PayPal Hands Over 1,000 IP Addresses To the FBI

← Back to Stories (view on slashdot.org)

PayPal Hands Over 1,000 IP Addresses To the FBI

Posted by samzenpus on Sunday July 31, 2011 @01:58AM from the naughty-list dept.

tekgoblin writes "PayPal was attacked by Anonymous last year when they had blocked the Wikileaks accounts transactions. Now PayPal has finally come up with enough evidence to strike back at Anonymous with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses left behind when they were attacked by Anonymous."

147 of 214 comments (clear)

Min score:

Reason:

Sort:

oooh 1,000 infected computers by Anonymous Coward · 2011-07-31 02:00 · Score: 1, Insightful

If a single one of those 1,000b addresses belongs to an anonymous member, then I hope anonymous is destroyed.
we gotta have standards
1. Re:oooh 1,000 infected computers by Vahokif · 2011-07-31 02:18 · Score: 3, Informative
  
  Actually they probably are real, since this attack was done with LOIC, a "voluntary botnet".
2. Re:oooh 1,000 infected computers by flimflammer · 2011-07-31 02:32 · Score: 1
  
  Then you better hope Anonymous is destroyed. Raids are more often than not carried out by a bunch of people utilizing a particular program from their home connections.
3. Re:oooh 1,000 infected computers by Anonymous Coward · 2011-07-31 03:00 · Score: 5, Insightful
  
  The problem with this theory is that it's no different, conceptually, from a civil protest of any other sort. The net effect is the same as, say, a venue's ticket sales website going down because too many people are trying to buy the tickets that "just went on sale" for some crazy-popular act (say, if Gaga or *shudder* Bieber were starting a new tour).
  If anything, call it a virtual sit-in. Remember the "Virtual Marches on Washington" a few years back, where people were encouraged to slam emails at their congressmen and tie up the congressional phone banks? SAME THING.
  Voluntary people. Doing voluntary things as a form of protest. 1000 people, in an organized sit-in, could easily shut down business in 10 consumer banks. Those same 1000 people, "virtually", were part of an organized "virtual sit-in" that caused trouble for Paypal because Paypal had done something worth protesting.
4. Re:oooh 1,000 infected computers by Anonymous Coward · 2011-07-31 03:06 · Score: 2, Insightful
  
  Civil protests are protected free speech under the 1st Amendment to US Constitution.
  Denial Of Service attacks are not protected speech and are a violation of Federal law.
  What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
5. Re:oooh 1,000 infected computers by Joce640k · 2011-07-31 03:11 · Score: 1
  
  Not the same thing at all. One is the vendor's own fault for not having enough capacity...
  
  --
  No sig today...
6. Re:oooh 1,000 infected computers by Calos · 2011-07-31 03:16 · Score: 5, Informative
  
  Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
  Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
  DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
  DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
  
  --
  I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
7. Re:oooh 1,000 infected computers by JamesP · 2011-07-31 03:20 · Score: 1
  
  Actually they probably are real, since this attack was done with LOIC, a "voluntary PLEASE SUE ME I don't understand the concept of ip spoofing ".
  fixed that for you
  
  --
  how long until /. fixes commenting on Chrome?
8. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 03:35 · Score: 1
  
  Denial Of Service attacks are not protected speech and are a violation of Federal law.
  Probably, but has that been litigated? If standing in front of a building in protest in a way which prevents entry is free speech, a DoS attack is theoretically free speech as well. The DoS attack here was effectively civilians protesting on behalf of an organization that released large amounts of classified data. But one can also argue that it was civilians providing material support to that an organization that attempted to release classified data (depending on the CiC structure of the botnet).
  It is highly unlikely that a court will support the free speech view, of course--but it is a logically valid interpretation.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
9. Re:oooh 1,000 infected computers by GrumpySteen · 2011-07-31 03:38 · Score: 2
  
  Free speech = picketing in front of a business. Totally protected.
  DoS attacks = blocking a business' entrance and preventing customers from entering. Not protected and very definitely illegal.
10. Re:oooh 1,000 infected computers by bwayne314 · 2011-07-31 03:39 · Score: 1
  
  As much as I don't like it, I have to agree with your logic, it is sabotage. That having been said, politically correct protests and pickets are not exactly possible to do using the tubes. If you chose to picket a brick and mortar store, you would be able to physically interact with people walking in and out, you could be holding signs that they might inadvertently read in passing and maybe change their mind about doing business in the store. You could be chanting some clever slogan about the evilness and corruption that people would be forced to hear, and so on. How would you accomplish this on the internet?
  
  Yes you could start something like www.paypalsucks.com ... That site has been around a few years, and has it made a difference?
  
  If I was said customer, how would you get your message to me about the evil of paypal if I type paypal.com into the URL bar and go directly to their site?
  
  Now, if there was a way to set up a legal virtual picket, I would be all for it. Something like, briefly redirecting users to a page with protest signs or whatnot. But then guess what, every single site would get "picketed" by somone or other.
11. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 03:45 · Score: 5, Insightful
  
  Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
  Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
  DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
  DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
  I am not sure, on the sit-ins and pickets. I would not think a sit-in can disrupt operations, since it's on private property, and it's not like they're discriminating against you based on your race or gender. A picket line might be different--if someone touches you to move you out of the way, that's a tort and a crime. But it may also be a tort and/or crime for you to physically bar their entry. (And disobeying a lawfully given police order is also a crime usually, but I'm not sure how the first amendment interacts with that in orders to disperse, etc...)
  A DDoS is not sabotage--sabotage implied some kind of surreptitious damage to a machine, to equipment, etc... and a DDoS attack damages the bottom line, but not equipment. The UPS metaphor is close, although again, you're not sneaking in--you come in through the front door, the way everyone else does, you just behave differently. It's kind of like a flash-mob that doesn't steal anything, but is filling the store and and nobody else can get in.
  The only real difference--and it is a big one--is that for a DDoS, there is no real way to tell someone to leave.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
12. Re:oooh 1,000 infected computers by Moryath · 2011-07-31 03:51 · Score: 5, Interesting
  
  By that logic, citizens who protested against Gitmo were "providing material support" to the supposed terrorists held there.
  This is where the law has become completely goddamn stupid. A protest is a protest. If it becomes violent, and that means PHYSICALLY VIOLENT, then it's a problem. Shy of that, it's just a protest and protected under the Constitutional right to peaceably assemble.
  Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
13. Re:oooh 1,000 infected computers by Moryath · 2011-07-31 03:57 · Score: 4, Informative
  
  Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
  Depends on your location. Any such laws are local, not federal, in nature and probably won't stand up to constitutional scrutiny, especially since such laws were uniformly used to harass civil rights protesters in the 1950s and 1960s.
  Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
  No, the purpose of any such protest is to disrupt the business conditions of the business/person you are protesting. As you said yourself: "Attempt to dissuade people from working or doing business with." If they physically can't get to the store because there are too many people present already, that's that.
  Lunch counter sit-ins, for example, filled the restaurant with people that the racist restaurant owners refused to serve, leaving no seats for the "desired customers."
  DDoS is nothing like that. It directly impedes business, it directly impedes customers. ... DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge.
  Given that your entire premise has just been proven false, the rest of your rant is meaningless. There were a lot of angry Southerner KKK members who were angry about the fact that a group of protesters were "directly impeding customers" at the lunch counter sit-ins, too. A lot of people who were "frustrated" and not "let handle their affairs" in other sit-ins throughout the years, including recently when the Republicans were raping the public sector and protesters staged sit-ins at several state capitals.
  No permanent physical damage done, but disrupts business...
  That's the exact purpose of a peaceful protest. To not do permanent physical damage, but cause enough disruption that your demands are acceded to.
14. Re:oooh 1,000 infected computers by Anonymous Coward · 2011-07-31 04:55 · Score: 3, Insightful
  
  Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
  It's a question of scale, though. One of the reasons sitting on the street in front of a store is a legal way of protesting is that you only have your own one body to work with. You can protest, but you can't single-handedly block access completely unless others (who're making their own decisions) work together with you.
  In denial-of-service terms, this would be more akin to repeatedly hitting F5 in your browser to reload the page. If you do that by hand, you should be golden: it's pretty much the same as sitting on the street in front of a store.
  Using an automated tool to use your entire available bandwidth (which may be significant these days) to bring down a website is more akin to building a wall or another sort of barrier in front of a store. If you try that in real life, you will soon find that despite not being physically violent, it is not actually a valid and/or legal way of protesting.
15. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 04:57 · Score: 2
  
  If the CiC structure allows anonymous to control the machine, then voluntarily installing their botnet means one is providing them with resources, not merely protesting. (Or at least, that is the argument.)
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
16. Re:oooh 1,000 infected computers by JonySuede · 2011-07-31 04:58 · Score: 1
  
  What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
  
  It used to be that way if you go back a couple of 50 years. It was also a form of celebration much like it is now in the ass backward part of the middle east.
  
  --
  Jehovah be praised, Oracle was not selected
17. Re:oooh 1,000 infected computers by julesh · 2011-07-31 04:59 · Score: 3, Insightful
  
  I'd say a DDOS is much more analogous to the sit-in than a picket outside, as the disruption happens within the target's property, i.e. their computers. Even if it happens at their ISP's routers, that's still private property that they are effectively leasing the right to use, which they are being prevented from doing.
  That said, the obvious extrapolation should be made: a sit-in is not a criminal offence, it is trespass. Therefore a DDOS should be relegated to the status of trespass-to-chattels. Which would mean you cannot be imprisoned for taking part in one, but you could be held liable for losses incurred by the target because of it (trespass gives rise to a chose in tort, if I understand such matters correctly, which as I am not a lawyer I may not...).
18. Re:oooh 1,000 infected computers by Iamthecheese · 2011-07-31 05:13 · Score: 2
  
  No, it's the difference between blocking 5 stores and blocking corporate HQ.
  
  --
  If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
19. Re:oooh 1,000 infected computers by PitaBred · 2011-07-31 05:24 · Score: 1
  
  What is sitting in a bank and preventing it from being able to do business but a denial of service?
  
  --
  My blog. Good stuff (when I remember to update it). Read it.
20. Re:oooh 1,000 infected computers by Anonymous Coward · 2011-07-31 05:29 · Score: 1
  
  If standing in front of a building in protest in a way which prevents entry is free speech . . .
  
  Stop there. Maybe I haven't heard about this exception that you claim exists, but you are not allowed to obstruct someone's movement. If that doesn't apply to entering a store, then the justice system has seriously failed. DDoS attacks will not be protected, nor should they be. It costs money and often times serious damage.
21. Re:oooh 1,000 infected computers by nospam007 · 2011-07-31 05:44 · Score: 1
  
  "Denial Of Service attacks are not protected speech and are a violation of Federal law."
  Clogging the toilet in a public building is then also a Denial of Service attack.
  Don't tell me it's different, they both use a series of tubes.
22. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 06:04 · Score: 1
  
  If standing in front of a building in protest in a way which prevents entry is free speech . . .
  Stop there. Maybe I haven't heard about this exception that you claim exists, but you are not allowed to obstruct someone's movement. If that doesn't apply to entering a store, then the justice system has seriously failed. DDoS attacks will not be protected, nor should they be. It costs money and often times serious damage.
  I said if, because I'm not sure what the law of picketing is, or how it varies between jurisdictions. I was not referring to false imprisonment, etc...--standing in front of someone means you are standing there first. This is not a question of you surrounding them and preventing them from leaving. I am allowed to obstruct your movement if we're both in a public park and I'm sitting on a bench--you can't sit in the spot I'm in. You're not legally allowed to make me move. Your description, on the other hand, is putting the agency in the person who stands still. If you barrel into me when I'm standing in front of a store, it may be that you are the one doing something illegal or actionable.
  DDoS attacks do cost money. I do not know what kind of "serious" damage you mean, other than money. Do you mean time? Or negative publicity? Nobody is physically injured. A knife-fight on the street is much worse than a DDoS attack for the people involved, with rare exceptions which mostly involve small targets. The knife-fight costs less for society, however, in many cases. But there is more damage if you measure damage in terms that are human rather than purely economic.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
23. Re:oooh 1,000 infected computers by GooberToo · 2011-07-31 06:17 · Score: 1
  
  a DoS attack is theoretically free speech as well.
  
  Not likely at all. This is the same reason you can't actually protest INSIDE the buildings because you cause a denial of service for those who wish to actually see federal locations. In other words, the law is pretty clear on this that its in no way imaginable this is protected as free speech.
24. Re:oooh 1,000 infected computers by milkmage · 2011-07-31 06:30 · Score: 1
  
  so you can stand in front of an office building or whatever, but the second you physically prevent someone from entering (by touching or blocking), I think that changes to some other kind of offense. there was some kind of hotel union strike/protest here, and the pickters would march in front of the hotel banging drums and yelling, but I'm pretty sure they could be arrested if they touched a guest or other staff for any reason.
  Those protesters are on public property (the sidewalk in front of the building). if they entered the lobby, that could be construed as trespassing, therefore a "crime." there's no "sidewalk" in a DoS attack - it's effectively chaining the doors to the hotel shut. DoS is preventing access.. that's not protected.
25. Re:oooh 1,000 infected computers by Oligonicella · 2011-07-31 06:36 · Score: 1
  
  "Probably, but has that been litigated?"
  
  Yes, and the protesters lost. This is why abortion protesters can't block access.
  
  "If standing in front of a building in protest in a way which prevents entry is free speech,..."
  
  It's not. This is well known. See above.
26. Re:oooh 1,000 infected computers by furball · 2011-07-31 06:43 · Score: 2
  
  http://en.wikipedia.org/wiki/Trespass_to_chattels
  Sometimes you think you know the law. And then you find out, you didn't really know that much about the law. That's why lawyers exist.
27. Re:oooh 1,000 infected computers by Oligonicella · 2011-07-31 06:47 · Score: 1
  
  "Nobody is physically injured."
  
  They're not facing execution. What's you point? Non-injury activities are sanction-free?
28. Re:oooh 1,000 infected computers by Stan92057 · 2011-07-31 06:48 · Score: 1
  
  Total Fail. They are "stealing" others computers/servers/internet connection/electricity . Did they ask for permission to use all those computers to shut down PayPal or to steal the data? It not even close to being a valid interpretation because they were/are using stolen resources to do the DOS attack. And steal data that doesn't belong to them and alot of other things they have done and stole. There flat out criminals.
  
