Hacker News new | past | comments | ask | show | jobs | submit login
Paypal.com appears to be unavailable (paypal.com)
148 points by ivankirigin on Dec 9, 2010 | hide | past | favorite | 123 comments



If you dominate a market, a serious ethical duty devolves upon you to do right by your customers, but Paypal, Visa, and MC, on which donation-supported non-profit orgs like Wikileaks almost entirely depend, have utterly failed to fulfill that duty; in fact they didn't even try. Their actions, arbitrary or spineless, have almost completely choked off funding for Wikileaks. I never imagined ending up saying this, but I'm impressed and grateful that there exists an international, anonymous horde able to begin the process of making companies like this at least minimally answerable for their actions, which no one else seems capable or desirous of doing.


You're ignoring the thousands (hundreds of thousands, millions?) of "innocent" businesses that are having problems because of this. Sure try and hurt Visa, Mastercard and Paypal, but hurting innocent people?

Isn't that exactly what the US government have done? "It's for the greater good". The people involved in these attacks are just as bad.


I'm going to preface this by saying that I'm not actually a huge fan of WikiLeaks or of Anon, but...

Try to keep things in perspective. We're facing a substantial progression towards a hybridization of the scenarios outlined in 1984 and Brave New World, and you're worried about the disruption of commerce?

Are your priorities really that warped?

There's always collateral damage, whether it's merchants or your civil rights.

I should've guessed that there would be hand-wringing about commerce on here, but I never knew it would be so ridiculous considering what's being hashed out here.


I'm sorry, but do you honestly think this is anymore than a bunch of angry teenagers who will be bored in a week? Look back on every other instance of "Anon" "protesting" and work out what has changed. Please do show what they've actually done beyond cause minor temporary disruption, it just so happens that this time the minor disruption has real world repercussions and is hurting businesses. The people who are responsible for this are those in US government, I think it's pathetic companies like Visa, Paypal and Mastercard are being attacked when they've done nothing wrong, it's the US government at fault but they're "untouchable" to these angsty teenagers so they do the thing they always do and attack the weakest targets.

Give it a week and nobody will remember any of this, besides the businesses that lost money.


I wouldn't be so sure that they're just going to lose interest in a week. Look at scientology, that's still going on.


Which if it's enough businesses loose money might be a lot of people.

I'm completely opposed to these actions, but I've got to say that causing financial losses is a fairly effective protest.


>Give it a week and nobody will remember any of this

That's the tragedy not

>besides the businesses that lost money.

Nobody cares about citizenship or rights anymore. Just money.


This is nothing more than Eco-terrorism for nerds. What's wrong with blowing up some buildings, after all they only cost money, and the fate of the world is at stake! Please. This is terrorism pure and simple--do right by Wikileaks or we will hurt you. Maybe it's terrorism you finally agree with because this time it's for the Internet, but let's be under no illusions it won't utterly backfire.


I oppose ALF and ELF both.


>If you dominate a market, a serious ethical duty devolves upon you to do right by your customers, but Paypal, Visa, and MC, on which donation-supported non-profit orgs like Wikileaks almost entirely depend, have utterly failed to fulfill that duty; in fact they didn't even try.

The majority of Paypal Visa and Mastercard customers rely to some extent on a stable international environment. Suggesting that these companies need to change their moral stance to accommodate anarchists is silly. Wikileaks actions suggest they want to take down the establishment that in a large part enables such companies to operate.

Indeed the fact that these companies have now been attacked by the associates of those they chose not to support means that they made the right decision. Why would they want to bolster groups that will turn and attack them?

If Paypal, for example, hadn't accepted Wikileaks as a customer in the first place then they wouldn't be having to deal with the current situation and could serve the majority of their customers better.

Taking a capitalist view basically Wikileaks supports believe that the rest of us should be screwed over so they can make their point. It's not civilised it's brutish anarchism.


You seem to be implying Wikileaks ordered the DDoSing. Anon is a completely separate "organization" and completely unaffiliated with Wikileaks. They supported Wikileaks' views, and so decided to DDoS MC/Visa/Paypal, but Wikileaks had no part in ordering the attack from my understanding. This is an important distinction to make.


