
Paypal.com appears to be unavailable - ivankirigin
http://paypal.com
======
pigbucket
If you dominate a market, a serious ethical duty devolves upon you to do right
by your customers, but Paypal, Visa, and MC, on which donation-supported non-
profit orgs like Wikileaks almost entirely depend, have utterly failed to
fulfill that duty; in fact they didn't even try. Their actions, arbitrary or
spineless, have almost completely choked off funding for Wikileaks. I never
imagined ending up saying this, but I'm impressed and grateful that there
exists an international, anonymous horde able to begin the process of making
companies like this at least minimally answerable for their actions, which no
one else seems capable or desirous of doing.

~~~
pbhjpbhj
>If you dominate a market, a serious ethical duty devolves upon you to do
right by your customers, but Paypal, Visa, and MC, on which donation-supported
non-profit orgs like Wikileaks almost entirely depend, have utterly failed to
fulfill that duty; in fact they didn't even try.

The majority of Paypal Visa and Mastercard customers rely to some extent on a
stable international environment. Suggesting that these companies need to
change their moral stance to accommodate anarchists is silly. Wikileaks
actions suggest they want to take down the establishment that in a large part
enables such companies to operate.

Indeed the fact that these companies have now been attacked by the associates
of those they chose not to support means that they made the right decision.
Why would they want to bolster groups that will turn and attack them?

If Paypal, for example, hadn't accepted Wikileaks as a customer in the first
place then they wouldn't be having to deal with the current situation and
could serve the majority of their customers better.

Taking a capitalist view basically Wikileaks supports believe that the rest of
us should be screwed over so they can make their point. It's not civilised
it's brutish anarchism.

~~~
chopsueyar
I think you've watched 'Fight Club' too many times.

~~~
pbhjpbhj
I've seen it, perhaps if I saw it again I'd have clue what you're on about?

~~~
chopsueyar
"Project Mayhem"

------
Silhouette
I suspect we are going to see two major changes over the next few weeks as a
direct result of the "cyber-attacks" going on recently.

1\. Financial services will re-evaluate the risks of this kind of attack vs.
the cost of assigning more resources to guard against it.

2\. Governments will finally start taking IT security seriously.

The latter is the more interesting, because while banks are generally
reasonably clued up about balancing risks and will simply adjust their current
practices, elected representatives who aren't technically inclined will
probably be discolouring their underwear over the fall-out if the bad guys
really tried to do some damage, given that it is this easy for a few upset
people to cripple the world's payment systems.

I suspect that as a reuslt, we can look forward to increasingly draconian
penalties being introduced for this sort of action in most jurisdictions, the
end of on-line anonymity as it has been known, and ruthless
throttling/disconnection of entire ISPs/countries that don't play ball with
either of the above. If you thought government reactions to copyright
infringement were heavy-handed, I imagine they will look like a nun comforting
a child compared to what is coming next.

The sad thing is that better security, robustness, user authentication, etc.
should have been built into the Internet by default for years, but the same
"Wild West" evolution that was so successful in the early days has also been a
poor driver of consolidation now that the Internet isn't just a toy for the
military types and the universities any more. Maybe the Powers That Be will
finally start taking serious advice about IT from people who know what they're
talking about and collectively give the issues the attention they deserve. (I
won't hold my breath, though; this could all end in tears, with a mess of ill-
informed and poorly-implemented measures that cause all kinds of additional
dangers to innocent people without actually fixing the real problem.)

~~~
shin_lao
Governments take IT security very seriously, I don't see where you've seen
they don't.

The problem is that you just can't secure a whole infrastructure overnight and
that security is very hard.

~~~
DuncanIdaho
I would like to clarify on this issue a bit.

1\. Declaratively the governments are indeed taking IT security seriously.
Thus many guidelines, laws and other formal documents regarding IT security
have been accepted. Unfortunately many of these are internally inconsistent or
in conflict with others. The net result is that in the name of "security" the
governmental IT systems are unnecessarily complicated and expensive.

2\. In practice - prescribed security measures are mostly not enforced due to
many reasons (eg.: The measures are so strict and rigid that enforcing them
would prohibit various legitimate users from actually doing their work; The
people in charge of implementation and administration of these systems are
plain incompetent and/or disinterested).

3\. Securing everything that is currently deemed necessary to the extent
prescribed by relevant law will turn out to be prohibitively expensive due to
various logistic problems (who will implement necessary auditing systems for
legacy systems that nobody udnerstands and there are no funds to replace,
where will you store all the auditing information, where will you get
competent engineers that actually understand the infrastructure and are
willing to work proactively to secure them - for a laughable wage?,...).

