Forgot your password?
typodupeerror
Security Your Rights Online

PayPal Hands Over 1,000 IP Addresses To the FBI 214

Posted by samzenpus
from the naughty-list dept.
tekgoblin writes "PayPal was attacked by Anonymous last year when they had blocked the Wikileaks accounts transactions. Now PayPal has finally come up with enough evidence to strike back at Anonymous with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses left behind when they were attacked by Anonymous."
This discussion has been archived. No new comments can be posted.

PayPal Hands Over 1,000 IP Addresses To the FBI

Comments Filter:
  • Sympathizers only (Score:5, Informative)

    by Anonymous Coward on Sunday July 31, 2011 @10:05AM (#36938836)
    If I recall correctly, there was a wave of encouraging sympathetic bystanders to install LOIC. This is unlikely to get the organizers of the protest, just the idealistic or foolish people who essentially just showed up and lent their voice.
    • by Calos (2281322) on Sunday July 31, 2011 @10:51AM (#36939064)

      Could be, but those are also the people who may be most easily deterred from doing it again, if they see people being arrested for it.

      Doesn't hit core anon members, perhaps, but weakens one of their weapons.

      • by gl4ss (559668)

        doesn't weaken their weapons either. just builds up more goodwill to them, just another thousand people who can't/will not use paypal.

        also those thousand theoretical cases are going to do massive DDOS of the legal system(and their "cyber experts" time and billing, noticed how only government and shrill companies are using the word "cyber" to sound like they're.. well, hackers I suppose, cyber hackers who do magic shit, or some shit like that). so who wins? anonymous.

        paypal should just register as a bank any

  • by mseeger (40923) on Sunday July 31, 2011 @10:07AM (#36938854)

    I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.

    On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....

    • by IANAAC (692242)

      I neither like Paypal nor the credit card companies much.

      Unrelated, I suppose, but I often see comments from people claiming their dislike for Paypal. Personally, I've never had a problem with them, but the number of Paypal complaints prompts me to ask:

      What alternative is there really for someone in my position. Living in the US, I accept a lot of work online from places outside the US and sometimes outside the EU, and Paypal (or Moneybookers) is really the only reliable way to receive payment without being charged huge fees as my bank would certainly do.

      In f

    • But participating willingly in a DDOS attack is a criminal act in my book.

      That's great, but no one has read your book, and I doubt the courts have a copy of it, so DDOS attacks are not necessarily criminal in terms of the law.

  • by F69631 (2421974) on Sunday July 31, 2011 @10:07AM (#36938856)

    TFA doesn't have any more info than the summary. PayPal hasn't apparently done any investigation themselves so why couldn't they have handed these over 11 months ago? Did they fear that it would cause a retribution and wanted to harden their systems first? Did they actually hand these over 11 months ago and simply announce it now? Did they just spend a year thinking whether to press charges or not (couldn't they have allowed FBI to start the investigation immediately, even if that was the case?)?

    If you want a crime solved, it seems very odd to wait a year before handing the relevant data over to FBI... I refuse to believe that it took them a year to determine what traffic was actually part of the DDoS and what wasn't (it can even contain false positives if it's just the starting point for FBI)!

    • One answer... (Score:3, Insightful)

      by BrokenHalo (565198)
      An answer to this might be the old rule that one should never assume malice where stupidity or ignorance are more likely to be the case. It is quite possible that PayPal doesn't have the resources (i.e. the smarts) to follow the trail themselves, so after some fruitless dithering, they have simply passed the bag on to someone else. Not that the FBI will necessarily process the information any more intelligently, but it isn't PayPal's problem any more.
      • by julesh (229690)

        It is quite possible that PayPal doesn't have the resources (i.e. the smarts) to follow the trail themselves

        This would be the same PayPal who suspend your account if you use a proxy server, and seem pretty hot at detecting them (they get me *every time* I forget and try to access their site with Opera Mini)?

        No, they could have produced this list within days of the attack if they had wanted.