  > Wikileaks actions suggest they want to take down the establishment that
  > in a large part enables such companies to operate.
How so? If my government is doing illegal things, or just things that I don't agree with behind closed doors, should I just accept that there's nothing that I can do to change that? Should these things be ignored because to bring these things to light would 'de-stabilize the international environment' and cause hardships to businesses?

I'm also curious as to how the release of these cables is going to 'take down the establishment.' Do you fear that the US government will crumble, sending America into a period of anarchy all due to WikiLeaks? If not, then do you think that any reasonably intelligent person would believe that that would happen? Do you classify Wikileaks as 'not reasonably intelligent?' If not, then why?

  > Indeed the fact that these companies have now been attacked by the associates of
  > those they chose not to support means that they made the right decision.
For starters, Anonymous could be best described as a 'Stand Alone Complex' as has been pointed out here and on Reddit a couple of times. It's a loosely coupled group of people that is ever changing as people join/depart from it based on whether they 'believe in the cause' or 'get bored' or whatever. Censorship on the web by 'the establishment' really gets Anonymous riled up (see Scientology trying to get the Tom Cruise video pulled from the web). To say that Anonymous is an 'associate' of Wikileaks is about as close to the truth as saying that Osama Bin Laden is an 'associate' of the American public just because they share the believe that the US Army should not be in Iraq.

That point aside, these companies chose to drop support for Wikileaks because they associated 'dropping Wikileaks' with 'zero risk' and 'keeping Wikileaks' with 'high risk.' That risk-assessment is no longer valid due to these attacks. Whether 'dropping Wikileaks' is still lower risk than keeping them is debatable, but it is no longer 'zero risk.' There are companies that only understand financial incentives. If you want them to pay attention to you, you need to affect their bottom line. What I gather from you post is that when a company becomes a pillar of commerce like these credit card processors have, then we can no longer morally affect their bottom line due to the effects that will have on other businesses. The problem with these belief is that you are effectively stating that these companies are 'untouchable' and a stone's throw away from 'too big to fail.'

  > Why would they want to bolster groups that will turn and attack them?
Not that DDoS is necessarily the way to go, but I doubt that there would be any other way to get credit card companies to even give you the time of day once they have deemed that you are 'useless' to them. Do you have an alternate method of making the credit card companies stand up and listen to you once they've decided that you are to be ignored?

  > Taking a capitalist view basically Wikileaks supports believe that the rest
  > of us should be screwed over so they can make their point. It's not civilised
  > it's brutish anarchism.
No offense, but human civilization/society is a huge object that has a large amount of momentum and doesn't turn on a dime. This is why most large changes come with a lot of violence and disruption.

Using your logic, Rosa Parks was a brutish anarchist because she believed that 'white people' should be 'screwed over' and prevented from having a seat at the front of the bus in order for her to make her point. The best course of action would be to disrupt no one. Maybe if Rosa Parks had just lodged a written complaint with the local board of commerce, white racists would have non-violently accepted that black people are their equals?


I think you've watched 'Fight Club' too many times.


I've seen it, perhaps if I saw it again I'd have clue what you're on about?


"Project Mayhem"


I suspect we are going to see two major changes over the next few weeks as a direct result of the "cyber-attacks" going on recently.

1. Financial services will re-evaluate the risks of this kind of attack vs. the cost of assigning more resources to guard against it.

2. Governments will finally start taking IT security seriously.

The latter is the more interesting, because while banks are generally reasonably clued up about balancing risks and will simply adjust their current practices, elected representatives who aren't technically inclined will probably be discolouring their underwear over the fall-out if the bad guys really tried to do some damage, given that it is this easy for a few upset people to cripple the world's payment systems.

I suspect that as a reuslt, we can look forward to increasingly draconian penalties being introduced for this sort of action in most jurisdictions, the end of on-line anonymity as it has been known, and ruthless throttling/disconnection of entire ISPs/countries that don't play ball with either of the above. If you thought government reactions to copyright infringement were heavy-handed, I imagine they will look like a nun comforting a child compared to what is coming next.

The sad thing is that better security, robustness, user authentication, etc. should have been built into the Internet by default for years, but the same "Wild West" evolution that was so successful in the early days has also been a poor driver of consolidation now that the Internet isn't just a toy for the military types and the universities any more. Maybe the Powers That Be will finally start taking serious advice about IT from people who know what they're talking about and collectively give the issues the attention they deserve. (I won't hold my breath, though; this could all end in tears, with a mess of ill-informed and poorly-implemented measures that cause all kinds of additional dangers to innocent people without actually fixing the real problem.)


