PayPal Hands Over 1,000 IP Addresses To the FBI 214
tekgoblin writes "PayPal was attacked by Anonymous last year when they had blocked the Wikileaks accounts transactions. Now PayPal has finally come up with enough evidence to strike back at Anonymous with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses left behind when they were attacked by Anonymous."
Sympathizers only (Score:5, Informative)
Re:Sympathizers only (Score:5, Insightful)
Could be, but those are also the people who may be most easily deterred from doing it again, if they see people being arrested for it.
Doesn't hit core anon members, perhaps, but weakens one of their weapons.
Re: (Score:2)
doesn't weaken their weapons either. just builds up more goodwill to them, just another thousand people who can't/will not use paypal.
also those thousand theoretical cases are going to do massive DDOS of the legal system(and their "cyber experts" time and billing, noticed how only government and shrill companies are using the word "cyber" to sound like they're.. well, hackers I suppose, cyber hackers who do magic shit, or some shit like that). so who wins? anonymous.
paypal should just register as a bank any
Re: (Score:2, Informative)
Because some mods are morons...
Re: (Score:2)
Well,
When you are in the back of D-wing with you new cell mate Bubba, who is 350 ponds of ass kicking muscle that stands almost 2 feet taller then you do, but wants to play house and asks you if you want to be the husband or the wife, and when you say husband because you don't want to take it and would rather be giving it, then he drops his panties, bends over, and says " Alrighty, eats my pussy then",
just remember, you asked for it because you know people are getting arrested for stupid shit like that. And
Payback the other way round.... (Score:5, Insightful)
I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.
On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....
Re: (Score:2)
I neither like Paypal nor the credit card companies much.
Unrelated, I suppose, but I often see comments from people claiming their dislike for Paypal. Personally, I've never had a problem with them, but the number of Paypal complaints prompts me to ask:
What alternative is there really for someone in my position. Living in the US, I accept a lot of work online from places outside the US and sometimes outside the EU, and Paypal (or Moneybookers) is really the only reliable way to receive payment without being charged huge fees as my bank would certainly do.
In f
Re: (Score:2)
One alternative is not to get those sales or do those buys. That is what I do.
I know, radical thinking.
Huh? Did you read my post at all? I have clients that pay me from abroad via Paypal, because it's the cheapest way for both parties.
About a third of my business comes from overseas business conducted online.
Yes, I could have wire transfers done, but it's expensive for everyone involved and the couple of times I've gone that route, it was nothing but trouble.
My question was: What alternative is there as easy as Paypal (or Moneybookers)?
Re: (Score:2)
But participating willingly in a DDOS attack is a criminal act in my book.
That's great, but no one has read your book, and I doubt the courts have a copy of it, so DDOS attacks are not necessarily criminal in terms of the law.
Re:Payback the other way round.... (Score:5, Insightful)
How many times can I push the reload button on my browser before I'm breaking the law?
Re: (Score:2)
As many times as you want until the Jury is convinced that you did it intentionally to break the service.
Laws are no technical specs. Thre is no X until which reloads are legal. If you boasted to friends to bring down a server and do 5 reloads, it might already convince a jury of you malicious intent. If, on the other side, another witness heard you about complaining that you had to reload the site 100 times until your transaction came through, you will probably get away with it.
There is not algorithm to be
Re: (Score:2)
I think the term you are looking for is called Mens Rea.
http://en.wikipedia.org/wiki/Mens_rea [wikipedia.org]
A lot of laws require not only the technical facts to be present, but the state of mind also.
A side note, I sort of have a personal experience with this where I was attempting to enable IPX on a Linux Box (to facilitate network authorization on a netware 3.5 boxen) and logged into the gateway by mistake enabling it for the gateway NIC. I ended up flooding the entire network as well as the internet. I in effect perfo
Re: (Score:2)
If your intention is to get the latest news, your script is not going to be pressing F5 enough to cause trouble unless you're mindbogglingly stupid in a way that happens by chance to exactly resemble someone whose intention is to attack.
But I suspect your question is not really "what if it's my intention to use a script to get news". Rather your question is "what if my intention is really to do a DOS attack, but I say that my intention is just to get news?" To which the answer is "they're not stupid. The
Re: (Score:2)
Re: (Score:2)
a DDoS only serves to block people from entering
But no individual PC in the DDOS prevents access either.