  --
  Jack of all trades,master of none
29. Re:oooh 1,000 infected computers by wiedzmin · 2011-07-31 07:01 · Score: 1
  
  I'm curious. Say Alice is using Tor to stop websites from tracking her location. Bob starts Tor to use LOIC in HTTP mode, targets Paypal, and just so happens to be routed through Alice's client as the final hop. Paypal logs Alice's IP address and hands it over to the feds, even though she did nothing illegal. Am I confused on how Tor works or is poor Alice screwed and it's not a good idea to use Tor for that reason?
  
  --
  Bow before me, for I am root.
30. Re:oooh 1,000 infected computers by wiedzmin · 2011-07-31 07:07 · Score: 1
  
  Only if you clog all of them, in the entire building, at the same time :)
  
  --
  Bow before me, for I am root.
31. Re:oooh 1,000 infected computers by wiedzmin · 2011-07-31 07:16 · Score: 1
  
  But you see, the problem with destroying something that doesn't have a defined structure, that is a movement rather than an organization, is that you can't. You can arrest a 1,000 people who really did call themselves "Anonymous" and then someone else is going to call himself "Anonymous" and you're back at square one. There is no membership, any member of any other hacking collective (like "Lulzsec" or "Script Kiddies") or any independent blackhat or whitehat can turn around and start a DDoS under the "Anonymous" banner. It's like trying to destroy white supremacy - you can identify and arrest individuals who show the signs of it, display supremacist behavior or have swastika tattoos... but you can't destroy the notion itself - there will be others who feel that way, who have not yet publicly revealed themselves and who might carry out hateful acts in the future. In both cases you can only target/destroy individual contributors, not the movement itself.
  
  --
  Bow before me, for I am root.
32. Re:oooh 1,000 infected computers by JockTroll · 2011-07-31 08:16 · Score: 1
  
  What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
  No, that would be a waste of ammo. An effective protest would involve people firing guns into the persons or structures being protested against, tearing limb from limb, blowing heads open, mowing down the object of the protest like blood-red weed. Nothing says "I despise you" like 10'000 rounds being pumped into your quivering body.
  
  --
  Geeks are so full of shit that "beating the crap out of them" takes a whole new meaning.
33. Re:oooh 1,000 infected computers by AndGodSed · 2011-07-31 08:35 · Score: 1
  
  I would do this two ways.
  One - send out mass mails (one per complainant) to the company about $issue, and CC $newsmedia and $govtrepresentative in each message.
  Two - take out adwords on google for keywords related to the product/service/company and let the ads direct to a site with your message.
  One accomplishes the "one meatsack one complainant" limitation imposed by physical sit-ins AND makes the message public.
  Two gets the message out, and gives the recipient of the message free choice if he wants to click the ad.
  Both get the message into the open and leave the acting upon the message to the public. Exactly like a sit in would.
  The adwords angle has to be done carefully to stear clear of slander laws.
  
  --
  Seven Days with Ubuntu Unity
34. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 08:50 · Score: 1
  
  I was responding to Parent's claim that DDoS attacks often cause serious damage.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
35. Re:oooh 1,000 infected computers by mikael · 2011-07-31 08:53 · Score: 2
  
  They already have one set of suspects from a single IP address :
  These were the IP addresses that sent the largest number of packets. Packets coming from Anonymous contained strings like "wikileaks," "goof," and "goodnight". The affidavit was offered in support of a search warrant for the home of an Arlington, Texas couple and their son. They have not been charged yet, but the house was the source of 3,678 packets in about two-and-a-half hours.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
36. Re:oooh 1,000 infected computers by Oxford_Comma_Lover · 2011-07-31 08:53 · Score: 1
  
  The botnet here was a voluntary botnet, IIRC.
  
  --
  -- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
37. Re:oooh 1,000 infected computers by Raenex · 2011-07-31 09:13 · Score: 3, Informative
  
  So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall.
  You can't legally block access to a store or a street with a protest. You have to let people through.
38. Re:oooh 1,000 infected computers by sumdumass · 2011-07-31 09:44 · Score: 1
  
  Here is the problem. No protest blocking the entry of a building or area for whatever purpose as the intent of the protest would be considered protected free speech. The abortion protesters found this out the hard way about a decade ago when they became not only liable for the lost revenue of the abortion clinics they blocked, but had to relocate in order to allow patients into the building without being directly harassed by them..
39. Re:oooh 1,000 infected computers by sumdumass · 2011-07-31 09:50 · Score: 1
  
  This has been hashed out about a decade or more ago. Abortion protesters were blocking access to abortion clinics and the courts rules that it wasn't free speech to do so. The protesters had to pay some restitution of lost business and clear a path large enough for employees and consumers to enter the premises unmolested if they chose to do so. Most of them gave up because the new rules made their protests a lot less effective as they previously where.
40. Re:oooh 1,000 infected computers by sumdumass · 2011-07-31 10:38 · Score: 1
  
  Well, they seize the computer and treat it as evidence and look for information contained on it that helps them show it was Bob who did it. This happens possibly while Bob has been arrested (because he lives by himself and swears that no one but him has access to the computer or the internet service he pays for). The authorities check and find nothing indicating Bob took part in this outside of Tor being installed. They release him, gather any information possible about the tor client connections and eventually give his computer back after a long wait and inconvenience.
  Bob takes his story to the evening news claiming he thought that while he was evading spammers on the intertubes, he was helping US service men and agents communicate with government agencies because Tor was originally developed by the US navy for that purpose.
41. Re:oooh 1,000 infected computers by horza · 2011-07-31 11:42 · Score: 2
  
  That's not really true. One person using their maximum bandwidth is unable to take down a web site, you cannot single-handedly block access completely unless others (who're making their own decisions) work together with you. In fact I think you've actually successfully proven yourself wrong.
  Phillip.
  
  --
  Property for sale in Nice, France
42. Re:oooh 1,000 infected computers by horza · 2011-07-31 11:47 · Score: 1
  
  Interesting point. What if somebody organises a bus for a bunch of protesters to make it easier to get to the protest point. Have they then relinquished control to the bus driver? After all the volounteers have all signed up for their packets to be delivered by the group organiser.
  Phillip.
  
  --
  Property for sale in Nice, France
43. Re:oooh 1,000 infected computers by TheSpoom · 2011-07-31 12:01 · Score: 1
  
  This is where the law has become completely goddamn stupid. A protest is a protest. If it becomes violent, and that means PHYSICALLY VIOLENT, then it's a problem. Shy of that, it's just a protest and protected under the Constitutional right to peaceably assemble.
  No. I absolutely disagree with this logic. If a protest stopped people from entering a store, you'd better goddamn well believe that the police would get involved. This is no different. Peaceful protest means you aren't actively interfering with their business.
  
  --
  It's better to vote for what you want and not get it than to vote for what you don't want and get it.
  - E. Debs
44. Re:oooh 1,000 infected computers by horza · 2011-07-31 12:12 · Score: 1
  
  It is obvious. And I'm not sure why it's a criminal offense. I've been DDOS'd plenty of times, the last one pretty sure paid for by a certain rival. I tracked down one of the sources as a compromised router in Japan, but due to being out of hours it took ages before I could get hold of somebody to shut it down. They should compensate me for lost business, but prison? Sure it would give me personal satisfaction but it would be more logical they compensate me.
  Sure you might have moral reasons for protesting a company by DDOS but you should know that might come at a price. In fact it may backfire and make you pay more money to the company you are protesting against. Plus a hefty bill from law enforcement for tracking you down and making them waste their resources. But throwing people in jail for something so trivial doesn't appear to offer any tangible benefits to society.
  Phillip.
  