Governments take IT security very seriously, I don't see where you've seen they don't.

The problem is that you just can't secure a whole infrastructure overnight and that security is very hard.


I would like to clarify on this issue a bit.

1. Declaratively the governments are indeed taking IT security seriously. Thus many guidelines, laws and other formal documents regarding IT security have been accepted. Unfortunately many of these are internally inconsistent or in conflict with others. The net result is that in the name of "security" the governmental IT systems are unnecessarily complicated and expensive.

2. In practice - prescribed security measures are mostly not enforced due to many reasons (eg.: The measures are so strict and rigid that enforcing them would prohibit various legitimate users from actually doing their work; The people in charge of implementation and administration of these systems are plain incompetent and/or disinterested).

3. Securing everything that is currently deemed necessary to the extent prescribed by relevant law will turn out to be prohibitively expensive due to various logistic problems (who will implement necessary auditing systems for legacy systems that nobody udnerstands and there are no funds to replace, where will you store all the auditing information, where will you get competent engineers that actually understand the infrastructure and are willing to work proactively to secure them - for a laughable wage?,...).

So - as a matter of fact - I have to state that governments don't really take IT security seriously. They don't understand the issues and they don't even care. They care for scapegoats and thats it.

Disclaimer: Most of my work is on government related IT projects/systems.


Security is hard. Security on a large scale system is is very hard. Securing a legacy system is extremely hard. Securing a large legacy system is near impossible.

Yes the government wants to cover its ass first and foremost.

But that doesn't mean they don't take IT seriously, they just don't understand it to the point they cannot select people to work with that understand it correctly.

disclaimer: I've designed COMSEC systems


If they took IT security seriously, it wouldn't be a checkbox in a Lockheed or SAIC contract.


The problem is that you just can't secure a whole infrastructure overnight and that security is very hard.

Actually, you can never completely defend against every possible attack. Any finite limit can be exceeded. As long as an attacker can use up some sort of finite resource on your box or network, you're toast.

SYN floods don't happen anymore because SYN cookies make the size of your TCP half-open connection table infinitely large. So no DoS anymore. But other things are not that easy to fix; you can prevent 1 IP from opening a million slow connections to your server and filling up your state table and running your web server out of fds. But you can't prevent a million people from all opening up one connection without blocking legitimate users.

DoS is very hard to defend against. I think in this case, there is probably something easy to fix (get rid of those Windows 95-based routers and app servers), but in the general case, there is nothing that can be done.


This is not true.

I work for a major DDoS mitigation equipment company and we see SYN floods all the time.

And you CAN block one million users from all opening up one connection. Our software/hardware makes this happen. There are MANY MANY ways that DDoS can be dealt with; the biggest hurdle in many cases is convincing a customer that they might be next. Until then, they often don't see the need to spend the money on sufficient capacity or properly test their system against the range of "probable" attack vectors.

That's likely what you're seeing here.

It /is/ true that attacks are becoming more sophisticated and targeting applications rather than just pure network resources (e.g. b/w). A big part of our efforts are trying to abstract away the potential attack vectors common to several application stacks rather than developing solutions for each one at a time.

P.S. Paypal seems to work fine for me right now.


Well, I worked for Arbor, and while it's true that you can readily block packet-y attacks even from a million sources (as long as you can characterize the attack), you're kind of missing 'jrockway's point.

During the Olympics in Korea, which Arbor ran DDoS protection for, attackers set up web pages that simply directed hundreds of thousands of computers at URLs on the MSNBC sites. How are you going to filter against that? If you have a botnet, you can saturate a target with totally legitimate traffic.

You can talk all you want about anomaly detection and attack characterization, but if your attacker has a botnet that generates totally legitimate traffic patterns, you have a very hard problem to solve. It isn't intractable, but probably will require code changes to your application to address.

A lot of anti-DDoS gear that gets sold to enterprises is snake oil. Most companies aren't in a position to filter their own traffic.


I'm not going to get into specifics but I'd like to address your points.

The problem of distinguishing between legitimate traffic and attack traffic gets harder when the attack starts to look more like legitimate traffic. It doesn't get impossible.