Consider a big street march that gets violent. You can't (in a democracy) just arrest and charge anyone who was part of the mob. They have to be individually charged and found guilty of a criminal act. You would have to proves some kind of conspiracy and intention. And all they have are IP numbers. Suspicion, but not proof of an illegal act.
Re: (Score:3)
Pickers generally obey the various laws associated with such protests. No blocking entrances, no trespassing etc.
If they don't and do things like lie down across entrances they get hauled by the police.
Re: (Score:2)
What about an intentional slashdotting ?
Say that some article the hive mind disagrees with gets overwhelmed and the "slashdotted" tag goes up with the article link on the front page, as per usual. To what extent does this encourage readers to keep clicking the link in schadenfreude?
Re: (Score:2)
Re: (Score:2)
Why did it take this long? (Score:4, Interesting)
TFA doesn't have any more info than the summary. PayPal hasn't apparently done any investigation themselves so why couldn't they have handed these over 11 months ago? Did they fear that it would cause a retribution and wanted to harden their systems first? Did they actually hand these over 11 months ago and simply announce it now? Did they just spend a year thinking whether to press charges or not (couldn't they have allowed FBI to start the investigation immediately, even if that was the case?)?
If you want a crime solved, it seems very odd to wait a year before handing the relevant data over to FBI... I refuse to believe that it took them a year to determine what traffic was actually part of the DDoS and what wasn't (it can even contain false positives if it's just the starting point for FBI)!
One answer... (Score:3, Insightful)
Re: (Score:2)
It is quite possible that PayPal doesn't have the resources (i.e. the smarts) to follow the trail themselves
This would be the same PayPal who suspend your account if you use a proxy server, and seem pretty hot at detecting them (they get me *every time* I forget and try to access their site with Opera Mini)?
No, they could have produced this list within days of the attack if they had wanted.
Re:Why did it take this long? (Score:5, Informative)
I've very sad to say that this is typical of the FBI Computer Crime Center, and of corporate computer crime. Exposing the vulnerability or logging structures of Paypal's internal services to _anyone_ would be bad for them as a company interested in continuing to gather investor money and avoid negative assessments of their practices. Paypal does not have much interest in prosecuting this: prosecuting a few of Anonymous's members would not stop the rest of Anonymous's members from focusing their attacks against Paypal in a retaliation.
Moreover, the FBI computer crime teams are demonstrably incompetent. Review their own website, at http://www.fbi.gov/about-us/investigate/cyber/cyber [fbi.gov]. Their big computer "takedowns" are all at least 2 years old and the actual investigations done by other, overseas security forces or local law enforcement. The FBI taking credit for these few cases is insulting to those agencies. When the FBI says "our global partnerships paid off", as they do at http://www.fbi.gov/news/stories/2008/october/darkmarket_102008 [fbi.gov], it actually means "someone else did all the work and we're trying to take the credit without telling anyone what we actually failed to do".
Re: (Score:2)
Wired reported on this a few days ago (and there was a Slashdot article about related information [slashdot.org] at the time, too), noting that Paypal handed over the information last December.
http://www.wired.com/threatlevel/2011/07/op_payback/ [wired.com]
A bunch of kids (Score:5, Insightful)
Re:A bunch of kids (Score:4, Funny)
Re: (Score:2)
However, after waiting a year... How many of those IP adresses can still be traced to a specific user? How many ISP's don't have logs that far back?
Re: (Score:2)
Who cares if they're kids? Tearing off their cloak of anonymity and giving them a nice hard slap on the wrist will help to dissuade other anon kiddies from participating in the future.
Re: (Score:3)
...but punishing a bunch of kids for something stupid like this is only going to make adults, like myself, more likely to take part next time.
Re: (Score:3)
well, in many countries they're only liable for actual proven damages of which there is none. just some electricity.
HR1981 Timing (Score:5, Insightful)
Well that's awfully well timed to coincide with the bill to retain IP addresses for 18 months.
If Anonymous were any good... (Score:2)
...they would be using compromised systems or drones to attack their victims.
My guess is the FBI is sitting on 1000 IP addresses of compromised systems that need to be cleaned.