  --
  Property for sale in Nice, France
45. Re:oooh 1,000 infected computers by GameboyRMH · 2011-07-31 12:41 · Score: 1
  
  You can't really DDoS through a proxy. You can try, but you'll probably put more load on the proxy.
  Now if that was something like an SQL injection attack you'd be 100% correct. Using Tor is safe, running a Tor exit node isn't. That said I run some exit nodes and I'm still here. Also see my journal for something even scarier about Tor.
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
46. Re:oooh 1,000 infected computers by Darkness404 · 2011-07-31 13:09 · Score: 1
  
  Yes there is a "sidewalk" to a DoS attack, its called the internet. If you don't want people accessing your site you can block their IP and take steps to guard against a DoS attack, something that you can't do with a protest.
  
  --
  Taxation is legalized theft, no more, no less.
47. Re:oooh 1,000 infected computers by Kalriath · 2011-07-31 13:26 · Score: 2
  
  Google won't let you create an Adwords ad with a trademarked term in it without the permission of the trademark holder. That tanks #2 in one easy step, unfortunately.
  
  --
  For a site about things like basic rights, Slashdot users sure do like to censor "dissent".
48. Re:oooh 1,000 infected computers by KingMotley · 2011-07-31 13:28 · Score: 1
  
  If standing in front of a building in protest in a way which prevents entry is free speech
  No, it isn't, and that is illegal too.
49. Re:oooh 1,000 infected computers by KingMotley · 2011-07-31 13:34 · Score: 1
  
  Typically, blocking the IP doesn't help (much). The sheer number of requests clogs the connection anyway even if you ignore them. You have to contact your ISP (and possibly thier ISP) to block the IP.
  For a protest, that would be like having the police put up a 5 block perimeter, and possibly refusing to let people fly into the aforementioned city even. You can't effectively do that in many cases either.
50. Re:oooh 1,000 infected computers by The+Wild+Norseman · 2011-07-31 13:56 · Score: 1
  
  It's a question of scale, though. One of the reasons sitting on the street in front of a store is a legal way of protesting is that you only have your own one body to work with.
  
  Yes, it's exactly a question of scale. Way back when companies and corporations had maybe one or two store locations, a physical boycott could seriously impact the company bottom line.
  Now that (it seems) the rule rather than the exception is multi-billion dollar companies that span the globe in many multiple countries, it's only natural that boycotts and protests scale up to reach these "too big to fail" giants.
  
  --
  "A government is a body of people usually -- notably -- ungoverned." -Shepherd Book
51. Re:oooh 1,000 infected computers by milkmage · 2011-07-31 14:58 · Score: 1
  
  let me clarify - if this were a real picket you need to cross the sidewalk.. you hear what the picketers have to say (whether or not you listen is irrelevant).. a picket line for a website cannot be built.. how do you deploy a page at company.com where you state your message (picketers grievances), but let customers proceed to the homepage (hotel lobby)?
  your internet analogy is more like a restraining order.
52. Re:oooh 1,000 infected computers by iamwahoo2 · 2011-07-31 15:34 · Score: 1
  
  Of course DDoS attacks cost money, but then by that same logic, so does it cost money every time I go to a stores website and do not buy anything.
53. Re:oooh 1,000 infected computers by iamwahoo2 · 2011-07-31 15:38 · Score: 1
  
  I think you are taking the sit-in analogy a little too far. There are no doors blocked in a DDOS attack. In fact, nothing is blocked, it is simply a matter of a servers ability to handle a surge in traffic.
54. Re:oooh 1,000 infected computers by wildstoo · 2011-07-31 23:32 · Score: 1
  
  Uh... doesn't that seem really low? Assuming equal distribution, that's only one packet every ~2.45 seconds. Hardly a torrent of data.
  Being generous and assuming around 1500 bytes per packet, he only sent about 5.2MB of data over 2 and a half hours. Srsly?
  How many packets did legitimate users send during that time? Probably a lot more.
55. Re:oooh 1,000 infected computers by mikael · 2011-08-01 03:00 · Score: 1
  
  Factors would include the clock-speed of their PC, and the setup of their network /wi-fi router, as well as what else their PC was doing if it were owned by a bot-net.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
56. Re:oooh 1,000 infected computers by Gripp · 2011-08-01 03:57 · Score: 1
  
  while i agree with you in theory, the problem becomes that ANY amount electronic tomfoolery is considered illegal. and thus the need to use scripts and compromised machines is required if you wish to stay out of prison/pay damages. further, while 20 people is enough to physically block a business, it would take vastly more people hitting F5 to have the same effect. I think the more appropriate use case is if there are more people who are just as against the topic as the hacker. but how could that be measured....
57. Re:oooh 1,000 infected computers by PoopCat · 2011-08-01 09:09 · Score: 1
  
  Just curious at the image of a consumer of abortion. Possibly you meant customer, but even that has some slightly odd connotations. The rest of your post makes just as much (read: little) sense.
58. Re:oooh 1,000 infected computers by sumdumass · 2011-08-01 10:29 · Score: 1
  
  consumer of services. not everything done at abortion clinics is about abortions. some things are just regular woman's health checkups, birth control issuing and so on.
Sympathizers only by Anonymous Coward · 2011-07-31 02:05 · Score: 5, Informative

If I recall correctly, there was a wave of encouraging sympathetic bystanders to install LOIC. This is unlikely to get the organizers of the protest, just the idealistic or foolish people who essentially just showed up and lent their voice.
1. Re:Sympathizers only by Calos · 2011-07-31 02:51 · Score: 5, Insightful
  
  Could be, but those are also the people who may be most easily deterred from doing it again, if they see people being arrested for it.
  Doesn't hit core anon members, perhaps, but weakens one of their weapons.
  
  --
  I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
2. Re:Sympathizers only by Anonymous Coward · 2011-07-31 03:28 · Score: 2, Informative
  
  Because some mods are morons...
3. Re:Sympathizers only by gl4ss · 2011-07-31 07:45 · Score: 1
  
  doesn't weaken their weapons either. just builds up more goodwill to them, just another thousand people who can't/will not use paypal.
  also those thousand theoretical cases are going to do massive DDOS of the legal system(and their "cyber experts" time and billing, noticed how only government and shrill companies are using the word "cyber" to sound like they're.. well, hackers I suppose, cyber hackers who do magic shit, or some shit like that). so who wins? anonymous.
  paypal should just register as a bank anyways. I'm not going to bother with cancelling my paypal account though over this, I only use them as a CC processor, who the fuck would use them as something else? but that's another catch how paypal is the easiest to setup CC processor as you don't really have to follow any compliancy rules to use them - except they can take your businesses or organizations money any time they want - as they're not following the rules. Paypals main business is that they don't follow the rules so it should be just fitting for them to get screwed over when someone else doesn't follow the rules. basically paypal gets around of not following the rules by screwing over xxx vendors and "gambling" sites - so by following one rule that doesn't even exist they get to break a lot of rules that do exist.
  anyhow, using loic for the ddos was probably stupid. just making a firefox or whatever extension that would have refreshed paypal account status page every minute, or every 10 secs, would have worked both better and been impossible for paypal to prosecute through legal channels, of course participating would have then needed a lot of people with actual accounts. the attack was so low tech that for paypal it would have been better to just shrug it off, involving the feds and their counterparts in numerous countries is going to take more of paypals resources and those "cyber" police jackass resources than it would have taken for them to just shrug it off. on top of that it does them no good as they're going to prosecute a lot of people who had nothing to do with it, it's already so much after the attack that it's reasonable that some computers owner doesn't know who could have done that with his computer or from his natted network.
  