You can have a more effective attack if you have a LOT of machines you can use to generate legitimate requests. Of course, after a short while, it's going to be possible to determine which of those hosts are part of the botnet because you can build a history of their requests over time.

So it's not an impossible problem to solve; just a hard one. Most enterprises don't really want to pay the money necessary to protect the bulk of their enterprises.

I don't think I missed jrockway's point, but I do think you're missing mine: namely, that effective DDoS protection is expensive and time-consuming from a training standpoint relative to any individual company's exposure. That's why we don't see more anti-DDoS features in high-profile websites, not because it's ineffective.

Even so...we STILL see lots of packet-y type attacks. It's often overlooked but crafting effective attacks requires really good programming skills. Such skills are often unevenly distributed in script-kiddie kommunities.


I agree that you missed my point :)

My point is, any finite limit can be exceeded. In days of old, it was state tables and file descriptors. Now it's bandwidth. Filtering doesn't matter once the packet has traveled down your finite link to your packet filter. That bandwidth has been used, and denied service to a legitimate user that wanted his packet to go to your server.

Mostly, you're right, it comes down to luck. Attackers don't get the chance to do a daily dev / qa / release cycle. They write something, push it to a bunch of users who hate Amazon and Paypal today, and that's the end of it. If they wrote good code, the attack will be good. If they need to tweak something, they missed the opportunity.

That's what's saving everyone here -- luck.


Filtering of DDoS attacks is moving into the network. The days of sorting attack traffic at the destination have always been numbered.

Current best practice has been to use technologies like FLOWSPEC to get the traffic off the network much closer to the origin.


Yeah, it's hard to speculate as to what's going on, because we are not Paypal or Mastercard. Maybe someone from Anonymous works there and changed their uplink media to 10BaseT :)

So about the SYN floods you see in real life, how do those work? Do routers not do SYN proxying for the servers behind them? Do SYN cookies not work? Are sequence numbers being forged? Is the link saturated? Something else?


Routers don't do SYN proxying. SYNs are just regular packets and are passed along to a host.

FIREWALLs on the other hand, might use a SYN to make an entry in a table that's used to track connection state. That table might be overloaded by a SYN flood. Same thing applies to load balancers.

SYN cookies work just fine at the ENDPOINTs.


That has been the opposite of my experience. To a large extent, the government can't take IT security seriously, because they've outsourced it. There are smart people in and around the government but no coherent strategy. I don't want to get too specific but no DoD network I've seen or talked to people who ran ranks with the least of my financial services clients.


> Governments take IT security very seriously, I don't see where you've seen they don't.

The very fact that this whole cablegate debacle even exists clearly demonstrates that parts of the US government do not.


I take death seriously, that does not mean I get to live forever.


You don't give some random army grunt access to your on/off switch.


Actually, I happen to work for the Army so I am often near well armed "grunts" with access to that off switch. It's a judgment call, but I assume walking around the Pentagon is probably safer than driving which I am also willing to do. More to the point, I think being respectful to well armed people is prudent, hiding under the bed is pointless. So, while I recognize the risk to life and limb at some point you need to focus on risk mitigation rather than avoidance.

PS: To put this into perspective, one of the guys I work with was there for 9/11. He sustained significant injury while several people in the room with him died. Yet, he is also willing to work in the building and most people in the building where not harmed.


Not interested. My original post was not about your completely-missing-the-point simile, but about the fact the the US government demonstrably sucked at IT security when they let the great unwashed have the kind of access they had to State Department cables.


IMO, the government does a reasonable job balancing how well it protects information and the costs of that protection. The current strategy will lead to leaks, but so did paper documents. Millions of people work for the government and many of them are going to try to cause problems.

So, if you are going to equate a single low impact release with “sucking” the go for it. But, I would point out unlike banks which often lose large numbers of SSN’s the government keeps the hole list for everyone and that has not gotten out. And (as my original post pointed out) sometimes when dealing with hard problems mitigation really is the best you can hope for.


He doesn't mean governments' IT security (which is so-so overall), but the Internet as a whole.

And he's right the stuff that will come out of it probably will not be very encouraging.


On the news here in .nl this morning there was an item on a police search that was carried out at a hosting provider that hosted a web page calling for the DDoS on MasterCard and hosted software (LOIC, presumably).

So yes, it's already happening, and in the coming years the internet is bound to change profoundly.