Re: (Score:2)
Going by previous discussions here, they've got 1000 IP addresses which probably are DHCP clients owned by bot-nets, which in turn are communicating via distributed command and control through proxy intermediates using encrypted channels. That's going to be fun chasing up. A simple whois will give them the ISP, but how are they going to identify the actual PC that was in use then?
After 24-hours of the event, they could have watched those IP addresses, and did some traffic analysis on the hosts they connecte
1000 IP's of.... (Score:2)
Time to close our paypal account ? (Score:2)
paypal fools. that move was stupid. they basically invited wrath upon us users.
I read this as: (Score:2)
I read this as:
with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses
Very Mcarthian
- Dan.
Hand Over? (Score:3)
They wouldn't have to scrounge like this if they would implement IPV6.
Legalise DDOS (Score:2)
The purpose of a real life protest is to show dissent, to interrupt the normal routine, to express solidarity by acting in unison.
Is a DDOS that different from a real life protest that participants deserve to go to jail ?
Plausible deniabilty (Score:2)
Many LOIC users will claim that another user was on their network or that their machine was part of a botnet. Will that work as reasonable doubt?
Re:Botnet IPs? (Score:5, Informative)
Actually, no.
There mightve been help from botnets but a large number of people were using LOIC, a gui ddos tool for scriptkiddies which doesn't spoof packets.
It's hilarious to me that it's the main tool for Anonymous members and clearly shows how the majority doesn't really know what they're doing but just following lead.
Re:Botnet IPs? (Score:5, Interesting)
Re: (Score:2)
That's JSloic:
http://loic.planned-chaos.com/ [planned-chaos.com]
Collateral damage too (Score:2)
Not just grandmothers, but also people that violated some RIAA copyright and now will get burnt.
Re: (Score:2)
Re:oooh 1,000 infected computers (Score:4, Informative)
Re:oooh 1,000 infected computers (Score:5, Insightful)
The problem with this theory is that it's no different, conceptually, from a civil protest of any other sort. The net effect is the same as, say, a venue's ticket sales website going down because too many people are trying to buy the tickets that "just went on sale" for some crazy-popular act (say, if Gaga or *shudder* Bieber were starting a new tour).
If anything, call it a virtual sit-in. Remember the "Virtual Marches on Washington" a few years back, where people were encouraged to slam emails at their congressmen and tie up the congressional phone banks? SAME THING.
Voluntary people. Doing voluntary things as a form of protest. 1000 people, in an organized sit-in, could easily shut down business in 10 consumer banks. Those same 1000 people, "virtually", were part of an organized "virtual sit-in" that caused trouble for Paypal because Paypal had done something worth protesting.
Re: (Score:2, Insightful)
Civil protests are protected free speech under the 1st Amendment to US Constitution.
Denial Of Service attacks are not protected speech and are a violation of Federal law.
What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
Re: (Score:2)
Denial Of Service attacks are not protected speech and are a violation of Federal law.
Probably, but has that been litigated? If standing in front of a building in protest in a way which prevents entry is free speech, a DoS attack is theoretically free speech as well. The DoS attack here was effectively civilians protesting on behalf of an organization that released large amounts of classified data. But one can also argue that it was civilians providing material support to that an organization that attempted to release classified data (depending on the CiC structure of the botnet).
It is hi
Re:oooh 1,000 infected computers (Score:5, Interesting)
By that logic, citizens who protested against Gitmo were "providing material support" to the supposed terrorists held there.
This is where the law has become completely goddamn stupid. A protest is a protest. If it becomes violent, and that means PHYSICALLY VIOLENT, then it's a problem. Shy of that, it's just a protest and protected under the Constitutional right to peaceably assemble.
Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
Re: (Score:3, Insightful)
Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
It's a question of scale, though. One of the reasons sitting on the street in front of a store is a legal way of protesting is that you only have your own one body to work with. You can protest, but you can't single-handedly block access completely unless others (who're making their own decisions) work together with you.
In denial-of-service terms, this would be more akin to repeatedly hitting F5 in your browser to reload the page. If you do that by hand, you should be golden: it's pretty much the same as si
Re: (Score:3)
Re: (Score:3)
That's not really true. One person using their maximum bandwidth is unable to take down a web site, you cannot single-handedly block access completely unless others (who're making their own decisions) work together with you. In fact I think you've actually successfully proven yourself wrong.
Phillip.