  --
  world was created 5 seconds before this post as it is.
4. Re:Sympathizers only by sumdumass · 2011-07-31 10:48 · Score: 1
  
  Well,
  When you are in the back of D-wing with you new cell mate Bubba, who is 350 ponds of ass kicking muscle that stands almost 2 feet taller then you do, but wants to play house and asks you if you want to be the husband or the wife, and when you say husband because you don't want to take it and would rather be giving it, then he drops his panties, bends over, and says " Alrighty, eats my pussy then",
  just remember, you asked for it because you know people are getting arrested for stupid shit like that. And sick shit like this happens sometimes in jail.
5. Re:Sympathizers only by Yvanhoe · 2011-07-31 21:14 · Score: 1
  
  It also sends a strong signal to the mass : protests are tolerated IRL, but protesting online will not be tolerated. It pushes the line of actions that are repressed : LOIC did not do any intrusion or sabotage.
  
  I don't like DDoSers particularly and do not find their actions very smart, but I don't find them illegal. Before cracking down on them, clear laws should be written.
  
  --
  The Wise adapts himself to the world. The Fool adapts the world to himself. Therefore, all progress depends on the Fool.
Payback the other way round.... by mseeger · 2011-07-31 02:07 · Score: 4, Insightful

I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.
On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....
1. Re:Payback the other way round.... by Anonymous Coward · 2011-07-31 02:17 · Score: 1
  
  Setting an example is a two-edged sword. When an innocent person gets crushed by the wheels of justice (just us), then the arrogant feel vindicated, and another "brick in the wall" creates more animosity.
2. Re:Payback the other way round.... by Anonymous Coward · 2011-07-31 02:38 · Score: 1
  
  Probably my ip is one of those. But I dont live in the US or the in UK, and in my country I doubt that the federal police will ever bother to try to arrest anyone involved in this kind of attack, specially in a foreign country. So I willing participated in an act that I consider as criminal as someone blocking a street in protest (you know, in Egypt a protest is a crime too).
3. Re:Payback the other way round.... by Anonymous Coward · 2011-07-31 02:40 · Score: 1
  
  This is where there is a philisophical debate. Is a DDOS an attack or a legitimate form of protest analagous to setting up a picket line in the real world?
4. Re:Payback the other way round.... by poena.dare · 2011-07-31 02:54 · Score: 5, Insightful
  
  How many times can I push the reload button on my browser before I'm breaking the law?
5. Re:Payback the other way round.... by nimid · 2011-07-31 02:55 · Score: 1
  
  But participating willingly in a DDOS attack is a criminal act in my book.
  
  I hear ya - they should have written strongly worded emails that left no doubt regarding the displeasure they felt at Paypal's actions.
  
  --
  A hundred and twenty characters ought to be enough for anyone...
6. Re:Payback the other way round.... by IANAAC · 2011-07-31 03:01 · Score: 1
  
  I neither like Paypal nor the credit card companies much.
  Unrelated, I suppose, but I often see comments from people claiming their dislike for Paypal. Personally, I've never had a problem with them, but the number of Paypal complaints prompts me to ask:
  What alternative is there really for someone in my position. Living in the US, I accept a lot of work online from places outside the US and sometimes outside the EU, and Paypal (or Moneybookers) is really the only reliable way to receive payment without being charged huge fees as my bank would certainly do.
  In fact, my Paypal debit card is probably more useful to me than my own bank's - ATM fees are less with Paypal for starters.
  Just curious what the alternative would be.
7. Re:Payback the other way round.... by hilather · 2011-07-31 03:02 · Score: 1
  
  I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.
  On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....
  Its a good thing nobody reads the articles anymore, or that thing they call "slashdotted" might be a criminal act.
8. Re:Payback the other way round.... by Lehk228 · 2011-07-31 03:02 · Score: 1
  
  a picket line cannot block people from entering, a DDoS only serves to block people from entering
  
  --
  Snowden and Manning are heroes.
9. Re:Payback the other way round.... by the+eric+conspiracy · 2011-07-31 03:04 · Score: 2
  
  Pickers generally obey the various laws associated with such protests. No blocking entrances, no trespassing etc.
  If they don't and do things like lie down across entrances they get hauled by the police.
10. Re:Payback the other way round.... by SuricouRaven · 2011-07-31 03:04 · Score: 1
  
  Anonymous usually relies on force of numbers. Get 10,000 people attacking a site, and each individual is insignificent. Is it worth the site owners spending thousands of dollars in legal fees to get rid of some script-kiddie?
11. Re:Payback the other way round.... by del_diablo · 2011-07-31 03:27 · Score: 1
  
  But a DDoS only makes it harder to enter.
12. Re:Payback the other way round.... by Anonymous Coward · 2011-07-31 03:27 · Score: 1
  
  But I don't know what legal authority the FBI has in my country
  Quite a lot of you happen to be in the UK. The Blair government happily signed-up to expedite extraditions to the United States by allowing extradition in response to levels of evidence that would normally be insufficient to arrest someone, let alone bundle them up and fly them to a foreign country. Of course this arrangement only works one way. Cheers Tony.
13. Re:Payback the other way round.... by 1u3hr · 2011-07-31 03:37 · Score: 1
  
  a DDoS only serves to block people from entering
  But no individual PC in the DDOS prevents access either.
  Consider a big street march that gets violent. You can't (in a democracy) just arrest and charge anyone who was part of the mob. They have to be individually charged and found guilty of a criminal act. You would have to proves some kind of conspiracy and intention. And all they have are IP numbers. Suspicion, but not proof of an illegal act.
14. Re:Payback the other way round.... by Anonymous Coward · 2011-07-31 04:26 · Score: 1
  
  Stop equating laws with morality.
15. Re:Payback the other way round.... by Ash-Fox · 2011-07-31 04:49 · Score: 1
  
  Probably my ip is one of those. But I dont live in the US or the in UK, and in my country I doubt that the federal police will ever bother to try to arrest anyone involved in this kind of attack, specially in a foreign country. So I willing participated in an act that I consider as criminal as someone blocking a street in protest (you know, in Egypt a protest is a crime too).
  I doubt your country would care much about you personally if you were extradited by foreign super powers either, since that would improve relations with the US, Germany and UK, nice economic ties and all.
  That's the impression you have given me based of your country's description in caring.
  
  --
  Change is certain; progress is not obligatory.
16. Re:Payback the other way round.... by mhelander · 2011-07-31 05:05 · Score: 1
  
  What about an intentional slashdotting ?
  Say that some article the hive mind disagrees with gets overwhelmed and the "slashdotted" tag goes up with the article link on the front page, as per usual. To what extent does this encourage readers to keep clicking the link in schadenfreude?
17. Re:Payback the other way round.... by uvajed_ekil · 2011-07-31 06:29 · Score: 1
  
  But participating willingly in a DDOS attack is a criminal act in my book.
  That's great, but no one has read your book, and I doubt the courts have a copy of it, so DDOS attacks are not necessarily criminal in terms of the law.
  
