Slashdot Mirror
PayPal Hands Over 1,000 IP Addresses To the FBI
tekgoblin writes "PayPal was attacked by Anonymous last year when they had blocked the Wikileaks accounts transactions. Now PayPal has finally come up with enough evidence to strike back at Anonymous with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses left behind when they were attacked by Anonymous."
If I recall correctly, there was a wave of encouraging sympathetic bystanders to install LOIC. This is unlikely to get the organizers of the protest, just the idealistic or foolish people who essentially just showed up and lent their voice.
I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.
On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....
TFA doesn't have any more info than the summary. PayPal hasn't apparently done any investigation themselves so why couldn't they have handed these over 11 months ago? Did they fear that it would cause a retribution and wanted to harden their systems first? Did they actually hand these over 11 months ago and simply announce it now? Did they just spend a year thinking whether to press charges or not (couldn't they have allowed FBI to start the investigation immediately, even if that was the case?)?
If you want a crime solved, it seems very odd to wait a year before handing the relevant data over to FBI... I refuse to believe that it took them a year to determine what traffic was actually part of the DDoS and what wasn't (it can even contain false positives if it's just the starting point for FBI)!
Actually, no.
There mightve been help from botnets but a large number of people were using LOIC, a gui ddos tool for scriptkiddies which doesn't spoof packets.
It's hilarious to me that it's the main tool for Anonymous members and clearly shows how the majority doesn't really know what they're doing but just following lead.
The FBI might not have direct jurisdiction, but they've certainly got agreements with the major law enforcement agencies around the world, and you can bet that hacking across international lines is a sensational enough crime that they're going to assist the FBI in any way they can. See also the recent cases of "Anonymous members" getting picked up in the UK.
Man who leaps off cliff jumps to conclusion.
Haven't you heard? The US Government has jurisdiction wherever the hell it wants.
Technoli
I'm willing to bet that the vast majority of those 1000 IPs belong to underaged kids, not the masterminds behind the attacks or even older individuals with the sense to cover their tracks. Should we look forward to the arrests of hundreds of 13-year-olds? Well, I guess the backlash will be fun to watch...
Well that's awfully well timed to coincide with the bill to retain IP addresses for 18 months.
The problem with this theory is that it's no different, conceptually, from a civil protest of any other sort. The net effect is the same as, say, a venue's ticket sales website going down because too many people are trying to buy the tickets that "just went on sale" for some crazy-popular act (say, if Gaga or *shudder* Bieber were starting a new tour).
If anything, call it a virtual sit-in. Remember the "Virtual Marches on Washington" a few years back, where people were encouraged to slam emails at their congressmen and tie up the congressional phone banks? SAME THING.
Voluntary people. Doing voluntary things as a form of protest. 1000 people, in an organized sit-in, could easily shut down business in 10 consumer banks. Those same 1000 people, "virtually", were part of an organized "virtual sit-in" that caused trouble for Paypal because Paypal had done something worth protesting.
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
I vote based on politicians' actions, unless contrary to my preconceptions. Often wrong, never uncertain. #iamthe99%
FYI it's open source... http://sourceforge.net/projects/loic/
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
I am not sure, on the sit-ins and pickets. I would not think a sit-in can disrupt operations, since it's on private property, and it's not like they're discriminating against you based on your race or gender. A picket line might be different--if someone touches you to move you out of the way, that's a tort and a crime. But it may also be a tort and/or crime for you to physically bar their entry. (And disobeying a lawfully given police order is also a crime usually, but I'm not sure how the first amendment interacts with that in orders to disperse, etc...)
A DDoS is not sabotage--sabotage implied some kind of surreptitious damage to a machine, to equipment, etc... and a DDoS attack damages the bottom line, but not equipment. The UPS metaphor is close, although again, you're not sneaking in--you come in through the front door, the way everyone else does, you just behave differently. It's kind of like a flash-mob that doesn't steal anything, but is filling the store and and nobody else can get in.
The only real difference--and it is a big one--is that for a DDoS, there is no real way to tell someone to leave.
-- IANAL, this isn't legal advice, and definitely isn't legal advice for you. Also, Squee!
By that logic, citizens who protested against Gitmo were "providing material support" to the supposed terrorists held there.
This is where the law has become completely goddamn stupid. A protest is a protest. If it becomes violent, and that means PHYSICALLY VIOLENT, then it's a problem. Shy of that, it's just a protest and protected under the Constitutional right to peaceably assemble.
Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Depends on your location. Any such laws are local, not federal, in nature and probably won't stand up to constitutional scrutiny, especially since such laws were uniformly used to harass civil rights protesters in the 1950s and 1960s.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
No, the purpose of any such protest is to disrupt the business conditions of the business/person you are protesting. As you said yourself: "Attempt to dissuade people from working or doing business with." If they physically can't get to the store because there are too many people present already, that's that.
Lunch counter sit-ins, for example, filled the restaurant with people that the racist restaurant owners refused to serve, leaving no seats for the "desired customers."
DDoS is nothing like that. It directly impedes business, it directly impedes customers. ... DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge.
Given that your entire premise has just been proven false, the rest of your rant is meaningless. There were a lot of angry Southerner KKK members who were angry about the fact that a group of protesters were "directly impeding customers" at the lunch counter sit-ins, too. A lot of people who were "frustrated" and not "let handle their affairs" in other sit-ins throughout the years, including recently when the Republicans were raping the public sector and protesters staged sit-ins at several state capitals.
No permanent physical damage done, but disrupts business...
That's the exact purpose of a peaceful protest. To not do permanent physical damage, but cause enough disruption that your demands are acceded to.