What happens when a student sells phone recharges and free cigarettes with hacked cards?

A young college student managed to hack the card system of some restaurants in Singapore to get free food, drinks and cigarettes. According to the participants of information security training, Tee Chin Yue, a student at Nanyang University of Technology, discovered that she could enter the payment systems of some local restaurants, which she repeatedly performed to charge balance apocryphal on four dot cards.

The young hacker reportedly abused weakness in restaurant systems more than 130 times, exchanging the ill-obtained balance to reload SIM cards in exchange for cash.

In the end, Tee was discovered and reported to authorities by the affected restaurants, claiming that the young man’s illicit activities resulted in losses of about $50k USD. The 25-year-old hacker was convicted of electronic fraud under the Singapore Computer Misuse and Cyber Security Act. The sentence on other charges has not yet been revealed.

The defendant is young Malay who obtained a scholarship to study computer engineering in Singapore. Shortly after starting his stay at NTU, he began hacking some dot cards to use the air conditioning of his stay. Subsequently, Tee discovered that he could use a similar exploit to charge balance to the cards in question, report information security training participants.

After realizing that he could use this illegitimate balance to top up a telco’s SIM cards, Tee began offering lower-priced top-ups through the Carousell online marketplace. The hacker would have obtained up to 20 thousand dollars through this platform.

Tee’s illicit activities continued for months, until early 2017 he discovered that the hack was no longer working and the cards had been disabled, so he decided to get rid of the evidence, although it was too late for that. Authorities had already been notified of the fraud, and months later they tracked down the young hacker.

After a long trial, Teen was sentenced to 14 months in prison. Court documents state that the student used the knowledge acquired at the university and in an information security training to carry out the fraud and cover his tracks, although he made some mistakes.

According to the International Institute of Cyber Security (IICS), this type of fraud is punishable by sentences of at least 3 years in prison and fines of about $10,000, although Tee’s sentence will be less severe.