So - as a matter of fact - I have to state that governments don't really take
IT security seriously. They don't understand the issues and they don't even
care. They care for scapegoats and thats it.

Disclaimer: Most of my work is on government related IT projects/systems.

~~~
shin_lao
Security is hard. Security on a large scale system is is very hard. Securing a
legacy system is extremely hard. Securing a large legacy system is near
impossible.

Yes the government wants to cover its ass first and foremost.

But that doesn't mean they don't take IT seriously, they just don't understand
it to the point they cannot select people to work with that understand it
correctly.

disclaimer: I've designed COMSEC systems

~~~
tptacek
If they took IT security seriously, it wouldn't be a checkbox in a Lockheed or
SAIC contract.

------
bayes
I fear some naive young US-based Anonymous participants may soon be getting a
very rude awakening (if the FBI and Secret Service respond to this by making
an example of them).

Edit: downvote me all you like, but you should read the post about what
happens when you're busted by the feds (from the hacker crackdown):
<http://web.textfiles.com/hacking/agentsteal.txt>

~~~
daliusd
Like HN readers who are linked to paypal :)

------
freechoice1
Paypal is notorious to freeze accounts as they like, and bully people around.
They can do this because they know they are big. Now they are starting to
force their own political agendas on the world population as well. I've quit
my account with them because I want this world to be a better place to live
in, than being controlled by a bully who harass people.

~~~
rimantas
Great. How do I close account with Anon, because I don't want them to infringe
on my ability to make payments?

~~~
CWuestefeld
You've made me realize what I think is a startling bit of irony.

Many people -- WikiLeaks, in fact -- are protesting US action in Iraq. They
are particularly upset about the "collateral damage" of civilians being caught
up in the violence.

Yet here, those cheering for the DDoS attacks in support of WikiLeaks are just
shrugging off the collateral damage that this attack is causing.

Addendum: the quick, reflex downvotes are really annoying. If you think I'm
not contributing to the discussion, please at least take the time to explain
why. It seems to me that there's a patter for these. I lose a few points
immediately, but then as more thoughtful people actually take the time to
think about it, the score climbs back up into positive territory. That
suggests to me that the down-votes are just readers being petulant because I
disagree with them.

~~~
ssmoot
Nobody's dying here. There's a crazy amount of talk here about WL trying to
bring down government or the collateral damage to business and equating that
to civilian deaths.

I don't know if Assange goes around saying "anarchy for everyone!" and I don't
care. I don't like the idea of vast swaths of government operating in secret.
From the CIA, to the closed door congressional meetings.

Second, it's only money. In the scheme of things it's probably a net positive
for the economy as alternatives are explored, supporting perhaps financial
startups, security firms are employed, etc.

You (and lot's of others) are comparing _that_ to leaks detailing loss of
life. I don't get it. The moral compass on HN is weird.

------
ThePinion
Shutting down the Visa and Mastercard probably didn't change too much, but
this for sure will. Think of how much eBay is dependent on PayPal for
purchases. This should be an interesting outcome! Even if people don't feel
it's morally right, I'm still very impressed by the current "cyber wars" going
on. Either way, I don't lose anything. I guess I'm just one of those people
that likes to watch the world burn...

~~~
CamperBob
There isn't going to be any burning. What's going to happen is that banks and
CC companies will proactively scrub their client lists for anything that looks
even vaguely controversial, and hose it before it blows up in their faces.

After this, the banks _will_ be afraid of Anonymous, and they will do whatever
it takes to stay off their radar... including turning down a lot of legitimate
business. "Politically unconventional" organizations around the world are
about to get the same arms-length treatment that adult sites have always
gotten.

~~~
aerique
Or they could just have not closed down Wikileaks' accounts in an attempt to
brown-nose the US government. If they had resisted and only closed down the
accounts after court orders the reaction would have been quite different.

I'm frankly appalled at how many people here are actually defending
MasterCard, Visa and PayPal. As if money and shareholder interests are all
that matters.

There are also examples of companies that don't hand over their clients'
information without court orders or give in to political pressure (for example
XS4ALL here in the Netherlands) and you know: they are actually appreciated
for it and very successful!

~~~
pokinoi
"MasterCard, Visa and PayPal. As if money and shareholder interests are all
that matters."

There are millions of jobs and people who depend on these companies everyday.
It's not just about money and shareholder interests.

