SoylentNews is people
SoylentNews
USA Today has a story about a New Jersey couple who allegedly used a glitch in Lowes website to steal merchandise.
A New Jersey couple used a website glitch to try and get more than $258,000 worth of goods — everything from a gazebo to an air conditioner to a stainless steel grill — for free from a home improvement store, authorities said.
Ultimately, the couple was only able to secure nearly $13,000 worth of merchandise from Lowe's after exploiting "weaknesses" in the company's website to have the items shipped to their home in Brick for free, according to a release from the Ocean County Prosecutor's Office.
Romela Velazquez, 24, was arrested and charged with theft by deception and computer criminal activity for accessing a computer system with the purpose to defraud. She attempted to get about $258,068 worth of unpaid merchandise from Lowe's, according to the release.
She actually received about $12,971 in stolen products, according to the release.
Her husband, Kimy Velazquez, 40, was charged with third-degree receipt of stolen property and fencing for his role in the alleged scheme.
The couple tried to sell some of the products on a local Facebook "buy and sell" group for half of the original sale price, listing the products as "new in box," authorities said.
According to an article on NJ.com, an attorney for the couple has stated that Velazquez is just an expert shopper, not a criminal hacker.
Jef Henninger, an attorney for Romela Velazquez, said his client is "the farthest thing from a computer hacker."
"Like many young mothers, she needs to stretch every dollar she can," Henninger said in a statement. "As a result, she has learned to spot good deals. These are the same deals that any of us can take advantage of, but most of us are too busy to learn how to spot them.
"Buying things at a big discount and selling them is not illegal. As a result, she maintains her innocence (and) looks forward to her day in court."
As far as I have been able to find, no technical details about the hack have been released.
One of the more interesting details that I did see was
Lowe's, makers of Ugg shoes and Victoria's Secret have been identified as victims so far – but many more retailers were also ripped off and will eventually be identified, officials said.
Who knew?
Additional coverage at the New York Post and BleepingComputer.
(Score: 1) by khallow on Tuesday August 22 2017, @01:54AM (19 children)
Why the expectation that the web site operates flawlessly?
Further, what is the price offered for unpaid merchandise? Why should there be an expectation that a business is going to legitimately negotiate their products down to free for the taking?
(Score: 0) by Anonymous Coward on Tuesday August 22 2017, @03:00AM (1 child)
Because the cost to give you free shipping may be less than the cost to have the merchandise disposed. Should we pay someone to get rid of this office furnature or set the price to $1.00 or $0.00 and have customers carry it away for free? I've rang up an on sale item that was an in store display, and after the $20.00 off MFG coupon I ended up paying the customer to take the item. The MFG coupon will be reimbursed.
Your black and white view of economics is so mentally deficient you need to check yourself back into elementary school.
(Score: 2, Insightful) by khallow on Tuesday August 22 2017, @12:29PM
But that's not the case here.
We're not speaking of economics here. We're speaking of someone who found a trick for getting a quarter of a million dollars in merchandise for free and is claiming as their defense that they thought it was legitimate. Where is the expectation here that a business will legitimate give away that quantity of merchandise for free no matter the supposed economic reason when they weren't prior? Especially when the person then turns around and sells the merchandise for a significant fraction of its original price?
(Score: 5, Insightful) by Justin Case on Tuesday August 22 2017, @03:14AM (4 children)
Why the expectation that an employee operates flawlessly?
A business is usually liable for the mistakes of its employees, even if the employee fails to follow instructions. Here, the web site is following the instructions given to it by the business.
(Score: 1) by khallow on Tuesday August 22 2017, @12:35PM (3 children)
There is no such expectation of that either. And there have been times when large mistakes by employees have been reversed rather than honored (for example, mistyped refunds).
Sorry, I don't think this story would turn out different if it were an employee who mistakenly gave this person $250k in merchandise rather than a website.
(Score: 2) by Justin Case on Tuesday August 22 2017, @01:46PM (2 children)
What if the clearly written company policy said "If a customer walks in the door wearing a tinfoil hat, their purchases are free"? What if the employee and the customer can produce that written policy in court as part of the customer's defense?
If the employee follows the written instructions exactly, it isn't an employee mistake. It might be a mistake in the written policy. Responsibility for that would have have to rest on the people who wrote the policy.
The customer would say "Hey, I read your policy. I'm not responsible for your pricing decisions and promotions. You said if I wear a tin foil hat I get free stuff. I acted on that discount you made available. It isn't my fault other customers didn't read the fine print. It surely isn't my fault you didn't read your own fine print.
(Score: 1) by khallow on Wednesday August 23 2017, @06:21AM (1 child)
Feel free to consider whatever you want. But if you want me to consider it, it should have some real world relevance. This scenario has no relevance to the story since as described, it wasn't a policy failure, but bugs in the website.
"IF".
(Score: 2) by Justin Case on Wednesday August 23 2017, @01:30PM
From the perspective of the web server, the site's code is the company policy.
I suspect the web server followed its employer's written instructions exactly. Computers are very good at that.
(Score: 2) by sjames on Tuesday August 22 2017, @05:12AM (8 children)
I see no such expectation. If the company chooses to be represented by an idiot (meat or electronic), that's their issue.
(Score: 1) by khallow on Tuesday August 22 2017, @12:44PM (7 children)
(Score: 2) by Justin Case on Tuesday August 22 2017, @01:30PM (5 children)
Software bugs no longer exist. We are about to trust our lives to self driving cars.