  --
  This is a hacked account, for which the owner can not be held responsible.
18. Re:Payback the other way round.... by IANAAC · 2011-07-31 06:43 · Score: 1
  
  One alternative is not to get those sales or do those buys. That is what I do.
  I know, radical thinking.
  Huh? Did you read my post at all? I have clients that pay me from abroad via Paypal, because it's the cheapest way for both parties.
  About a third of my business comes from overseas business conducted online.
  Yes, I could have wire transfers done, but it's expensive for everyone involved and the couple of times I've gone that route, it was nothing but trouble.
  My question was: What alternative is there as easy as Paypal (or Moneybookers)?
19. Re:Payback the other way round.... by mseeger · 2011-07-31 08:59 · Score: 1
  
  As many times as you want until the Jury is convinced that you did it intentionally to break the service.
  Laws are no technical specs. Thre is no X until which reloads are legal. If you boasted to friends to bring down a server and do 5 reloads, it might already convince a jury of you malicious intent. If, on the other side, another witness heard you about complaining that you had to reload the site 100 times until your transaction came through, you will probably get away with it.
  There is not algorithm to be executed to determine the legality of an action. It is a common mistake by technician to think of laws as "hard limits". Judgements are made by humans and it is designed to be this way.
  Or to say it shorter: You are guilty of an offence if a jury/judge says so.
  Yours, Martin
20. Re:Payback the other way round.... by Threni · 2011-07-31 10:40 · Score: 1
  
  Also, I wouldn't be surprised if the IP addresses of people who Paypal have a grudge against end up on that list.
21. Re:Payback the other way round.... by sumdumass · 2011-07-31 11:03 · Score: 1
  
  I think the term you are looking for is called Mens Rea.
  http://en.wikipedia.org/wiki/Mens_rea
  A lot of laws require not only the technical facts to be present, but the state of mind also.
  A side note, I sort of have a personal experience with this where I was attempting to enable IPX on a Linux Box (to facilitate network authorization on a netware 3.5 boxen) and logged into the gateway by mistake enabling it for the gateway NIC. I ended up flooding the entire network as well as the internet. I in effect performed a denial of service to everyone on our side of the block. This went on for two hours before I noticed what happened and stopped it. I called the ISP and told them so they didn't waste resources trying to track it down. Everyone was fine with it, except I was sent a letter asking that it never happen again.
22. Re:Payback the other way round.... by Jiro · 2011-07-31 11:10 · Score: 1
  
  If your intention is to get the latest news, your script is not going to be pressing F5 enough to cause trouble unless you're mindbogglingly stupid in a way that happens by chance to exactly resemble someone whose intention is to attack.
  But I suspect your question is not really "what if it's my intention to use a script to get news". Rather your question is "what if my intention is really to do a DOS attack, but I say that my intention is just to get news?" To which the answer is "they're not stupid. They'll infer your intention from your actions; the fact that they can't read your mind doesn't mean you can lie about your intentions and get away with it.
23. Re:Payback the other way round.... by iamwahoo2 · 2011-07-31 15:48 · Score: 1
  
  But back to his point... DDoS is not technically a computer intrusion nor unauthorized use of a computer, and therefore may not even be illegal. So you are right that intent is important when there is actually a written law defining something like this as illegal, but to my knowledge, no such law exists in the US. It may however violate agreements with your ISP or Paypal.
24. Re:Payback the other way round.... by EETech1 · 2011-07-31 16:04 · Score: 1
  
  Too bad there isn't a way to send money over the internet. You could call it bitmoney, or bitcoin or something...
  Yes I'm joking that you rely on it to make a living (get paid) but if you did the $->BTC exchange based on current rates, and then promptly cashed out, you shouldn't loose too bad? Maybe...
  Cheers!
25. Re:Payback the other way round.... by DryGrian · 2011-07-31 16:12 · Score: 1
  
  Western Union and Moneygram are prohibitively expensive.
  
  --
  For optimal comment enjoyment, take red pill now.
26. Re:Payback the other way round.... by lee1026 · 2011-07-31 17:06 · Score: 1
  
  Bitcoin goes up and down too much for that to work - he would have to change what he ask everyday as not to over/under sell himself.
27. Re:Payback the other way round.... by mseeger · 2011-07-31 17:44 · Score: 1
  
  I think no state attorney will have difficulties to charge you according to the "Computer Fraud and Abuse Act" in the U.S. if you participate willingly in a DDOS atttack. IMHO it can be considered as "causing damage".
28. Re:Payback the other way round.... by Lisandro · 2011-08-01 00:39 · Score: 1
  
  Google Checkout works pretty much the same way as PayPal does, with an account tied up to your Google account. I've used it a couple of times without any issues at all - in fact, they are a little bit less restrictive than PayPal regarding how you can use your credit cards and bank accounts.
  What i hate of both Paypal and Google Checkout is that they're both too expensive - between %2 and %2.5 for transactions below $100,000. Which means any operation you perform has a 5% charge from the let go, since these fees applies to both deposits and withdrawals. It doesn't sound like much until you realize this is comparable to what Western Union charges.
29. Re:Payback the other way round.... by Lisandro · 2011-08-01 01:24 · Score: 1
  
  For example, if you're sending $1000 WU charges you about $60, or 6% of your transfer. By the time you add the deposit and withdrawal fees of PayPal you end up with roughly 5%. More often than none costs between PayPal and WU are about the same.
Why did it take this long? by F69631 · 2011-07-31 02:07 · Score: 4, Interesting

TFA doesn't have any more info than the summary. PayPal hasn't apparently done any investigation themselves so why couldn't they have handed these over 11 months ago? Did they fear that it would cause a retribution and wanted to harden their systems first? Did they actually hand these over 11 months ago and simply announce it now? Did they just spend a year thinking whether to press charges or not (couldn't they have allowed FBI to start the investigation immediately, even if that was the case?)?
If you want a crime solved, it seems very odd to wait a year before handing the relevant data over to FBI... I refuse to believe that it took them a year to determine what traffic was actually part of the DDoS and what wasn't (it can even contain false positives if it's just the starting point for FBI)!
1. Re:Why did it take this long? by Antique+Geekmeister · 2011-07-31 02:49 · Score: 4, Informative
  
  I've very sad to say that this is typical of the FBI Computer Crime Center, and of corporate computer crime. Exposing the vulnerability or logging structures of Paypal's internal services to _anyone_ would be bad for them as a company interested in continuing to gather investor money and avoid negative assessments of their practices. Paypal does not have much interest in prosecuting this: prosecuting a few of Anonymous's members would not stop the rest of Anonymous's members from focusing their attacks against Paypal in a retaliation.
  Moreover, the FBI computer crime teams are demonstrably incompetent. Review their own website, at http://www.fbi.gov/about-us/investigate/cyber/cyber. Their big computer "takedowns" are all at least 2 years old and the actual investigations done by other, overseas security forces or local law enforcement. The FBI taking credit for these few cases is insulting to those agencies. When the FBI says "our global partnerships paid off", as they do at http://www.fbi.gov/news/stories/2008/october/darkmarket_102008, it actually means "someone else did all the work and we're trying to take the credit without telling anyone what we actually failed to do".
2. Re:Why did it take this long? by Dachannien · 2011-07-31 04:04 · Score: 1
  
  Wired reported on this a few days ago (and there was a Slashdot article about related information at the time, too), noting that Paypal handed over the information last December.
  http://www.wired.com/threatlevel/2011/07/op_payback/
Re:Botnet IPs? by Ziekheid · 2011-07-31 02:10 · Score: 5, Informative

Actually, no.
There mightve been help from botnets but a large number of people were using LOIC, a gui ddos tool for scriptkiddies which doesn't spoof packets.
It's hilarious to me that it's the main tool for Anonymous members and clearly shows how the majority doesn't really know what they're doing but just following lead.
Re:TOR by Thad+Zurich · 2011-07-31 02:16 · Score: 1, Troll

Seems more likely to me that PayPal has succeeded in identifying 1000 overseas botnet clients by IP address.
Cross-Check? by tekiegreg · 2011-07-31 02:18 · Score: 1

I would like to think a company as big and at least somewhat security savvy as PayPal would think to try and cross-check against compromised networks, TOR Proxies, etc...I'd be a little worried if I were one of these people...

