×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Brothers Using Business Logic Attacks Face Jail Time

wiredmikey (1824622) writes | about 2 years ago

Security 0

wiredmikey (1824622) writes "Two brothers who used a combination of fraudulent actions and business logic attacks against Nordstrom’s e-commerce system and defrauded the retail giant out of $1.4 million via commissions and rebates are now facing jail time.

According to court records, the brothers were members of FatWallet.com, an online coupon and shopping site that offers cash back incentives for purchases, and paid cash back rewards to the brothers for purchases on Nordstrom.com.

The brothers found a way to exploit a flaw in Nordstrom’s online ordering system, by placing orders that would ultimately be blocked by Nordstrom, with no merchandise being shipped or charges being made to their credit card. However, Nordstrom continued to compensate FatWallet for the orders, and the brothers received the cash back credit from FatWallet.

While the U.S. Attorney’s office did not provide technical details on how the brothers executed the fraud, business logic attacks like this abuse the functionality of a program, as opposed to an application or server vulnerability which is common for many attacks.

In total, the U.S. Attorney’s office said that from January 2010 through October 2011, the brothers placed a whopping $23 million in fraudulent orders through Nordstrom.com, resulting in Nordstrom paying $1.4 million in rebates and commissions to the fraudsters. More $650,000 in fraudulent cash back payments were made directly to the brothers."

Link to Original Source

0 comment

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...