Please create an account to participate in the Slashdot moderation system


Forgot your password?

Submission + - Brothers Using Business Logic Attacks Face Jail Time (

wiredmikey writes: Two brothers who used a combination of fraudulent actions and business logic attacks against Nordstrom’s e-commerce system and defrauded the retail giant out of $1.4 million via commissions and rebates are now facing jail time.

According to court records, the brothers were members of, an online coupon and shopping site that offers cash back incentives for purchases, and paid cash back rewards to the brothers for purchases on

The brothers found a way to exploit a flaw in Nordstrom’s online ordering system, by placing orders that would ultimately be blocked by Nordstrom, with no merchandise being shipped or charges being made to their credit card. However, Nordstrom continued to compensate FatWallet for the orders, and the brothers received the cash back credit from FatWallet.

While the U.S. Attorney’s office did not provide technical details on how the brothers executed the fraud, business logic attacks like this abuse the functionality of a program, as opposed to an application or server vulnerability which is common for many attacks.

In total, the U.S. Attorney’s office said that from January 2010 through October 2011, the brothers placed a whopping $23 million in fraudulent orders through, resulting in Nordstrom paying $1.4 million in rebates and commissions to the fraudsters. More $650,000 in fraudulent cash back payments were made directly to the brothers.

This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Brothers Using Business Logic Attacks Face Jail Time

Comments Filter:

I've finally learned what "upward compatible" means. It means we get to keep all our old mistakes. -- Dennie van Tassel