Re: (Score:3)
If the CiC structure allows anonymous to control the machine, then voluntarily installing their botnet means one is providing them with resources, not merely protesting. (Or at least, that is the argument.)
Re: (Score:2)
Interesting point. What if somebody organises a bus for a bunch of protesters to make it easier to get to the protest point. Have they then relinquished control to the bus driver? After all the volounteers have all signed up for their packets to be delivered by the group organiser.
Phillip.
Re:oooh 1,000 infected computers (Score:4, Informative)
So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall.
You can't legally block access to a store or a street with a protest. You have to let people through.
Re: (Score:2)
No. I absolutely disagree with this logic. If a protest stopped people from entering a store, you'd better goddamn well believe that the police would get involved. This is no different. Peaceful protest means you aren't actively interfering with
It's the Big Bad Interwebz (Score:2)
It is highly unlikely that a court will support the free speech view, of course--but it is a logically valid interpretation.
I have to agree with the intent of folks arguing the "free speech" angle, only insofar as that this really shouldn't be an issue with which law enforcement or the courts should waste their time.
For as long as I can remember, and indeed especially so today, you are responsible for your own security with respect to what comes in and out of that connection provided to you, usually as a paid service, by an entity not under the auspices of Federal, state, or local government (yes, wiretaps, ha-ha). It is thos
Re: (Score:2)
a DoS attack is theoretically free speech as well.
Not likely at all. This is the same reason you can't actually protest INSIDE the buildings because you cause a denial of service for those who wish to actually see federal locations. In other words, the law is pretty clear on this that its in no way imaginable this is protected as free speech.
Re: (Score:2)
so you can stand in front of an office building or whatever, but the second you physically prevent someone from entering (by touching or blocking), I think that changes to some other kind of offense. there was some kind of hotel union strike/protest here, and the pickters would march in front of the hotel banging drums and yelling, but I'm pretty sure they could be arrested if they touched a guest or other staff for any reason.
Those protesters are on public property (the sidewalk in front of the bui
Re: (Score:2)
Re: (Score:2)
Typically, blocking the IP doesn't help (much). The sheer number of requests clogs the connection anyway even if you ignore them. You have to contact your ISP (and possibly thier ISP) to block the IP.
For a protest, that would be like having the police put up a 5 block perimeter, and possibly refusing to let people fly into the aforementioned city even. You can't effectively do that in many cases either.
Re: (Score:2)
Yes, and the protesters lost. This is why abortion protesters can't block access.
"If standing in front of a building in protest in a way which prevents entry is free speech,..."
It's not. This is well known. See above.
Re: (Score:3)
http://en.wikipedia.org/wiki/Trespass_to_chattels [wikipedia.org]
Sometimes you think you know the law. And then you find out, you didn't really know that much about the law. That's why lawyers exist.
Re: (Score:2)
Here is the problem. No protest blocking the entry of a building or area for whatever purpose as the intent of the protest would be considered protected free speech. The abortion protesters found this out the hard way about a decade ago when they became not only liable for the lost revenue of the abortion clinics they blocked, but had to relocate in order to allow patients into the building without being directly harassed by them..
Re: (Score:2)
If standing in front of a building in protest in a way which prevents entry is free speech
No, it isn't, and that is illegal too.
Re: (Score:2)
If standing in front of a building in protest in a way which prevents entry is free speech . . .
Stop there. Maybe I haven't heard about this exception that you claim exists, but you are not allowed to obstruct someone's movement. If that doesn't apply to entering a store, then the justice system has seriously failed. DDoS attacks will not be protected, nor should they be. It costs money and often times serious damage.
I said if, because I'm not sure what the law of picketing is, or how it varies between jurisdictions. I was not referring to false imprisonment, etc...--standing in front of someone means you are standing there first. This is not a question of you surrounding them and preventing them from leaving. I am allowed to obstruct your movement if we're both in a public park and I'm sitting on a bench--you can't sit in the spot I'm in. You're not legally allowed to make me move. Your description, on the other h
Re: (Score:2)
They're not facing execution. What's you point? Non-injury activities are sanction-free?
Re: (Score:2)
I was responding to Parent's claim that DDoS attacks often cause serious damage.