~~~
aerique
I don't understand your point. If they hadn't disabled Wikileaks' accounts
these jobs and people would have suffered how exactly?

~~~
DanielBMarkham
If they hadn't disabled Wikileaks accounts there would have just been another
topic just as controversial that would have gotten a bug up hacker's asses.
This isn't a story about Wikileaks. Wikileaks is just the handy example. This
is a story about how small numbers of people can have a temper tantrum and
produce a global impact.

You can't reason backwards and say "well if they just hadn't done X everything
would be fine" The parent's point is if they start reasoning like that,
they'll just toss out anybody vaguely smelling suspicious (which I also think
is the logical result, along with increased black lists of IP addresses)

~~~
aerique
That's just not true. There has neither been a reaction of this kind for other
"bugs up hacker's asses" nor has there been an issue this controversial for a
_very_ long time. I can't think of any... perhaps the Morris' worm or Kevin
Mitnick.

~~~
DanielBMarkham
No there hasn't been a story like this -- ever. That's what makes it an
interesting story.

Expect more like this. Eventually we'll get around to some issue that you
can't feel so self-righteous about pursuing. Then the shoe will be on the
other foot.

------
il
<https://www.paypal.com/> still works, all they're doing is hammering the
front page, any transactions over SSL should still work fine.

~~~
paraschopra
I briefly logged onto their IRC channel. It is a total chaos but still they
all agree to one target. They have also been hammering www.paypal.com port 443
so I expect this to do down soon too.

~~~
CWuestefeld
What in the world does the SSL connection have to do with anything? Surely
it's the same web servers that are getting swamped, regardless of whether the
incoming traffic is clear or SSL.

~~~
il
The secure/payments stuff probably happens on totally different servers.

~~~
CWuestefeld
Sure, payments processed through their API might be different servers. But
that's a completely different question than whether the traffic is clear or
SSL.

------
zefhous
And now thanks to this story Hacker News is participating in the DDOS because
we all want to see for ourselves if PayPal is responsive...

~~~
nikster
A few thousand hits doesn't make any difference. It takes millions and
billions to rattle PayPal.

~~~
zefhous
Yeah, I'm not too serious about HN being involved. I just always think it's
funny when there's a story on a popular website about some website being over
capacity because everyone starts visiting and checking if it's up yet.

------
ericz
Does anyone else keep coming back here because every link on the homepage is
light grey because they are visited, but since the site is down it does not
show this link as visited. Hehe

------
martinkallstrom
"It's not just you! <http://paypal.com> looks down from here."
<http://downforeveryoneorjustme.com/paypal.com>

------
vegasbrianc
This should help the IT Security industry get a boost and hopefully create
more jobs.

------
rms
Payments API is still working.

------
geedee77
To be perfectly honest, the actions of the 'anonymous' are pretty disgusting
and it's bullying. A company provides a useful service to the majority of the
on-line world and, just because they do something to protect themselves and
their identity (there's a lot of people who dislike wikileaks) then this
'collective' decide to disrupt the whole company.

Bullying was pathetic in high school and is so much worse in the 'grown-up'
world, especially when it affects so many normal people.

~~~
muppetman
You don't think that Paypal is also a bully as well?

Closing people's accounts (not just Wikileaks) when they see fit, having no
real recourse to try and get your money once that's happened etc.

Paypal have a reputation for being a bunch of thieves. I can't say I feel bad
for them.

I've never been burned by them, I'm just going from the amount of people here
that post a regular "Paypal froze my account" story.

~~~
geedee77
I'm not saying they aren't but when has the tactic against a bully being to
bully them? Regardless of what you think about Paypal themselves, there are an
awful lot of people that rely on the service they provide that can now no
longer use that service due to the tactics of Anonymous.

~~~
xd
Maybe this raises a serious question. Why are so many people (including
myself) reliant on one company for handling their payments? Maybe traders
should start adding alternative forms of payment to their excepted payments. I
know I will.

~~~
sliverstorm
It's good to accept more than one kind of payment for flexibility, but is the
dominance of one payment method really so awful? It always seemed like a
natural monopoly to me. It's so closely tied to paper cash... (which you'll
remember must be ubiquitous and the only currency to function- except in
extreme cases)

------
wildmXranat
As I'm sitting on the sidelines of it all, I wonder how a bunch of LOLcat
loving, technically savvy people can bring down billion dollar
multinational's, points of technical exposure.

What amount, if any, preparation can guard against a cyber mob-rule attack? It
seems that unless a machine is unplugged from the network, you're up shit
creek without a paddle.

------
martin_k
www.paypal.com works for most people.

~~~
aditya
Yup, works here too!

------
aj700
I'm morally indifferent, even in favour of the principle of wikileaks. I'm not
in favour of a leaker of US information motivated only by wanting reforms that
are pipe dreams. Freedom of speech can never extend to state secrets. In
Europe, we'd never be so attached to the idea that we'd take it that far.

I think we may have sacrificed a lot - eg. the ability of the net to process
pre-Christmas payments, for the "gain" of providing the ability of some dick
at DoD to tell us what Hillary's people think of various national dictators,
or that Iraq was not 100% superbly executed. Yeah, big deal.

I don't believe Assange's arrest is a conspiracy. 4chan launching all this
shit may just force the net to change in some very bad ways.

~~~
naz
It doesn't sound like you are in favour of the principle of WikiLeaks.

~~~
aj700
It should continue to exist, in case someone does have something worthwhile to
release. But in this case it was hardly worth it. Except for the secret sites,
that WAS irresponsible. The acceptable principle of the site does not exempt
its operators from the law of developed countries, and will obviously subject
them to the lawlessness of undeveloped ones.

Now they're threatening to take down twitter (who don't need any help in doing
that!) because they are percieved to be preventing 'wikileaks' from trending.
Looks increasingly like a load of kids with a ddos hammer seeing enticing
nails everywhere.

~~~
naz
What law has WikiLeaks broken?

~~~
aj700
As an organisation, afaik, none. But the _individuals_ involved could have: To
issue a warrant, they must have grounds to do so - as I said, I very much
doubt that the charges against Assange are simply "made up". If they are,
he'll be found innocent. The reason most people don't put a principle above
the idea that it is foolish to piss off The White House is because they don't
have the balls to take the consequences. He seems quite happy to. Good for
him. Rather him than me.

------
nikster
It's back up. But that sure was impressive. Anyone have a link to uptime
statistics?

------
scottkrager
Yep, just tried to pay a contractor....no dice.

~~~
InclinedPlane
The https site seems to be up, if your problem was just getting to the
homepage.

~~~
CamperBob
That's his excuse and he's sticking to it.

~~~
nikster
ROFL

------
singular
I really don't think this kind of behaviour helps anything. Though we may
disagree with the actions of these corporations, using thousands of ordinary
people's computers to flood sites many people use for things that have nothing
to do with Julian Assange, Wikileaks or anything whatsoever linked to the
cable leaks is simply wrong.

Being immoral in order to expose the immorality of others does nothing but
muddy the waters. There are better ways of challenging these things while
retaining your decency.

~~~
indrax
If they had nothing to do with it, they would not have been pressured by the
government. They picked a side. DDoSing them is not immoral. (though if it's a
zombie net, that is immoral.)

~~~
singular
Actually, I heard the bot computers were provided by volunteers. Regardless,
the fact that the attacks affect those who have taken neither side, i.e.
customers of the sites being targeting, I still feel the behaviour is immoral,
not to mention the fact it makes it easy for the anti-wikileaks guys to
denounce the argument for wikileaks as that of 'computer criminals', etc.

------
herrherr
What I like most, is that all people click on the link although it says "It's
unavailable". Wondering if this has an additional effect on the availability.

~~~
nikster
Nah, no way. PayPal wouldn't go down from a few 10k additional hits. PayPal is
huge, and needs 100% uptime, and in addition to that has undoubtedly prepared
for a major DDOS attack.

They have unlimited resources, they have expertise, and they've seen it
coming. If Anonymous can take PayPal down, then they can take anyone down.

~~~
jacquesm
> They have unlimited resources

They don't, if they did you would not be reading this post.

------
aj700
[http://uptime.netcraft.com/perf/reports/performance/wikileak...](http://uptime.netcraft.com/perf/reports/performance/wikileaks)

sites will be up AND down simultaneously for different people. That's what
happens when they're overloaded.

------
thehodge
I wonder if Amazon is next?

~~~
Garbage
Amazon is too big to be taken down. It will require much more infrastructure
than paypal.com

------
koevet
<http://www.paypal.com> is down from here (Denmark). Https is responding
though. Quite impressive.

------
FirstHopSystems
DNS issues?. No 301 Redirect from the server.

Just type <https://www.paypal.com> to go straight to the web page.

------
desenu
seems like a correct assessment. SSL still works tho.

------
klbarry
Yep, it's working now for me.

------
kathyannov
Is this because they blocked the funds of Julian Assange? Probably a hacker
group teaching a lesson or two here

