Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

+ - Brothers Using Business Logic Attacks Face Jail Time->

Submitted by wiredmikey
wiredmikey (1824622) writes "Two brothers who used a combination of fraudulent actions and business logic attacks against Nordstrom’s e-commerce system and defrauded the retail giant out of $1.4 million via commissions and rebates are now facing jail time.

According to court records, the brothers were members of FatWallet.com, an online coupon and shopping site that offers cash back incentives for purchases, and paid cash back rewards to the brothers for purchases on Nordstrom.com.

The brothers found a way to exploit a flaw in Nordstrom’s online ordering system, by placing orders that would ultimately be blocked by Nordstrom, with no merchandise being shipped or charges being made to their credit card. However, Nordstrom continued to compensate FatWallet for the orders, and the brothers received the cash back credit from FatWallet.

While the U.S. Attorney’s office did not provide technical details on how the brothers executed the fraud, business logic attacks like this abuse the functionality of a program, as opposed to an application or server vulnerability which is common for many attacks.

In total, the U.S. Attorney’s office said that from January 2010 through October 2011, the brothers placed a whopping $23 million in fraudulent orders through Nordstrom.com, resulting in Nordstrom paying $1.4 million in rebates and commissions to the fraudsters. More $650,000 in fraudulent cash back payments were made directly to the brothers."

Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Brothers Using Business Logic Attacks Face Jail Time

Comments Filter:

Life is a whim of several billion cells to be you for a while.

Working...