Re: (Score:2)
This has been hashed out about a decade or more ago. Abortion protesters were blocking access to abortion clinics and the courts rules that it wasn't free speech to do so. The protesters had to pay some restitution of lost business and clear a path large enough for employees and consumers to enter the premises unmolested if they chose to do so. Most of them gave up because the new rules made their protests a lot less effective as they previously where.
Re: (Score:2)
The botnet here was a voluntary botnet, IIRC.
bullshit (Score:2)
Re: (Score:2)
What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
It used to be that way if you go back a couple of 50 years. It was also a form of celebration much like it is now in the ass backward part of the middle east.
Re: (Score:2)
What is sitting in a bank and preventing it from being able to do business but a denial of service?
Re: (Score:2)
"Denial Of Service attacks are not protected speech and are a violation of Federal law."
Clogging the toilet in a public building is then also a Denial of Service attack.
Don't tell me it's different, they both use a series of tubes.
Re: (Score:2)
Re: (Score:2)
Not the same thing at all. One is the vendor's own fault for not having enough capacity...
Re:oooh 1,000 infected computers (Score:5, Informative)
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
Re:oooh 1,000 infected computers (Score:5, Insightful)
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
I am not sure, on the sit-ins and pickets. I would not think a sit-in can disrupt operations, since it's on private property, and it's not like they're discriminating against you based on your race or gender. A picket line might be different--if someone touches you to move you out of the way, that's a tort and a crime. But it may also be a tort and/or crime for you to physically bar their entry. (And disobeying a lawfully given police order is also a crime usually, but I'm not sure how the first amendment interacts with that in orders to disperse, etc...)
A DDoS is not sabotage--sabotage implied some kind of surreptitious damage to a machine, to equipment, etc... and a DDoS attack damages the bottom line, but not equipment. The UPS metaphor is close, although again, you're not sneaking in--you come in through the front door, the way everyone else does, you just behave differently. It's kind of like a flash-mob that doesn't steal anything, but is filling the store and and nobody else can get in.
The only real difference--and it is a big one--is that for a DDoS, there is no real way to tell someone to leave.
Re:oooh 1,000 infected computers (Score:4, Insightful)
I'd say a DDOS is much more analogous to the sit-in than a picket outside, as the disruption happens within the target's property, i.e. their computers. Even if it happens at their ISP's routers, that's still private property that they are effectively leasing the right to use, which they are being prevented from doing.
That said, the obvious extrapolation should be made: a sit-in is not a criminal offence, it is trespass. Therefore a DDOS should be relegated to the status of trespass-to-chattels. Which would mean you cannot be imprisoned for taking part in one, but you could be held liable for losses incurred by the target because of it (trespass gives rise to a chose in tort, if I understand such matters correctly, which as I am not a lawyer I may not...).
Re: (Score:2)
It is obvious. And I'm not sure why it's a criminal offense. I've been DDOS'd plenty of times, the last one pretty sure paid for by a certain rival. I tracked down one of the sources as a compromised router in Japan, but due to being out of hours it took ages before I could get hold of somebody to shut it down. They should compensate me for lost business, but prison? Sure it would give me personal satisfaction but it would be more logical they compensate me.
Sure you might have moral reasons for protesting a
Re:oooh 1,000 infected computers (Score:5, Informative)
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Depends on your location. Any such laws are local, not federal, in nature and probably won't stand up to constitutional scrutiny, especially since such laws were uniformly used to harass civil rights protesters in the 1950s and 1960s.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
No, the purpose of any such protest is to disrupt the business conditions of the business/person you are protesting. As you said yourself: "Attempt to dissuade people from working or doing business with." If they physically can't get to the store because there are too many people present already, that's that.
Lunch counter sit-ins, for example, filled the restaurant with people that the racist restaurant owners refused to serve, leaving no seats for the "desired customers."
DDoS is nothing like that. It directly impedes business, it directly impedes customers. ... DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge.
Given that your entire premise has just been proven false, the rest of your rant is meaningless. There were a lot of angry Southerner KKK members who were angry about the fact that a group of protesters were "directly impeding customers" at the lunch counter sit-ins, too. A lot of people who were "frustrated" and not "let handle their affairs" in other sit-ins throughout the years, including recently when the Republicans were raping the public sector and protesters staged sit-ins at several state capitals.
No permanent physical damage done, but disrupts business...