--
...in bed
1. Re:Cross-Check? by dakameleon · 2011-07-31 02:33 · Score: 2
  
  why shouldn't PayPal just leave that up to the FBI to check? After all, they're the ones that are supposed to have the public's interest at heart, not PayPal, the corporation that got attacked here.
  
  --
  Man who leaps off cliff jumps to conclusion.
Will the FBI have Jurisdiction by Froeschle · 2011-07-31 02:23 · Score: 1

I'm sure that many of the IP addresses are also not from the US. Will the FBI be confiscating computers associated with those IP addresses as well? Not that I condone their actions, but perhaps Anonymous should make it a point to only use non-US IP addresses?
1. Re:Will the FBI have Jurisdiction by dakameleon · 2011-07-31 02:35 · Score: 4, Informative
  
  The FBI might not have direct jurisdiction, but they've certainly got agreements with the major law enforcement agencies around the world, and you can bet that hacking across international lines is a sensational enough crime that they're going to assist the FBI in any way they can. See also the recent cases of "Anonymous members" getting picked up in the UK.
  
  --
  Man who leaps off cliff jumps to conclusion.
2. Re:Will the FBI have Jurisdiction by Conspiracy_Of_Doves · 2011-07-31 02:40 · Score: 5, Insightful
  
  Haven't you heard? The US Government has jurisdiction wherever the hell it wants.
  
  --
  
  Technoli
3. Re:Will the FBI have Jurisdiction by Calos · 2011-07-31 02:57 · Score: 1
  
  Just use Chinese computers, US won't get any help from them.
  On the other hand, if it makes people think there's more hacking from China, that could cause all kinds of other international problems...
  
  --
  I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
4. Re:Will the FBI have Jurisdiction by GameboyRMH · 2011-07-31 12:54 · Score: 1
  
  I think a lot of attacks intentionally use proxies located in China. It doesn't get followed up and law enforcement just chalks one up to the "damn dirty Chinamen."
  
  --
  "When information is power, privacy is freedom" - Jah-Wren Ryel
Re:1,000 compromised hosts by Anonymous Coward · 2011-07-31 02:24 · Score: 1

probability those probabilities were pulled out of your ass = 100%
Collateral damage too by nurb432 · 2011-07-31 02:26 · Score: 1

Not just grandmothers, but also people that violated some RIAA copyright and now will get burnt.

--
---- Booth was a patriot ----
One answer... by BrokenHalo · 2011-07-31 02:46 · Score: 3, Insightful

An answer to this might be the old rule that one should never assume malice where stupidity or ignorance are more likely to be the case. It is quite possible that PayPal doesn't have the resources (i.e. the smarts) to follow the trail themselves, so after some fruitless dithering, they have simply passed the bag on to someone else. Not that the FBI will necessarily process the information any more intelligently, but it isn't PayPal's problem any more.
1. Re:One answer... by julesh · 2011-07-31 05:03 · Score: 1
  
  It is quite possible that PayPal doesn't have the resources (i.e. the smarts) to follow the trail themselves
  This would be the same PayPal who suspend your account if you use a proxy server, and seem pretty hot at detecting them (they get me *every time* I forget and try to access their site with Opera Mini)?
  No, they could have produced this list within days of the attack if they had wanted.
Re:TOR by TheCarp · 2011-07-31 02:51 · Score: 2

Doubtful.
1. Most people in a voluntary botnet attack don't know tor.
2. Of those who do, some percentage both know how to use it, and understand why multiple people deciding to do thios would quickly become a DOS of the tor network, and we would hope decide not too. (as someone who keeps a lazy eye on the tor mailing lists, I never saw any threads about how LOIC attacks were bringing it to its knees, nor do I remember noticing it being slower than normal then)
3. I expect the set of people who would participate, know about tor, and would decide to use it for this is a vanishingly small group. (though, probably non-zero)

--
"I opened my eyes, and everything went dark again"
Re:TOR by Calos · 2011-07-31 02:54 · Score: 2

DDoS over Tor would probably cripple the Tor network. Tor is for anonymizing your connection, but it's not a robust, high-speed link. It would slow the attack on the target, and more effectively DDoS Tor than anything.

--
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
Re:Over 1000? by Calos · 2011-07-31 02:55 · Score: 1

No.

--
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
A bunch of kids by airfoobar · 2011-07-31 02:57 · Score: 4, Insightful

I'm willing to bet that the vast majority of those 1000 IPs belong to underaged kids, not the masterminds behind the attacks or even older individuals with the sense to cover their tracks. Should we look forward to the arrests of hundreds of 13-year-olds? Well, I guess the backlash will be fun to watch...
1. Re:A bunch of kids by guttentag · 2011-07-31 04:23 · Score: 3, Funny
  
  This is probably why PayPal waited a year to turn over the addresses. Now those 13-year-olds are 14 years old. By the time the investigation is over, they will be 18-year-old subjects of warrantless wiretapping, at which point each of them will be caught doing something and charged as an adult. You need to think long-term about these things.
2. Re:A bunch of kids by artor3 · 2011-07-31 05:14 · Score: 1
  
  Who cares if they're kids? Tearing off their cloak of anonymity and giving them a nice hard slap on the wrist will help to dissuade other anon kiddies from participating in the future.
3. Re:A bunch of kids by Urza9814 · 2011-07-31 05:31 · Score: 2
  
  ...but punishing a bunch of kids for something stupid like this is only going to make adults, like myself, more likely to take part next time.
4. Re:A bunch of kids by mark_osmd · 2011-07-31 06:24 · Score: 1
  
  Why is everyone assuming they'll arrest these kids (assuming the paypal addresses just go to low level kids and patsies), probably the best move would be to monitor them to follow this up the chain of command to the real problem
5. Re:A bunch of kids by gl4ss · 2011-07-31 07:49 · Score: 2
  
  well, in many countries they're only liable for actual proven damages of which there is none. just some electricity.
  
  --
  world was created 5 seconds before this post as it is.
6. Re:A bunch of kids by Terrasque · 2011-07-31 09:54 · Score: 1
  
  However, after waiting a year... How many of those IP adresses can still be traced to a specific user? How many ISP's don't have logs that far back?
  
