs.

I acknowledge that this leaves a great deal to the imagination, but one suspects a code review would not catch the problem. The code was clean, the implementation on certain machines went awry.

[smackfu]

Ideally, any software that runs on the system would be digitally signed by the development shop, after their code review process. Otherwise anyone with direct physical access to the hardware (or to the distribution system for code updates) could add malware like this guy did.

[AndyKelley]

In other words, he did some kind of internal hacking to install his code - illegally bypassing the code review process.

[bdunbar]

Maybe? I can only speculate that the hack wasn't in the code at all, but something he installed on the individual ATM.

"Oh, look: you can login to the ATM after installing the code. Hey what if I ..."

If so he didn't bypass the code review so much as skip around it, whistling a jaunty 'nope nothing illegal here' tune.