    • by Antique Geekmeister (740220) on Sunday July 31, 2011 @10:49AM (#36939052)

      I've very sad to say that this is typical of the FBI Computer Crime Center, and of corporate computer crime. Exposing the vulnerability or logging structures of Paypal's internal services to _anyone_ would be bad for them as a company interested in continuing to gather investor money and avoid negative assessments of their practices. Paypal does not have much interest in prosecuting this: prosecuting a few of Anonymous's members would not stop the rest of Anonymous's members from focusing their attacks against Paypal in a retaliation.

      Moreover, the FBI computer crime teams are demonstrably incompetent. Review their own website, at http://www.fbi.gov/about-us/investigate/cyber/cyber [fbi.gov]. Their big computer "takedowns" are all at least 2 years old and the actual investigations done by other, overseas security forces or local law enforcement. The FBI taking credit for these few cases is insulting to those agencies. When the FBI says "our global partnerships paid off", as they do at http://www.fbi.gov/news/stories/2008/october/darkmarket_102008 [fbi.gov], it actually means "someone else did all the work and we're trying to take the credit without telling anyone what we actually failed to do".

    • Wired reported on this a few days ago (and there was a Slashdot article about related information [slashdot.org] at the time, too), noting that Paypal handed over the information last December.

      http://www.wired.com/threatlevel/2011/07/op_payback/ [wired.com]

  • A bunch of kids (Score:5, Insightful)

    by airfoobar (1853132) on Sunday July 31, 2011 @10:57AM (#36939098)
    I'm willing to bet that the vast majority of those 1000 IPs belong to underaged kids, not the masterminds behind the attacks or even older individuals with the sense to cover their tracks. Should we look forward to the arrests of hundreds of 13-year-olds? Well, I guess the backlash will be fun to watch...
    • by guttentag (313541) on Sunday July 31, 2011 @12:23PM (#36939622) Journal
      This is probably why PayPal waited a year to turn over the addresses. Now those 13-year-olds are 14 years old. By the time the investigation is over, they will be 18-year-old subjects of warrantless wiretapping, at which point each of them will be caught doing something and charged as an adult. You need to think long-term about these things.
      • by Terrasque (796014)

        However, after waiting a year... How many of those IP adresses can still be traced to a specific user? How many ISP's don't have logs that far back?

    • by artor3 (1344997)

      Who cares if they're kids? Tearing off their cloak of anonymity and giving them a nice hard slap on the wrist will help to dissuade other anon kiddies from participating in the future.

      • by Urza9814 (883915)

        ...but punishing a bunch of kids for something stupid like this is only going to make adults, like myself, more likely to take part next time.

      • by gl4ss (559668)

        well, in many countries they're only liable for actual proven damages of which there is none. just some electricity.

  • HR1981 Timing (Score:5, Insightful)

    by Anonymous Coward on Sunday July 31, 2011 @10:59AM (#36939108)

    Well that's awfully well timed to coincide with the bill to retain IP addresses for 18 months.

  • ...they would be using compromised systems or drones to attack their victims.

    My guess is the FBI is sitting on 1000 IP addresses of compromised systems that need to be cleaned.

    • by mikael (484)

      Going by previous discussions here, they've got 1000 IP addresses which probably are DHCP clients owned by bot-nets, which in turn are communicating via distributed command and control through proxy intermediates using encrypted channels. That's going to be fun chasing up. A simple whois will give them the ISP, but how are they going to identify the actual PC that was in use then?

      After 24-hours of the event, they could have watched those IP addresses, and did some traffic analysis on the hosts they connecte

  • Of rooted XP boxes?
  • This time anon will probably expose paypal's own records. our credit card info may get out.

    paypal fools. that move was stupid. they basically invited wrath upon us users.
  • I read this as:

    with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses

    Very Mcarthian

    - Dan.

  • by bigdavex (155746) on Sunday July 31, 2011 @04:20PM (#36941034)

    PayPal Hands Over 1,000 IP Addresses To the FBI

    They wouldn't have to scrounge like this if they would implement IPV6.

  • The purpose of a real life protest is to show dissent, to interrupt the normal routine, to express solidarity by acting in unison.

    Is a DDOS that different from a real life protest that participants deserve to go to jail ?

  • Many LOIC users will claim that another user was on their network or that their machine was part of a botnet. Will that work as reasonable doubt?

One small step for man, one giant stumble for mankind.

Working...