Posted on 02/24/2024 10:39:04 AM PST by nickcarraway
The method employed isn't clear, but the result was a $3 bill for three running cars
Government auctions are a great way to pick up cars on the cheap, but even they have their limits. You might find cars going for just a few hundred dollars, but you’re not likely to find them selling for a single bill — unless, of course, you play a little fast and loose with an online auction like an Oklahoma man did.
Evan James Coker apparently found some flaw in the General Service Administration’s auction page, which allowed him to bid up the price of various auctions but “win” them in the system by paying a single dollar. While he’s pleaded guilty to wire fraud for the endeavor, there’s still a lingering question: How exactly did Coker pull it off?
You Can Buy A Thunderbird, A Governor's Limo, And A Train All From The Same Family's Collection The Minnesota District Attorney’s office gives some detail, seemingly specifying that the caper involved the multiple websites that are used to process GSA auction transactions. From the Minnesota District Attorney:
As part of his scheme, Coker bid in multiple auctions for vehicles and jewelry on the GSA Auctions website. When Coker won a particular auction, he was directed to the pay.gov website to remit payment in the amount of his winning bid. Instead of remitting payment in the amount of his winning bid, Coker breached the pay.gov website and falsified the true auction price to $1.
In total, Coker bid on and won 19 auction items and fraudulently paid just $1 for each item. As a result of his scheme, Coker obtained three vehicles, including a 2010 Ford Escape Hybrid, for which he bid $8,327; a Ford F550 pickup truck, for which he bid $9,000; and a Chevrolet C4500 Box Truck, for which he bid $22,700.
Based on this information, it appears the GSA Auctions site wasn’t actually attacked — instead, Coker found a vulnerability in pay.gov that could be exploited. That second site may act as a payment gateway for government transactions, only telling the merchant (GSA Auctions) whether a transaction was successfully completed or not — not that transaction’s actual value.
The question is how Coker fooled pay.gov into processing a one-dollar transaction when it should’ve been looking for thousands. Folks online have speculated that the method may have been as simple as changing client-side data through the Inspect Element function in a browser, which may be backed up by Coker’s charge of wire fraud. Had Coker actually breached government servers, it would be surprising for him not to be charged with some form of computer trespass or computer fraud.
Whatever vulnerability Coker exploited has likely been patched, so don’t expect to go buying any single-dollar cars any time soon. Just use government auctions the way they’re intended — they’re still your cheapest option.
That’s one way to get a good deal.
He plaid guilty. Did he go to prison? Or just return the vehicles, pay a fine, and some sort of parole or community service?
Paying a buck had to be a giveaway. What if instead he paid a significant fraction of the winning bid?
With the flawed AI, if they insist on using it, companies should be held to its results.
I don’t know how it works, but they do appear to use asset management contractors for some things, like real estate.
To supposedly inhibit corruption.
I attended these a longtime ago-they were managed by a defense contractor and the best stuff is long gone before it reaches the public.
This guy prob could’ve gotten away with this for a while if the cheating was more modest.
Was this a flaw or did he stumble on a feature? I would hope they check employees and their friends recent payments for bids.
A co-worker’s daughter works at one of those payday loan companies. Periodically they auction off the abandoned cars. She can’t see the bid price but can see how many bids were placed on each vehicle. If a decent car has few bidders she passes on the info to my co-worker, who has gotten a couple great deals.
I never heard of anyone who plaid guilty before.
A 2010 Escape hybrid? The city sold some of those a few years ago because they had gone through some part of the hybrid drivetrain multiple times and the parts were no longer available.
Depends on where you make your checks. Coul be a pattern of criminality....
Bkmk
If you read further, it does not sound like he actual breached the site, he just changed the amount paid and their incompetence marked it paid.
It seems to me that he changed the auction amount.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.