On a meta level, and for improving my own communication skills, I'm a bit surprised that you are being upvoted while I got downvoted yesterday in the MasterCard thread for saying essentially the same. Anyone who answered me yesterday and disagreed with me care to tell me why? Did I not make my point clearly enough, or was it the form of the message?

Edit: link to previous post: http://news.ycombinator.com/item?id=1983858


I won't hold my breath, though; this could all end in tears, with a mess of ill-informed and poorly-implemented measures that cause all kinds of additional dangers to innocent people without actually fixing the real problem.

If I were a betting man, I'd say we'll see many years of ill-informed and badly implemented draconian policy. I'd go further to say that it won't improve significantly until at least a couple more generations have walked the halls of power and true digital natives finally cast their votes in parliament.


There's an inherent assumption in this though that 'digital natives' will survive the process for long enough to get themselves elected though. We all routinely filter out all sorts of little oddities about life because they're 'just the way it's always been', 'it has to be this way for safety' or whatever.

If that generation has enough of these views hard-wired into their understanding, _now_ could be the high-water mark for understanding of the dangers and appropriate reactions.


... and true digital natives finally cast their votes for parliament too.

A lot of issues are caused because the young don't get out and vote. They* are already under-represented because the old simply outnumber them. The fact that they don't vote as well makes it especially hard.

Rich.

* = not counting myself amongst the "young" any more ...


I fear some naive young US-based Anonymous participants may soon be getting a very rude awakening (if the FBI and Secret Service respond to this by making an example of them).

Edit: downvote me all you like, but you should read the post about what happens when you're busted by the feds (from the hacker crackdown): http://web.textfiles.com/hacking/agentsteal.txt


Like HN readers who are linked to paypal :)


Paypal is notorious to freeze accounts as they like, and bully people around. They can do this because they know they are big. Now they are starting to force their own political agendas on the world population as well. I've quit my account with them because I want this world to be a better place to live in, than being controlled by a bully who harass people.


Great. How do I close account with Anon, because I don't want them to infringe on my ability to make payments?


All you have to do is combine your request with an image of a headless suit or Guy Fawkes mask and upload it to /b/ every hour or so. Anonymous will get right on it.


You've made me realize what I think is a startling bit of irony.

Many people -- WikiLeaks, in fact -- are protesting US action in Iraq. They are particularly upset about the "collateral damage" of civilians being caught up in the violence.

Yet here, those cheering for the DDoS attacks in support of WikiLeaks are just shrugging off the collateral damage that this attack is causing.

Addendum: the quick, reflex downvotes are really annoying. If you think I'm not contributing to the discussion, please at least take the time to explain why. It seems to me that there's a patter for these. I lose a few points immediately, but then as more thoughtful people actually take the time to think about it, the score climbs back up into positive territory. That suggests to me that the down-votes are just readers being petulant because I disagree with them.


Nobody's dying here. There's a crazy amount of talk here about WL trying to bring down government or the collateral damage to business and equating that to civilian deaths.

I don't know if Assange goes around saying "anarchy for everyone!" and I don't care. I don't like the idea of vast swaths of government operating in secret. From the CIA, to the closed door congressional meetings.

Second, it's only money. In the scheme of things it's probably a net positive for the economy as alternatives are explored, supporting perhaps financial startups, security firms are employed, etc.

You (and lot's of others) are comparing that to leaks detailing loss of life. I don't get it. The moral compass on HN is weird.


>I've quit my account with them because I want this world to be a better place to live in, than being controlled by a bully who harass people.

So Wikileaks and Anon are not bullying people?


Shutting down the Visa and Mastercard probably didn't change too much, but this for sure will. Think of how much eBay is dependent on PayPal for purchases. This should be an interesting outcome! Even if people don't feel it's morally right, I'm still very impressed by the current "cyber wars" going on. Either way, I don't lose anything. I guess I'm just one of those people that likes to watch the world burn...


You're lucky you don't depend on Paypal for your income like hundreds of thousands of eBayers and people with few other choices (e.g. non US sellers). On the other hand, this will all blow over within days.


What is the saying about eggs and baskets?


Sometimes you have no serious options to spread your risk. Multiple payment systems on a single Web page looks tacky and is an accounting nightmare even if it's doable. On eBay, you could get people to mail you checks but PayPal is by far the most efficient way to sell through them.