  --
  It's The Golden Rule: "He who has the gold makes the rules."
HR1981 Timing by Anonymous Coward · 2011-07-31 02:59 · Score: 5, Insightful

Well that's awfully well timed to coincide with the bill to retain IP addresses for 18 months.
Re:Botnet IPs? by SuricouRaven · 2011-07-31 03:01 · Score: 1

This being Anonymous, more likely a lot of angry parents who had no idea Little Jimmy was up to no good on the internet. Anonymous members do tend to be fairly young - often under eighteen. Legal minors.
If Anonymous were any good... by tangent3 · 2011-07-31 03:05 · Score: 1

...they would be using compromised systems or drones to attack their victims.
My guess is the FBI is sitting on 1000 IP addresses of compromised systems that need to be cleaned.
1. Re:If Anonymous were any good... by mikael · 2011-07-31 05:01 · Score: 1
  
  Going by previous discussions here, they've got 1000 IP addresses which probably are DHCP clients owned by bot-nets, which in turn are communicating via distributed command and control through proxy intermediates using encrypted channels. That's going to be fun chasing up. A simple whois will give them the ISP, but how are they going to identify the actual PC that was in use then?
  After 24-hours of the event, they could have watched those IP addresses, and did some traffic analysis on the hosts they connected to. Then they could follow the communication chain upwards.
  
  --
  Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
Re:Botnet IPs? by Bramlet+Abercrombie · 2011-07-31 03:15 · Score: 1

I once stumbled on a webpage and all I would have had to do is click one button to start attacking visa.com. I hit the stumble button instead, but still, that's how easy it would have been for me to get involved.
Re:Botnet IPs? by Co0Ps · 2011-07-31 03:20 · Score: 4, Interesting

FYI it's open source... http://sourceforge.net/projects/loic/
Re:DCHP anyone? by hjf · 2011-07-31 03:25 · Score: 1

Because DHCP doesn't leave any logs. Cute little anonymous coward, you probably even think you can't be traced just cause you posted anonymous from your browser's incognito mode under Linux!
Re:DCHP anyone? by Slashdot+Assistant · 2011-07-31 03:34 · Score: 1

Depends on ISP records. Having a dynamic IP doesn't mean that one can spend a day enjoying loll, power cycle the router and expect that the master criminal's tracks have been well and truly covered.
Re:DCHP anyone? by icebraining · 2011-07-31 03:49 · Score: 2

In fact in the EU I think the ISPs are required to keep that information for two years, under the Data Retention Directive.

--
Dilbert RSS feed
Re:1,000 compromised hosts by stderr_dk · 2011-07-31 04:12 · Score: 1

And what if your neighbor is Keyser Soze?
Then I would be working for my neighbor.

--
alias sudo="echo make it yourself #" ; # https://pipedot.org/~stderr & http://soylentnews.org/~stderr
it is a waste of resources by karuna · 2011-07-31 04:30 · Score: 1

Passing the list to the FBI only increases the financial damage. Now FBI and sysadmins of different ISPs will spend countless hours tracking down these IP addresses, investigating, maybe even arresting some kids etc. without any tangible results. As if the FBI is not wasting enough of taxpayer money.
1000 IP's of.... by __aazsst3756 · 2011-07-31 04:32 · Score: 1

Of rooted XP boxes?
1. Re:1000 IP's of.... by arkane1234 · 2011-07-31 06:51 · Score: 1
  
  we're not talking about using XP boxen as routers (networking your pc to an XP-box?), we're talking about innocent bystanders who have been infected by a rootkit.
  Of course you knew this, you're just being a douche.
  
  --
  -- This space for lease, low setup fee, inquire within!
bullshit by unity100 · 2011-07-31 04:38 · Score: 1

picketing someone's home or the front entrance of a corporation, or chaining yourself to a machine is a denial of service in itself.

--
Read radical news here
tekglobin copies and pastes into his own blog by Anonymous Coward · 2011-07-31 04:49 · Score: 1

TekGlobin (Matt Jurek) copies and pastes the article including the screen shot from another blog (http://www.ubergizmo.com/2011/07/paypal-1000-anonymous-ip-addresses-fbi/) into his own blog and then submits the link to ./
Classy..
It's the Big Bad Interwebz by RulerOf · 2011-07-31 05:19 · Score: 1
It is highly unlikely that a court will support the free speech view, of course--but it is a logically valid interpretation.
I have to agree with the intent of folks arguing the "free speech" angle, only insofar as that this really shouldn't be an issue with which law enforcement or the courts should waste their time.

For as long as I can remember, and indeed especially so today, you are responsible for your own security with respect to what comes in and out of that connection provided to you, usually as a paid service, by an entity not under the auspices of Federal, state, or local government (yes, wiretaps, ha-ha). It is those entities that, in the event that you feel the need to "reach out" to the other side of the connection to take care of an issue, that should deal with the problem.

In short, ISPs should mitigate grievances between their own subscribers when the grievance is explicitly that of TCP/IP traffic volume, rather than its content.
- DDoS = Handled by folks who own AS numbers and control BGP routing policies.
- Bank Fraud = Handled by those who own guns and enforce legal policies.
Now, SHOULD the "target" of a DDoS feel the need to express "damages" from the event... well, that's what lawsuits are for. We don't have a shortage of lawyers in this country.
--
Boot Windows, Linux, and ESX over the network for free.
Time to close our paypal account ? by unity100 · 2011-07-31 05:20 · Score: 1

This time anon will probably expose paypal's own records. our credit card info may get out.

paypal fools. that move was stupid. they basically invited wrath upon us users.

--
Read radical news here
I read this as: by Hylandr · 2011-07-31 08:16 · Score: 1

I read this as:
with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses
Very Mcarthian
- Dan.

--
~ People that think they are better than anyone else for any reason are the cause of all the strife in the world.
Hand Over? by bigdavex · 2011-07-31 08:20 · Score: 2

PayPal Hands Over 1,000 IP Addresses To the FBI
They wouldn't have to scrounge like this if they would implement IPV6.

--
-Dave
Your tax dollars at work! by Snufu · 2011-07-31 10:36 · Score: 1

Corporations snap their fingers and our federally funded law enforcement agencies jump to their bidding. Do you think you would get the same treatment if someone DDOS'd your personal blog?
Legalise DDOS by bug1 · 2011-07-31 10:56 · Score: 1

The purpose of a real life protest is to show dissent, to interrupt the normal routine, to express solidarity by acting in unison.
Is a DDOS that different from a real life protest that participants deserve to go to jail ?
Plausible deniabilty by mr100percent · 2011-07-31 11:03 · Score: 1

Many LOIC users will claim that another user was on their network or that their machine was part of a botnet. Will that work as reasonable doubt?
Re:Botnet IPs? by GameboyRMH · 2011-07-31 12:45 · Score: 1

That's JSloic:
http://loic.planned-chaos.com/

--
"When information is power, privacy is freedom" - Jah-Wren Ryel
Re:1,000 compromised hosts by KingMotley · 2011-07-31 14:01 · Score: 1

Incorrect, the probability that they were pulled out of an ass is 100%. The probability that it was his own ass is more like 85%.
real evidence or ? by Ofloo · 2011-07-31 19:39 · Score: 1

I'm not for or against anything, I disapprove ddos by anyone, .. whatever the reason, .. but if it takes that long to get evidence, my first thought is my god it took that long to "fabricate the evidence".
Re:TOR by Dan541 · 2011-07-31 20:06 · Score: 1

Surprisingly few I would think. Anonymous actively discourage using Tor for LOIC because it means they also DoS the Tor network.
The general consensus in their IRC is that "no one gets caught for this". They are now getting their wake up call.

--
An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"