PayPal Hands Over 1,000 IP Addresses To the FBI 214
tekgoblin writes "PayPal was attacked by Anonymous last year when they had blocked the Wikileaks accounts transactions. Now PayPal has finally come up with enough evidence to strike back at Anonymous with the help of the FBI. PayPal has come up with a list of over 1,000 IP Addresses left behind when they were attacked by Anonymous."
oooh 1,000 infected computers (Score:1, Insightful)
If a single one of those 1,000b addresses belongs to an anonymous member, then I hope anonymous is destroyed.
we gotta have standards
Payback the other way round.... (Score:5, Insightful)
I neither like Paypal nor the credit card companies much. But participating willingly in a DDOS attack is a criminal act in my book.
On the other hands, they probably have only the ip addresses of cat's paws. So punishing them hard would not be clever. Setting an example always works both ways....
Re:Will the FBI have Jurisdiction (Score:5, Insightful)
Haven't you heard? The US Government has jurisdiction wherever the hell it wants.
One answer... (Score:3, Insightful)
Re:Sympathizers only (Score:5, Insightful)
Could be, but those are also the people who may be most easily deterred from doing it again, if they see people being arrested for it.
Doesn't hit core anon members, perhaps, but weakens one of their weapons.
Re:Payback the other way round.... (Score:5, Insightful)
How many times can I push the reload button on my browser before I'm breaking the law?
A bunch of kids (Score:5, Insightful)
HR1981 Timing (Score:5, Insightful)
Well that's awfully well timed to coincide with the bill to retain IP addresses for 18 months.
Re:oooh 1,000 infected computers (Score:5, Insightful)
The problem with this theory is that it's no different, conceptually, from a civil protest of any other sort. The net effect is the same as, say, a venue's ticket sales website going down because too many people are trying to buy the tickets that "just went on sale" for some crazy-popular act (say, if Gaga or *shudder* Bieber were starting a new tour).
If anything, call it a virtual sit-in. Remember the "Virtual Marches on Washington" a few years back, where people were encouraged to slam emails at their congressmen and tie up the congressional phone banks? SAME THING.
Voluntary people. Doing voluntary things as a form of protest. 1000 people, in an organized sit-in, could easily shut down business in 10 consumer banks. Those same 1000 people, "virtually", were part of an organized "virtual sit-in" that caused trouble for Paypal because Paypal had done something worth protesting.
Re:oooh 1,000 infected computers (Score:2, Insightful)
Civil protests are protected free speech under the 1st Amendment to US Constitution.
Denial Of Service attacks are not protected speech and are a violation of Federal law.
What next, are you going to suggest that you can have people fire guns up into the air and call that a a civil protest?
Re:oooh 1,000 infected computers (Score:5, Insightful)
Correct me if I'm wrong, but I do believe that sit-ins and pickets cannot legally prevent or impede normal operations of the business - you cannot block customers or employees.
Picket lines and sit-ins are meant to educate people about an issue; make them think twice about it, make them realize there may be more to something that hadn't considered before. Attempt to dissuade people from working or doing business with the company or institution you don't like.
DDoS is nothing like that. It directly impedes business, it directly impedes customers. It has no message, other than an error when a customer tries to load the page; there's no persuasion there. They might read about it later - might - but then, the DDoSers no longer control the message - most people are going to read about it from a news outlet. They'll probably see it as some "hackers" preventing them from getting on with their lives. Frustrating people and not letting them handle their affairs is not a good way to get them on your side.
DDoS isn't a sit-in, isn't a protest. It's sabotage. It's revenge. It's sneaking into UPS at night and letting the air out of all the tires of all the trucks. No permanent physical damage done, but disrupts business, delays packages.
I am not sure, on the sit-ins and pickets. I would not think a sit-in can disrupt operations, since it's on private property, and it's not like they're discriminating against you based on your race or gender. A picket line might be different--if someone touches you to move you out of the way, that's a tort and a crime. But it may also be a tort and/or crime for you to physically bar their entry. (And disobeying a lawfully given police order is also a crime usually, but I'm not sure how the first amendment interacts with that in orders to disperse, etc...)
A DDoS is not sabotage--sabotage implied some kind of surreptitious damage to a machine, to equipment, etc... and a DDoS attack damages the bottom line, but not equipment. The UPS metaphor is close, although again, you're not sneaking in--you come in through the front door, the way everyone else does, you just behave differently. It's kind of like a flash-mob that doesn't steal anything, but is filling the store and and nobody else can get in.
The only real difference--and it is a big one--is that for a DDoS, there is no real way to tell someone to leave.
Re:oooh 1,000 infected computers (Score:3, Insightful)
Temporarily taking a website offline sucks for the affected company. So does a protest that blocks the street in front of a store being protested, or even the neighboring stores in the strip mall. But unless there is permanent damage done (the equivalent of someone not just peacefully protesting, but actively spray-painting graffiti as one conceptual example) then it's just a protest and shouldn't be considered criminal.
It's a question of scale, though. One of the reasons sitting on the street in front of a store is a legal way of protesting is that you only have your own one body to work with. You can protest, but you can't single-handedly block access completely unless others (who're making their own decisions) work together with you.
In denial-of-service terms, this would be more akin to repeatedly hitting F5 in your browser to reload the page. If you do that by hand, you should be golden: it's pretty much the same as sitting on the street in front of a store.
Using an automated tool to use your entire available bandwidth (which may be significant these days) to bring down a website is more akin to building a wall or another sort of barrier in front of a store. If you try that in real life, you will soon find that despite not being physically violent, it is not actually a valid and/or legal way of protesting.
Re:oooh 1,000 infected computers (Score:4, Insightful)
I'd say a DDOS is much more analogous to the sit-in than a picket outside, as the disruption happens within the target's property, i.e. their computers. Even if it happens at their ISP's routers, that's still private property that they are effectively leasing the right to use, which they are being prevented from doing.
That said, the obvious extrapolation should be made: a sit-in is not a criminal offence, it is trespass. Therefore a DDOS should be relegated to the status of trespass-to-chattels. Which would mean you cannot be imprisoned for taking part in one, but you could be held liable for losses incurred by the target because of it (trespass gives rise to a chose in tort, if I understand such matters correctly, which as I am not a lawyer I may not...).