When it comes to infrastructure, the small guys can't always have backups. Do you have two power companies simultaneously supply your office? Two broadband connections? Yet I believe that someone maliciously cutting off my water or broadband to make a political point is as much in the wrong as someone cutting off my payment provider.


There isn't going to be any burning. What's going to happen is that banks and CC companies will proactively scrub their client lists for anything that looks even vaguely controversial, and hose it before it blows up in their faces.

After this, the banks will be afraid of Anonymous, and they will do whatever it takes to stay off their radar... including turning down a lot of legitimate business. "Politically unconventional" organizations around the world are about to get the same arms-length treatment that adult sites have always gotten.


Or they could just have not closed down Wikileaks' accounts in an attempt to brown-nose the US government. If they had resisted and only closed down the accounts after court orders the reaction would have been quite different.

I'm frankly appalled at how many people here are actually defending MasterCard, Visa and PayPal. As if money and shareholder interests are all that matters.

There are also examples of companies that don't hand over their clients' information without court orders or give in to political pressure (for example XS4ALL here in the Netherlands) and you know: they are actually appreciated for it and very successful!


"MasterCard, Visa and PayPal. As if money and shareholder interests are all that matters."

There are millions of jobs and people who depend on these companies everyday. It's not just about money and shareholder interests.


I don't understand your point. If they hadn't disabled Wikileaks' accounts these jobs and people would have suffered how exactly?


If they hadn't disabled Wikileaks accounts there would have just been another topic just as controversial that would have gotten a bug up hacker's asses. This isn't a story about Wikileaks. Wikileaks is just the handy example. This is a story about how small numbers of people can have a temper tantrum and produce a global impact.

You can't reason backwards and say "well if they just hadn't done X everything would be fine" The parent's point is if they start reasoning like that, they'll just toss out anybody vaguely smelling suspicious (which I also think is the logical result, along with increased black lists of IP addresses)


That's just not true. There has neither been a reaction of this kind for other "bugs up hacker's asses" nor has there been an issue this controversial for a very long time. I can't think of any... perhaps the Morris' worm or Kevin Mitnick.


No there hasn't been a story like this -- ever. That's what makes it an interesting story.

Expect more like this. Eventually we'll get around to some issue that you can't feel so self-righteous about pursuing. Then the shoe will be on the other foot.


> What's going to happen is that banks and CC companies will proactively scrub their client lists for anything that looks even vaguely controversial

That's impossible as it is: too much work, AND, too much lose of income.


That's happened with mortgages after the clamping down on banks in the UK. The bailed out banks can't charge interest rates as high as they'd like, so they turn down a lot of less than perfect business. End result is it's harder than ever for normal folk and less reputable banks with far higher charges have stepped in to plug the gap. Idealistic humans never learn anything about economics over time..


Which means that alternative payment systems will rise to fill in the void. And nothing of value was lost...


https://www.paypal.com/ still works, all they're doing is hammering the front page, any transactions over SSL should still work fine.


I briefly logged onto their IRC channel. It is a total chaos but still they all agree to one target. They have also been hammering www.paypal.com port 443 so I expect this to do down soon too.


What in the world does the SSL connection have to do with anything? Surely it's the same web servers that are getting swamped, regardless of whether the incoming traffic is clear or SSL.


The secure/payments stuff probably happens on totally different servers.


Sure, payments processed through their API might be different servers. But that's a completely different question than whether the traffic is clear or SSL.


What IRC channel are you talking about?


Sh.. you didn't get this from me: irc.anonops.net


Whatever they're doing, its not having much effect. I used PP last night, and again this morning. What I saw felt normal. Last night there was briefly some slowdown, but nothing of that this morning. Hammering a lesser web site could bring it down, but PP has been in the net facing business for enough years they know better.


And now thanks to this story Hacker News is participating in the DDOS because we all want to see for ourselves if PayPal is responsive...


A few thousand hits doesn't make any difference. It takes millions and billions to rattle PayPal.


Yeah, I'm not too serious about HN being involved. I just always think it's funny when there's a story on a popular website about some website being over capacity because everyone starts visiting and checking if it's up yet.


