Sections

Services

Information

UK United Kingdom

Are Anonymous and LulzSec about to hack PayPal for WikiLeaks?

In a joint statement published earlier this week, hacking groups Anonymous and LulzSec urged readers to boycott e-commerce giant PayPal, claiming: “PayPal continues to withhold funds from WikiLeaks, a…

A successful attack on PayPal could cause havoc. [!!!] Sweet Peas Photography [!!!]

In a joint statement published earlier this week, hacking groups Anonymous and LulzSec urged readers to boycott e-commerce giant PayPal, claiming:

“PayPal continues to withhold funds from WikiLeaks, a beacon of truth in these dark times” and “PayPal’s willingness to fold to legislation should be proof enough that they don’t deserve the customers they get.”

Could this call for action be the start of a sustained campaign against PayPal? Could a large hack-attack be planned for PayPal in the near future?

First, it’s important to realise even the most secure systems fail given enough time and effort. Only constant vigilance maintains security.

There are economic limits to the amount of security any corporation can implement while remaining profitable, and if a corporation fails to remain profitable, it fails.

PayPal has implemented controls that may provide extremely secure systems and they do a good deal to protect their business and clients.

But even this may not be enough against organised hacktivism groups such as Anonymous and LulzSec and the AntiSec movement in general.

The problem with defending against hacktivist and cyber terror groups is they do not follow a rational economical model.

By contrast, traditional cyber crime – itself a difficult problem with few solutions – is easy to predict. It is built upon a traditional business model – albeit an illegal one – and cyber criminals have a desire to make a profit from their illicit activities. They act rationally, in an economic sense.

Cyber crime groups only expend resources to a point that allows them to maintain a suitable level of profitability.

Conversely, cyber terror and hacktivism groups, such as Anonymous and LulzSec, do not operate under such constraints.

They have members who are willing to risk jail terms, financial loss and other sanctions for purely ideological reasons. These are people who attack sites out of principle, as misguided as those principles might be.

For this reason, groups such as Anonymous and LulzSec will continue to look for holes in the security of organisations such as PayPal, well past the point that a criminal would have moved on to greener pastures.

So, why should we care if just another corporation is made the target of an attack? After all, recent attacks against security firm RSA have managed to steal sensitive data that could be used to access critical systems and infrastructure.

The answer lies in the nature of the services provided by PayPal.

More and more sites are starting to use PayPal as their commerce engine and they are becoming an essential part of the overall framework and infrastructure that defines the electronic economy.

Given it’s a service built on trust, any successful attack against PayPal could result in havoc as people lose trust in the service. This would leave many e-commerce sites unable to process payments and therefore without business.

Let’s hope the vigilance of the people at PayPal exceeds the desire to destroy, of groups such as Anonymous.

One thing’s clear though: this isn’t the last we’ll be hearing about PayPal from the likes of Anonymous and LulzSec.

Join the conversation

38 Comments sorted by

  1. Terrance Whittaker

    President, CEO

    I just wanted to make a few comments about characterizations with which I disagree.

    First, I do not believe it is fair labeling to call Anonymous a "terror" organization, nor to label what they do as terror. That term is generally reserved for people who place [arbitrary members of] the general public at risk, and by doing so cause fear and/or intimidation.

    Anonymous, on the other hand, seems to have a rough political agenda, only targets institutions, and generally publicizes every action before…

    Read more
    1. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Terrance Whittaker

      "Given it’s a service built on trust"
      The question being raised by the activists is whether that trust is appropriate, given the actions that PayPal were willing to make regarding WikiLeaks. So simply pointing the effects of their actions side-steps the ethical and political question about the behaviour of PayPal under pressure from the US government pressure over exposure of so many of their own wrongdoings. Such questions may not have easy answers, but they are surely worth asking.

      report
    2. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      PayPal is a business and not a community service. It provides a service in being a business, but it is not there as an activist function. It is not a political group.

      Wikileaks is a political group with an agenda. PayPal has made a business risk based decision not to support a group that many people see as being morally questionable. In fact, Wikileaks has engaged in activities that are illegal in many of the jurisdictions where PayPal operates and the acceptable use policy of PayPal states that…

      Read more
    3. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      Dr. Wright, thanks for your reply.

      I could have misunderstood, but you seem to imply that being a for-profit business frees PayPal from considering the ethical implications of its business decisions. It may not be pursuing a particular political agenda, but its actions and inactions have an effect on society and any company that refuses to consider such effects is acting amorally.

      WikiLeaks, though accused of much by various public figures and media sources, had faced no formal changes at the time…

      Read more
    4. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      Byron,
      Not in the least. I believe that corporations as collections of individuals have the same ethical considerations as any collection of individuals.