That's the exact purpose of a peaceful protest. To not do permanent physical damage, but cause enough disruption that your demands are acceded to.
Re: (Score:2)
I would do this two ways.
One - send out mass mails (one per complainant) to the company about $issue, and CC $newsmedia and $govtrepresentative in each message.
Two - take out adwords on google for keywords related to the product/service/company and let the ads direct to a site with your message.
One accomplishes the "one meatsack one complainant" limitation imposed by physical sit-ins AND makes the message public.
Two gets the message out, and gives the recipient of the message free choice if he wants to cli
Re: (Score:3)
Google won't let you create an Adwords ad with a trademarked term in it without the permission of the trademark holder. That tanks #2 in one easy step, unfortunately.
Re: (Score:3)
Free speech = picketing in front of a business. Totally protected.
DoS attacks = blocking a business' entrance and preventing customers from entering. Not protected and very definitely illegal.
Re: (Score:2)
Actually they probably are real, since this attack was done with LOIC, a "voluntary PLEASE SUE ME I don't understand the concept of ip spoofing ".
fixed that for you
Re: (Score:2)
Re: (Score:3)
They already have one set of suspects from a single IP address [thehackernews.com]:
These were the IP addresses that sent the largest number of packets. Packets coming from Anonymous contained strings like "wikileaks," "goof," and "goodnight". The affidavit was offered in support of a search warrant for the home of an Arlington, Texas couple and their son. They have not been charged yet, but the house was the source of 3,678 packets in about two-and-a-half hours.
Re: (Score:2)
Well, they seize the computer and treat it as evidence and look for information contained on it that helps them show it was Bob who did it. This happens possibly while Bob has been arrested (because he lives by himself and swears that no one but him has access to the computer or the internet service he pays for). The authorities check and find nothing indicating Bob took part in this outside of Tor being installed. They release him, gather any information possible about the tor client connections and eventu
Re: (Score:2)
You can't really DDoS through a proxy. You can try, but you'll probably put more load on the proxy.
Now if that was something like an SQL injection attack you'd be 100% correct. Using Tor is safe, running a Tor exit node isn't. That said I run some exit nodes and I'm still here. Also see my journal for something even scarier about Tor.
Re: (Score:2)
Then you better hope Anonymous is destroyed. Raids are more often than not carried out by a bunch of people utilizing a particular program from their home connections.
Re: (Score:2)
Re: (Score:3)
why shouldn't PayPal just leave that up to the FBI to check? After all, they're the ones that are supposed to have the public's interest at heart, not PayPal, the corporation that got attacked here.
Re:Will the FBI have Jurisdiction (Score:5, Informative)
The FBI might not have direct jurisdiction, but they've certainly got agreements with the major law enforcement agencies around the world, and you can bet that hacking across international lines is a sensational enough crime that they're going to assist the FBI in any way they can. See also the recent cases of "Anonymous members" getting picked up in the UK.
Re: (Score:2)
I think a lot of attacks intentionally use proxies located in China. It doesn't get followed up and law enforcement just chalks one up to the "damn dirty Chinamen."
Re:Will the FBI have Jurisdiction (Score:5, Insightful)
Haven't you heard? The US Government has jurisdiction wherever the hell it wants.
Re: (Score:3)
Doubtful.
1. Most people in a voluntary botnet attack don't know tor.
2. Of those who do, some percentage both know how to use it, and understand why multiple people deciding to do thios would quickly become a DOS of the tor network, and we would hope decide not too. (as someone who keeps a lazy eye on the tor mailing lists, I never saw any threads about how LOIC attacks were bringing it to its knees, nor do I remember noticing it being slower than normal then)
3. I expect the set of people who would participa
Re: (Score:2)
DDoS over Tor would probably cripple the Tor network. Tor is for anonymizing your connection, but it's not a robust, high-speed link. It would slow the attack on the target, and more effectively DDoS Tor than anything.
Re: (Score:2)
Because DHCP doesn't leave any logs. Cute little anonymous coward, you probably even think you can't be traced just cause you posted anonymous from your browser's incognito mode under Linux!
Re: (Score:3)
In fact in the EU I think the ISPs are required to keep that information for two years, under the Data Retention Directive [wikipedia.org].
Re: (Score:2)
Incorrect, the probability that they were pulled out of an ass is 100%. The probability that it was his own ass is more like 85%.