Does anyone else keep coming back here because every link on the homepage is light grey because they are visited, but since the site is down it does not show this link as visited. Hehe


"It's not just you! http://paypal.com looks down from here." http://downforeveryoneorjustme.com/paypal.com


This should help the IT Security industry get a boost and hopefully create more jobs.


Payments API is still working.


To be perfectly honest, the actions of the 'anonymous' are pretty disgusting and it's bullying. A company provides a useful service to the majority of the on-line world and, just because they do something to protect themselves and their identity (there's a lot of people who dislike wikileaks) then this 'collective' decide to disrupt the whole company.

Bullying was pathetic in high school and is so much worse in the 'grown-up' world, especially when it affects so many normal people.


You don't think that Paypal is also a bully as well?

Closing people's accounts (not just Wikileaks) when they see fit, having no real recourse to try and get your money once that's happened etc.

Paypal have a reputation for being a bunch of thieves. I can't say I feel bad for them.

I've never been burned by them, I'm just going from the amount of people here that post a regular "Paypal froze my account" story.


I'm not saying they aren't but when has the tactic against a bully being to bully them? Regardless of what you think about Paypal themselves, there are an awful lot of people that rely on the service they provide that can now no longer use that service due to the tactics of Anonymous.


Maybe this raises a serious question. Why are so many people (including myself) reliant on one company for handling their payments? Maybe traders should start adding alternative forms of payment to their excepted payments. I know I will.


It's good to accept more than one kind of payment for flexibility, but is the dominance of one payment method really so awful? It always seemed like a natural monopoly to me. It's so closely tied to paper cash... (which you'll remember must be ubiquitous and the only currency to function- except in extreme cases)


Well, that's why we have courts to settle disputes in a civil manner.


Don't Paypal's terms of service deny you the right to settle disputes in court?


You know, I am really glad that you're not at all concerned about the invisible hand which seems to synchronize actions across governments, Visa, MC, PayPal, Amazon, and other major businesses. All in the name of shutting down free speech.

Wikileaks has not been charged with any crime anywhere in the world, let alone been found guilty.

So why is it the US government is after them like the villain in a bad James Bond movie?

This isn't about wikileaks or what they have published - it's not about the content of cablegate, which is 250k documents which would have been made public in 5 - 10 years, none of them "top secret", all of them freely available to 3M+ army and government personnel.

This is about a free press, and in turn, it's about democracy. It's about who rules this world. Is it us, the people. Or is it big business which has bought our government with good money?

Let's be very clear about this - leaking classified information is a crime. Publishing leaked classified information, however, is protected by the 3rd Amendment. The US government therefore can't charge Wikileaks with a crime. So the US government has decided to go rogue and fight outside the legal framework - without laws, courts, or trials. THAT is the problem. Nothing else.


Upvoted, but one nit:

>Publishing leaked classified information, however, is protected by the 3rd Amendment.

First. The Third is "No Soldier shall, in time of peace be quartered in any house, without the consent of the Owner, nor in time of war, but in a manner to be prescribed by law.".


Wikileaks has not been charged with any crime anywhere in the world, let alone been found guilty.

At a very minimum wikileaks is distributing copyrighted information without authorization. Technically they can be taken completely down via the DMCA.

Ultimately of course PayPal, Amazon, Mastercard and others don't want to do business with Wikileaks, or anon, or any similar "fuzzy" business. The business doesn't have to be illegal, they can just be a liability business and that's what they are -- only a lot of people spouting a lot of hot air are going to patronize your service because you cater to them, yet a lot of people will leave you because of it.

Nonetheless, the kids will get bored. GUARANTEED the governments of the world are going to introduce anti-DOS legislation that mandates an immediate cutoff of nodes that participate in DOS (and further a cutoff of networks that don't manage DOS attacks originating in their network). That is absolutely inevitable, and honestly is a very good thing.


U.S. Government documents cannot be copyrighted.


There must be some exceptions to this, though, because IRS forms generally come with copyright notices. (Or, at least, they did the last time I did my taxes on paper, which was 5-10 years ago.)


That's crazy talk.


When basic, well-established press freedoms are being attacked by the US government, working without due process through multinational corporations, it feels a little more like self-defense than bullying.


it's self-perpetuating in the same way as school bullying, too.

anyone with authority who rallies against the Anon community would likely make themselves a target also.


As I'm sitting on the sidelines of it all, I wonder how a bunch of LOLcat loving, technically savvy people can bring down billion dollar multinational's, points of technical exposure.