(Score: 2) by Immerman on Tuesday August 22 2017, @04:46PM (2 children)
Not a problem so long as the cars' software is less buggy than most human drivers, which is a relatively low bar to cross.
(Score: 2) by Justin Case on Tuesday August 22 2017, @05:21PM (1 child)
So the amount this couple "stole" from Lowe's should be not a problem, so long as it is less than most thieves usually steal.
On the one hand "web site bugs are so common Lowe's should not be expected to have a bug free site".
On the other hand "self driving car bugs are so rare we can bet our lives on this untested future vaporware".
If we've learned anything from decades of web site developers it is that sloppy code is common, easy to abuse, and never goes away. Yet we have people arguing that incompetence is to be expected, and not a problem, and surely not anyone's responsibility.
(Score: 2) by Immerman on Tuesday August 22 2017, @06:15PM
I was commenting primarily on your implied smearing of self-driving car capabilities - which are not untested vaporware. Tests have been ongoing for years, and even compensating for manufacturer overstatement they're at least getting into the same league as the average (incompetent) human driver.
In a broader context yes, incompetence is *absolutely* to be expected - only gods are infallible... and actually most religious texts make a pretty good argument against even that if you read them carefully - even the Abrahamic ones.
As for responsibility - it's the responsibility of anyone relying on the results of such known-flawed individuals or infrastructure to ensure that adequate safeguards are in place to reduce the risk to acceptable levels. If you're operating a large-scale store I expect there are safeguards to protect against incompetent (or corrupt) human employees - no less should be expected of your expected-flawed software.
The big problem with software is not that it's flawed - that's implied by its very existence. The problem is that it fails *predictably* - which humans (mostly*) don't. Wouldn't be a problem in an "honest" world, but it means that any flaw discovered can potentially be exploited on a large scale by dishonest individuals if sufficient oversight isn't present. Quite similar to the law really, where the wealthy and powerful will predictably exploit any loophole they find (or have intentionally installed) until such time as sufficient public outrage builds around it to get the flaw repaired. In both cases, the key to continued exploitation is to maintain a low enough profile to avoid triggering repairs.
(*Though we do have our weaknesses - most of which are exploited mercilessly by marketing and political campaigns).
(Score: 1) by khallow on Wednesday August 23 2017, @06:23AM (1 child)
Ok. Feel free to get back on subject any time you'd like. Last I checked, web sites were not being managed by self driving cars.
(Score: 2) by Justin Case on Wednesday August 23 2017, @01:37PM
Way to miss the point. I didn't say web sites are being managed by SDCs. They're both being coded by careless quick-to-market fix-it-later-or-never development teams. The difference is sloppy websites sometimes cost the seller (who should therefore have at least a little reason to care) while SDCs will kill innocent bystanders, and so far I have not heard anyone who is going to be held responsible (by the death penalty, preferably) for that.
Here's what I did say... currently just TWO posts above your reply:
(Score: 2) by sjames on Wednesday August 23 2017, @11:54PM
No provision needed. Offer made and accepted. Perhaps it was accepted because the website was the modern electronic version of the village idiot, but that's who/what Lowe's chose to have represent it.
(Score: 2) by urza9814 on Tuesday August 22 2017, @06:54PM (2 children)
Because they agreed to the transaction and because they've empowered that software to make decisions on the company's behalf. If they're afraid of bugs in their site shipping things out for free, they can always code additional layers of validation before the item ships. They can pay a room full of humans to validate every single transaction if that's what it takes. But once they take your money and ship the merchandise, they've agreed to the sale.
If you go into a store and the cashier charges you the wrong price, the store can't arrest you just because their employee screwed up. It's their job to ensure their employees know how to do their job. If they want to use automation to replace those cashiers -- whether it's in store or online -- then that automation ought to be held to the same standard. It's not my job to know the difference between a good deal and a faulty algorithm. It's often not even possible. I can buy a pair of sunglasses for one cent on Amazon while WalMart would charge twenty bucks for an identical pair (identical as far as I can tell from an online photo at least). Seems like a mistake. But they've been on sale at that price for years, people are buying and reviewing them, nobody has removed the listing...so it's probably not a mistake, it's probably cheap Chinese garbage and they're siphoning a profit off the shipping fees or bundled ads or something. So what you're saying is the company can ship those out for years, and then when they start going bankrupt they just threaten to arrest everyone who ever bought a pair unless they pay an additional $20? That's not retail, it's extortion.
(Score: 1) by khallow on Wednesday August 23 2017, @01:29AM (1 child)
They can, if you do it often enough that you get $250k of merchandise that way. This goes way beyond exploiting a single mistake. It's stealing the store blind.
And since we're putting arbitrary words in each others' mouth, what are you really saying? "khallow is quite right and I beg his mercy for having the foolish temerity to question anything he has ever posted." I think it is quite possible that that wasn't what you were saying just like your straw man wasn't what I was saying. A single exploiter who steals a lot of merchandise is not equivalent to selling items to a zillion people at a discount and then attempting to extort considerably more money from them in some ludicrous scheme.
(Score: 2) by urza9814 on Wednesday August 23 2017, @11:37AM
So if instead of one pair of those cheap sunglasses I buy twenty thousand and start selling them for a profit, THEN I may or may not be a criminal depending on whether or not the company later decides that their pricing algorithm was incorrect?