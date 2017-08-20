Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Bug In Lowe's Site Sold Goods For Free. Couple Arrested For Exploiting It (bleepingcomputer.com) 58

Posted by EditorDavid from the fleecing-the-Fortune-500 dept.
An anonymous reader writes: A couple from the Brick Township in New Jersey stands accused of using a flaw in the Lowes online portal to receive goods for free at their home. According to the Ocean County Prosecutor's Office, the couple tried to steal goods worth $258,068.01, but only managed to receive approximately $12,971.23 worth of merchandise. Officers executing a search warrant said the residence resembled "more of a warehouse than a home." Investigators said they recovered enough merchandise to fill an 18-foot trailer. Most items were in their original packaging and still had their price tags. Police say one of the suspects posted ads for some of the stolen goods on a Facebook group used to buy and sell used objects. The suspect was selling most of the items at half the price offered on the Lowes website. Authorities did not provide in-depth technical details but revealed the flaw resided in the site's gift card module.
One of the suspects' lawyer argued that his client didn't have the skills to penetrate the security on the web site of a Fortune 500 company -- and insisted instead that his client just had a really special knack for finding good deals.

  • Where are the security trolls? (Score:4, Insightful)

    by ScentCone ( 795499 ) on Sunday August 20, 2017 @05:42PM (#55053667)
    I clicked to read more so I could see how many people would be saying that it's not really theft if Lowes didn't prevent it from happening. You know, like if a shoplifter walks out of their store with a $20 impact socket in their pocket, and Lowes didn't notice him doing that, then it's totally Lowes' fault that he stole that.
    • More like if Lowes self checkout station set the price on some goods at $0 if they were scanned upside-down, and people just checked out and left. And then got arrested.

      • Re:Where are the security trolls? (Score:4, Informative)

        by JaredOfEuropa ( 526365 ) on Sunday August 20, 2017 @06:07PM (#55053773) Journal
        This is more like those people hearing about that trick (or maybe finding out themselves), then making sure they scanned every item upside down. It's similar to incorrectly priced items, and over here (NL) the law is sort of clear on that. If an item is priced too low by accident (or rung up incorrectly at the register), the customer gets to keep the purchase at the lower price... unless there is a "clearly apparent mistake". A €1000 TV priced at €800 would not be a clear mistake; a €200 discount would be a really good one, but plausible. That same TV priced at €100 is clearly a mistake though. Same as someone who manages to order over $18.000 worth of goods on a $20 gift gard because of a flaw in the system. Even if it is clear that the system was at fault and that no exploit was used, that person would not get to keep the goods over here. How does that work in the States?

        • Even if it is clear that the system was at fault and that no exploit was used, that person would not get to keep the goods over here.

          But would they be charged with a crime?

          • Nevermind that, would the stuff even blend?

          • I've no idea, honestly. A lot depends on the exploit they used, how well they cooperate once caught... In this case the fact that they went all out and put a bunch of their ill gotten items up for sale doesn't speak well of their intent. My guess is yes, they would be charged. But if you get a €20 card and use it to order €100 worth of stuff and kept all of it for yourself, I doubt there'd be any charges.

      • Re: (Score:1)

        by Anonymous Coward

        If you picked up a couple of goods like that in a basket, I'd call the arrest unreasonable.

        If you went back and picked up an entire trailerload of those goods and only those goods, and walked out without paying a cent, I'd say at that point you should have realized something was wrong, and now we've got clear evidence of malicious intent.

    • Re: (Score:3)

      by sjames ( 1099 )

      Don't be silly. This wasn't just Lowe's not noticing some stealthy action, this was Lowe's willingly packing up and shopping the goods to the couple after receiving no money.

      Given the volume and value of the goods, I find it hard to believe that the couple had no idea it wasn't just a really good deal, but I can somewhat see why they might not have fully realized it was a crime.

      Hopefully, they will be required to return the goods and receive a non-custodial sentence and a stern warning.

      • Lowes packed up their order and had it delivered to their house! There should be like 3 computer functions that mitigate that risk and oh, a dozen PHYSICAL ACTS that should have stopped it.

        Lowes is just full of fail on this one.

      • Given the volume and value of the goods, I find it hard to believe that the couple had no idea it wasn't just a really good deal, but I can somewhat see why they might not have fully realized it was a crime.

        Well, unless they were under the impression the gift-card-that-kept-on-giving was a magical talisman, I'd have to lean towards some malfeasance. For certain, their story won't be retold on an episode of Criminal Masterminds... they apparently had the purchases sent to their home and were reselling them on the Facebook

  • >insisted instead that his client just had a really special knack for finding good deals.

    Right, nothing beats a five-finger discount for a "good deal", and add free shipping to boot - priceless!

    • Have you seen any of those coupon shopping reality TV garbage shows? Its perfectly plausible to buy $500 worth of random clearance crap with $10 and a binder of coupons.

  • Lowe's Fault (Score:1)

    by Anonymous Coward

    They authorized the purchases. Sucks for them their system doesn't detect huge discrepancies.

    • Well it would be one them if it was a small purchase maybe few hundred 100$. When its 10k+ or 250grand that the couple tried to charge it becomes fraud since its a flaw they knew was a flaw and exploited.
  • What aisle of Lowe's do they sell that?
  • Many years ago I bought my current desk from the OfficeMax store for $55. Several months later I got an OfficeMax coupon for $50 off ANY desk with no other restrictions listed. So I went back to the store, pulled the desk off the shelf, and presented the coupon to the cashier clerk. The register refused to accept the coupon. When the manager came over, I pointed out the word "ANY" on the coupon, and he overrode the register. I got a $55 desk for $5 plus tax. Later on I got another $50 coupon without the wor

    • Why do you need two desks?

      • Re: (Score:2)

        by creimer ( 824291 )

        Why do you need two desks?

        One desk for my laptop, file server and 23" monitor, the other desk for my video editing PC, Red Hat Linux PC, and 23" monitor. I also have folding table to store my electronic parts, soldering irons and testing equipment.

    • About 15 years ago when I moved and signed up with Comcast for a cable modem (they were the only high speed choice there - too far for DSL), the lady tried to upsell me by adding a TV package. She said If I bundled the two I would get a $15 discount. and mentioned various TV packages from $40 to over $100. I asked if there was anything cheaper since I had heard about a basic "must carry" level, and she admitted it existed and was $8. I confirmed with her that by signing up for a $8 basic TV package, I would

  • Lol... Isn't like the FIRST FUCKING RULE of software development, "Don't migrate to production until it passes ALL QA tests. And if their QA tests left a hole like this open, time to hire a new QA manager!

    (Lowes, contact me and I'll send a resume )

  • When a consumer exploits a bug in the system, they get arrested. When a corporation or rich person exploits a bug in the system, it's called, "smart tax planning".

  • His Ethics are better than most Pharmaceutical Companies. In fact they will probably incorporate this in a reverse method to use on customers.IE: Kroger ran an add for 5 dollars of any Seafood purchase. But in fine print so small you could not read it, it said you must purchase 15 dollars worth of food. I found this out in the checkout line with 5 people behind me.The cashier said I could go back and get more seafood to make it 15 dollars.I could see the 5 shoppers in line behind me wanting to burn me at t

