Another one bites the dust.

Anon has successfully taken paypal offline.

working for me http://www.paypal.com

Works for me.

your right, i was just putting in paypal.com w/o the www.

every site that i put in w/o www. works just fine, but when i do that with paypal it doesn't work.

your right, i was just putting in paypal.com w/o the www.

every site that i put in w/o www. works just fine, but when i do that with paypal it doesn't work.

might have something to do with the http vs https

I can get www.paypal.com but not paypal.com

I completely support WikiLeaks and understand the spirit behind the backlash, but couldn't they have picked a better time to DDoS PayPal than in the weeks before hundreds of millions of Americans have to do their holiday shopping?

unfortunately, this is the perfect time. Corporations that put the bureaucrat ahead of their customer have to learn there is a cost for this.

so next time they will tell the bureaucrat to get a court order (no more flash of the badge)

That's good.

Working just fine.

old blog post. nvm this post

Who wants a dollar I want to test

Twitter is saying that Paypal is down:
http://search.twitter.com/search?q=paypal+down&result_type=recent

Paypal.com is down:
http://downforeveryoneorjustme.com/paypal.com

www.Paypal.com is up:
http://downforeveryoneorjustme.com/www.paypal.com

Even though that www subdomain is up, they are saying the backend payment system is down. They specifically targeted the application programming interface...

It's too bad they didn't permanently end it.

Yes paypal.com is down but www.paypal.com is not. I still want to see if transactions work, someone give me an email to send money to

They took down (http://www.thepaypalblog.com/) again.

Yes paypal.com is down but www.paypal.com (http://www.paypal.com) is not. I still want to see if transactions work, someone give me an email to send money to

:D

you mean like (redacted)

sorry, even if it was my 2012 reelection campaign that just felt crooked and advantageous

I wonder if Amazon will be next.

LOL. I love when Anonymous causes mayhem in righteous anger. It's a reminder that most of them are a powerful force of chaotic good, despite the ugly history of a few who just love harrassing the parents of kids who killed themselves. I feel a little bad for Paypal, because they're being squeezed by all sides (and then the government pretends like they sent them no letter, because the government lies about everything), but when you err on the side of government, you err on the side of asshole.

All that said, I wouldn't be surprised if half of this stuff is organized by agent provocateurs anyway, who are playing the long game with a goal of draconian Internet clampdown laws.

I just checked as well, and I can confirm that the blog is down at the moment, but the main site is not. I have no idea about the payment process, which is the biggie.
EDIT: It looks like the blog is back up too.

someone give me an email to send money toLook for some cheap Chinese junk to buy ... "The gateway between Paypal.com and Ebay.com has been severed U can't pay for auctions".

This is truly amazing stuff - a spontaneous worldwide effort to collaborate toward a common goal, with multiple steps, without a centralized authority. The IT departments of commerce giants are going to be doing some serious thinking on how to handle these types of escalating, and potentially massive, protests in the future, or how to avoid them altogether. It's not like they can call the police to protect the front of a store during a protest...

Seems to be working to me...

Yes paypal.com is down but www.paypal.com is not. I still want to see if transactions work, someone give me an email to send money to

At the bottom right of http://freesharing.org/ I have a donate button if you want to test it out by sending me a buck (or more :) The link seems to work but I can't send money to my own account.

eb

I completely support WikiLeaks and understand the spirit behind the backlash, but couldn't they have picked a better time to DDoS PayPal than in the weeks before hundreds of millions of Americans have to do their holiday shopping?

No, they could NOT have picked a better time ;)

No, they could NOT have picked a better time ;)

+ rep

LOL! That didn't take long (http://www.usatoday.com/news/world/2010-12-09-1Awikileaks09_ST_N.htm)

"This will serve to inspire other bad guys," said Rob Rachwald of Imperva, an Internet security company. "Terrorists will find inspiration from this."

I can also confirm as of 1:20, paypal.com doesn't work, but www.paypal.com does.

:D

you mean like (redacted)

sorry, even if it was my 2012 reelection campaign that just felt crooked and advantageous

Uhh, lol?

Uhh, lol?

You asked for an address to test paypal payment sending. I had for a moment thought about providing the paypal address for my reelection campaign, but it was pretty clear that it was not true that PayPal was down, and so to do so felt funadmentally dishonest.

You asked for an address to test paypal payment sending. I had for a moment thought about providing the paypal address for my reelection campaign, but it was pretty clear that it was not true that PayPal was down, and so to do so felt funadmentally dishonest.

Ah, come on, everyone can use a 1.00 USD! Anyway, they've moved to secure.authorize.net

http://en.wikipedia.org/wiki/Authorize.Net

Outages

Authorize.Net's large user base makes them an ideal target for hackers and extortionists. In September 2004, Authorize.Net's servers were hit by a Distributed Denial of Service (DDoS) attack.[3] The DDoS attack lasted for over one week and caused a virtual shut down of the payment gateway's service. The attackers demanded money from Authorize.net in exchange for stopping the attack.

On July 2nd, 2009, 11pm, the entire web infrastructure for Authorize.net (main website, merchant gateway website, etc) went offline and stayed down all morning July 3, 2009.[4][5] None of the over 200,000 merchants who use Authorize.net payment gateway were able to process credit cards. Authorize.net's phone numbers were closed July 3rd because of the July 4th holiday as previously announced on their website (though the website was down at the time). [6] Other companies that have nearby offices have reported to the media that there was a fire.[4] Authorize.net started a twitter account that morning, but did not update their phones to give notice to customers until July 5th when they reopened phones.[7]

Seems that the companies are not being absolutely forthright about the impact.

http://www.ft.com/cms/s/0/ee014b5e-02cd-11e0-a07e-00144feabdc0.html#axzz17aVkIIFs


MasterCard initially blamed problems with its website on heavy traffic but later said some SecureCode services had been disrupted. It reassured customers that core processing capabilities have not been compromised and cardholder account data has not been placed at risk”.

But Jon Prideaux, deputy chief executive of SecureTrading, a UK internet payment service provider servicing several large retailers and charities, said SecureCode had been unavailable for up to six hours.

“This is one of the biggest trading days in the internet shopping calendar. This is an extremely bad time for this to happen,” Mr Prideaux said.

Some technology experts said the disruption of core commerical services by a few thousand individuals could prompt calls for internet service providers to take a more active role in policing their networks and blocking connections from computers identitifed as participating in what are known as denial-of-service attacks.

The paypal blog is still down!

your right, i was just putting in paypal.com w/o the www.

every site that i put in w/o www. works just fine, but when i do that with paypal it doesn't work.

Because Paypal has set up their DNS entries correctly. Any request for paypal.com is sent to the server(s) that manage the location of all of the servers on the NET for paypal.com That is all any request for paypal.com is supposed to do.

Thus a request to go to www.paypal.com is sent to the DNS server for paypal.com which then further directs the traffic to the proper server. Many small time operations who only have a website, and no mail servers or any other servers on the NET just have the website respond to requests to go to the domain name. While that is nice for the end user, it promotes a certain degree of laziness as people who are not familiar with how the NET works, then expect all domains to do that, when that is not the way the NET was designed to work.

BTW, most of paypals stuff is actually hosted on servers in ebay's domain. So, if you send an email to a paypal.com address, it is actually delivered to an ebay.com server.

We need to make a dedicated thread to Anonymous/Wikileaks war.

http://www.huffingtonpost.com/2010/12/08/operation_payback_wikileaks_cyberattacks_n_793861. html


According to the new Anonymous Twitter feed, @op_payback, Amazon will soon be under attack. The latest tweet reads in part:

TARGET: WWW.AMAZON.COM !!! INSTRUCTIONS


"TARGET: WWW.AMAZON.COM LOCKED ON!!!," Anonymous tweeted around 9AM ET. It followed this with another tweet, "TARGET: WWW.AMAZON.COM !!! INSTRUCTIONS: http://pastehtml.com/view/1c8i33u.html You LOIC will start in 2 hours. #wikileaks #payback #ddos."


Anonymous is currently arguing between amping up attacks on Paypal versus going at Amazon

Any network experts want to guess how big a DDOS attack needs to be to take Amazon down?

*edit* Looks like they decided against Amazon for now:


backup IRC is: irc.anonops-irc.com Channel: #operationpayback Target: www.paypal.com ||| Fire now! #ddos #payback #wikileaks

TV/Media coverage:

http://www.cnn.com/video/data/2.0/video/bestoftv/2010/12/09/exp.am.intv.shachtman.cnn.html

http://edition.cnn.com/2010/WORLD/europe/12/09/world.wikileaks/index.html?eref=edition

http://www.v3.co.uk/v3/news/2273850/amazon-ddos-operation-payback

Any network experts want to guess how big a DDOS attack needs to be to take Amazon down?

I don't think network capacity is going to be the issue unless they're able to overrun a load balancer. I think the choke point will be server related somehow if they're able to actually bring them down.

Looks like they're now targeting PayPal over https.

seems kind of illegal.

I saw a journalist rather effectively arguing that this is the equivalent of a protest outside the store that blocks/limits traffic, since no private property is damaged. The legal nature is interesting since all they are doing is making requests to a website, which is legal by itself. I wonder how many "refreshes" qualify someone for doing something illegal?

Seems the decentralized nature of the evolving operation has hiccups:

You and @Op_Payback have targeted www.paypal.com:443, api.paypal.com:443 and api.paypal.net:443. Only one, please.

It looks like the recent attacks on Anonymous are causing them problems getting organized and concerting their efforts. Anyone here on the IRC channel that can give an update?

I'm interested to see how the attack on 443 plays out on PayPal. They are using F5 BigIP load balancers in front of the servers. These boxes are top of the line in the load balancer industry.

seems kind of illegal.

I suspect that they care not.

seems kind of illegal.
Where did the crime take place? In the country where the server that received the data packet is, or the country that sent the data packet?

I've been reading the various articles about the Twitter trending and, despite Twitter's denial, I have a hunch they're screening it so that the operation doesn't gain scale.

Where did the crime take place? In the country where the server that received the data packet is, or the country that sent the data packet?You're absolutely right on this argument, and the globalists use it to justify the UN laws. If Argentina says DDOS are not illegal, while the US does, prosecuting an Argentinian is rather difficult. The matter gets even more complicated if a lot of Anonymous are under age...

You're absolutely right on this argument, and the globalists use it to justify the UN laws. If Argentina says DDOS are not illegal, while the US does, prosecuting an Argentinian is rather difficult. The matter gets even more complicated if a lot of Anonymous are under age...

Wikileaks - the US laws end at the territorial limits of the US except for US citizens. If Wikileaks got the stuff via FTP to a server outside the US ..........

While it excites me to see so much backlash, I think that punishing private businesses for reacting to what could be very bad PR is a little overzealous and perhaps undeserved. I wish that these companies would take a stand and do the right thing, but I wouldn't participate in this. Nonetheless, I feel on top of the world right now to see how much proverbial fecal matter is hitting the proverbial rotary oscillator.

While it excites me to see so much backlash, I think that punishing private businesses for reacting to what could be very bad PR is a little overzealous and perhaps undeserved. I wish that these companies would take a stand and do the right thing, but I wouldn't participate in this. Nonetheless, I feel on top of the world right now to see how much proverbial fecal matter is hitting the proverbial rotary oscillator.

I understand your point of view. The events demonstrate that decisions have consequences, and when a business does not consider the desires of its customers and potential customers, and there are few, if any, market alternatives, taking business elsewhere is not the path of least resistance.

http://i.imgur.com/dG3Ru.jpg

Dutch boy arrested for Wikileaks-related DDoS attacks on Mastercard and PayPal (http://nakedsecurity.sophos.com/2010/12/09/dutch-boy-arrested-for-wikileaks-related-ddos-attacks-on-mastercard-and-paypal/)

I'm interested to see how the attack on 443 plays out on PayPal. They are using F5 BigIP load balancers in front of the servers. These boxes are top of the line in the load balancer industry.It seems they've taken down something on the European side:
http://twitpic.com/3ee90y

It seems they've taken down something on the European side:
http://twitpic.com/3ee90y

I wonder if they're running into the same problem with those F5s that we are.


CR134940 tracks an issue in which the TMM deamon could potentially crash due to a memory issue in the SSL session tracking code. This could disrupt traffic and cause the TMM daemon to restart.

Recommendation resolution



This unit is exhibiting symptoms of CR134940. This issue has been addressed in versions 10.2.0 or 10.1.0 HF1 of the TMOS software. It is recommended that this unit be upgraded to one of these versions or higher. The messages that were found and indicate this issue are listed below.

Additional Information



1 instance of './/var/log/tmm.-.-.tech.out:/ssl_session.c:682: Assertion "unlinked" failed.' found



1 instance of './/var/log/tmm:/ssl_session.c:682: Assertion "unlinked" failed.' Found

Updates
http://twitter.com/Op_Payback

Oh, and check their radio. some nice music.
I have to cut some wood. Back later.
;)