What amount, if any, preparation can guard against a cyber mob-rule attack? It seems that unless a machine is unplugged from the network, you're up shit creek without a paddle.


www.paypal.com works for most people.


Yup, works here too!


I'm morally indifferent, even in favour of the principle of wikileaks. I'm not in favour of a leaker of US information motivated only by wanting reforms that are pipe dreams. Freedom of speech can never extend to state secrets. In Europe, we'd never be so attached to the idea that we'd take it that far.

I think we may have sacrificed a lot - eg. the ability of the net to process pre-Christmas payments, for the "gain" of providing the ability of some dick at DoD to tell us what Hillary's people think of various national dictators, or that Iraq was not 100% superbly executed. Yeah, big deal.

I don't believe Assange's arrest is a conspiracy. 4chan launching all this shit may just force the net to change in some very bad ways.


It doesn't sound like you are in favour of the principle of WikiLeaks.


It should continue to exist, in case someone does have something worthwhile to release. But in this case it was hardly worth it. Except for the secret sites, that WAS irresponsible. The acceptable principle of the site does not exempt its operators from the law of developed countries, and will obviously subject them to the lawlessness of undeveloped ones.

Now they're threatening to take down twitter (who don't need any help in doing that!) because they are percieved to be preventing 'wikileaks' from trending. Looks increasingly like a load of kids with a ddos hammer seeing enticing nails everywhere.


What law has WikiLeaks broken?


As an organisation, afaik, none. But the individuals involved could have: To issue a warrant, they must have grounds to do so - as I said, I very much doubt that the charges against Assange are simply "made up". If they are, he'll be found innocent. The reason most people don't put a principle above the idea that it is foolish to piss off The White House is because they don't have the balls to take the consequences. He seems quite happy to. Good for him. Rather him than me.


It's back up. But that sure was impressive. Anyone have a link to uptime statistics?


Yep, just tried to pay a contractor....no dice.


The https site seems to be up, if your problem was just getting to the homepage.


That's his excuse and he's sticking to it.


ROFL


I really don't think this kind of behaviour helps anything. Though we may disagree with the actions of these corporations, using thousands of ordinary people's computers to flood sites many people use for things that have nothing to do with Julian Assange, Wikileaks or anything whatsoever linked to the cable leaks is simply wrong.

Being immoral in order to expose the immorality of others does nothing but muddy the waters. There are better ways of challenging these things while retaining your decency.


If they had nothing to do with it, they would not have been pressured by the government. They picked a side. DDoSing them is not immoral. (though if it's a zombie net, that is immoral.)


Actually, I heard the bot computers were provided by volunteers. Regardless, the fact that the attacks affect those who have taken neither side, i.e. customers of the sites being targeting, I still feel the behaviour is immoral, not to mention the fact it makes it easy for the anti-wikileaks guys to denounce the argument for wikileaks as that of 'computer criminals', etc.


For example?


running a mirror of wikileaks :)


What I like most, is that all people click on the link although it says "It's unavailable". Wondering if this has an additional effect on the availability.


Nah, no way. PayPal wouldn't go down from a few 10k additional hits. PayPal is huge, and needs 100% uptime, and in addition to that has undoubtedly prepared for a major DDOS attack.

They have unlimited resources, they have expertise, and they've seen it coming. If Anonymous can take PayPal down, then they can take anyone down.


> They have unlimited resources

They don't, if they did you would not be reading this post.


Perhaps that's the reason why it's unavailable. ;)


Maybe that's the DDOS in action .. post news to as many high traffic news sites as possible (/., reddit, hn, etc) that paypal is down with a direct link to paypal in the title and bingo.


http://uptime.netcraft.com/perf/reports/performance/wikileak...

sites will be up AND down simultaneously for different people. That's what happens when they're overloaded.


I wonder if Amazon is next?


Amazon is too big to be taken down. It will require much more infrastructure than paypal.com


http://www.paypal.com is down from here (Denmark). Https is responding though. Quite impressive.


DNS issues?. No 301 Redirect from the server.

Just type https://www.paypal.com to go straight to the web page.


seems like a correct assessment. SSL still works tho.


Yep, it's working now for me.


Is this because they blocked the funds of Julian Assange? Probably a hacker group teaching a lesson or two here




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: