PayPal Again and the Pwnies
PayPal has been attacked once again by DDoS which left a trail of 1,000 IP addresses the organization handed over to the FBI for investigation. Meanwhile, the Pwnie award nominations are underway for the August 3rd event.
|PayPal Again and the Pwnies|
LulzSec and Anonymous groups performed the first of their alleged three-stage attack against PayPal this week. The DDoS attack was in response to the recent arrest of 14 people by the FBI who were linked to DDoS attacks against PayPal last year, in particular, the arrest of a university student Mercedes Haefer. Additionally, the hacking group released information about eBay employees on PasteBin. How much information the group has aquired is unknown.
The protesters are calling for everyone to cancel their PayPal accounts and spread the word, according to their post on PasteBin. And they are possibly succeeding to rally support. They claim 35,000 PayPal accounts have been closed and eBay stock opened down 3%, a cost of $933 million. Yet, it is unclear whether these results are connected.
Their position is that there is a difference between individuals protesting in a DDoS attack and criminals who are using botnets, which are currently being charged as the same offense. A DDoS attack, in their view, would be like workers going on strike. Though it disrupts business there is an ultimate cause for greater benefit at hand, whereas cyber crime has malicious intent. The debate on how cyber attacks will be dealt with will be an ongoing debate as the trials of arrested hackers unfolds.
In the mean time, PayPal has continued to freeze WikiLeaks’ accounts, which hacktivists are in support of for the organization’s promotion of government transparency that will hopefully result in justice. The FBI is currently investigating 1,000 IPs handed over by PayPal that are possibly linked to the recent attack. PayPal’s response to the recent attack and subsequent losses is that they will be hard to compete with. Sam Shrauger, a PayPal VP, states, “‘Being in the payments business is harder than saying you’re in the payments business.’”
As Panda Security’s quarterly report discusses, “the companies or institutions that are supposed to store and protect users’ information but leave the door open or implement inadequate security measures are guilty of gross negligence.” Though DDoS attacks are difficult to defend against and don’t often pose direct security threats, the many other recent events support the report’s statement. In light of such, organizations like Anonymous, Lulzsec, and Sony are nominees for the Pwnie awards next week which celebrate the achievements and failures of cyber security. Awards are given in areas of the best bugs, most innovative research, lamest vendor response, best song, most epic fail (all of which are Sony), and epic ownage.