      That said, the way in which a company reaches a decision is different, they have a profit motive and this is their first consideration. In providing this service, they are first and foremost acting for the interests of the shareholders. In doing this, they are influenced by the purchasing decisions of their consumers. That is, the public votes…

      Read more
    5. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      "they have a profit motive and this is their first consideration"
      This is the moral problem at the heart of contemporary corporate law. I contend that this is a very problematic assumption to hold. Corporations are legally obliged to act in the interests of shareholders, and this usually understood to mean their financial interests. There are two issues here. First, there is an attenuation of responsibility involved in reducing interests to financial interests. The latter is more easily measured…

      Read more
    6. Andrew Hack

      IT Project Manager

      In reply to Byron Smith

      While I don't think you'll be swayed, I wrote a paper for an Ethics class on this subject. Contrary to most of the academics on the subject I don't see how moral ethics comes into the equation of business. Companies are groups of individuals who have come together to achieve a common goal; that usually being to make money. Given they abide by the law and are not infringing on liberties of others they have no moral responsibility to society. Milton Friedman wrote an excellent article which some of…

      Read more
    7. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Andrew Hack

      "I don't see how moral ethics comes into the equation of business [...] Given they abide by the law and are not infringing on liberties of others they have no moral responsibility to society."

      These comments raise the question of the origin of moral obligations. As a Christian, I follow one who said that the greatest good is to love God wholeheartedly, and to love my neighbour as myself, who told stories about caring for strangers and invited his hearers to do likewise, and who ultimately gave his…

      Read more
    8. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      Business is made with all else from the people in business. It is a benefit in itself. People are enriched through trade. These silly ideas of exploitation are just that, silly. The fact is, the absence of trade is the biggest issue, not exploitation. People are not exploited through trade, they are exploited through small local governments that have a hold over them and limit open trade.

      Places such as Africa suffer from a lack of trade. Look at the figures. There is more trade between Canada and…

      Read more
    9. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      No Byron. I do not think ethics is a function of business.

      I think ethics and virtue is critical in people. It is not the same thing. But if we have virtuoues people, we will have virtuous business.

      I think business will (and should) simply serve the people as they are.

      Make a society with more virtuous people and you will have a more virtuous collection of companies.

      report
    10. Andrew Hack

      IT Project Manager

      In reply to Byron Smith

      Business Ethics is built on ancient Greek philosophical fundamentals. It is not a Christian concept, although much Catholic and Protestant dogma does come from Greek and pagan philosophy.

      The main problem I see with your model is that not everyone agrees with your beliefs and moral convictions. You want to enforce your beliefs onto others just because they seem correct to you. Capitalism allows people to choose exactly who they want to do business.

      Social democracy is enslavement of the minority vote.

      report
  2. Mischa Tropp

    Warehouse Manager

    Hi Craig,

    The problem with the statement "convince another to freely decide one way or another" is that PayPal's business model corners the market and often you are not left with any other choice.

    report
    1. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Mischa Tropp

      There is always a choice. Buy a different product. Walk to a store.

      Use a different service. There is not such thing. You have simply decided that the ease PayPal has provided eceeds the cost of not using them.

      What you want is to have the service but the service as you want it.

      There are always alternatives.

      report
    2. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Mischa Tropp

      Mischa,
      I have written a little on this as a result of the belief that there is no choice.

      http://gse-compliance.blogspot.com/2011/08/more-dns.html

      Basically, I know of over 50 alternatives to PayPal. Some are close to PayPal in size and we also have to remember that WikiLeaks was the site that selected PayPal and not one of the alternatives. WL could have selected BitCoin, but it did not.

      Should PayPal be penalised for WL's poor choice (esp. given that PayPal has closed many sites where there is a level of cointraversy in the past)?

      I say not. If you want to look at anything to blame, look to WL's stupidity in selecting PayPal as a provider over BitCoin and others like them when PayPal is known to shy away from contraversy.

      Choice... There was a heap of choice.

      report
  3. Rockstar Philosopher

    Rockstar Philosopher

    They're activists. As said above, a DDoS is the digital equivalent of picketing a shop. They're not breaking or stealing anything, merely restricting access to the shop.

    As you said, they're a business with a profit motive. Businesses now have to decide if they are willing to be complicit with increasingly authoritarian governments and suffer retaliation for that, or they can decide to fight on the side of democracy and tell the governments to stick it until forced otherwise.

    In the end the company will decide based on which option will generate the most profits, which is all the more reason and justification for attacks such as this.

    report
    1. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Rockstar Philosopher

      "DDoS is the digital equivalent of picketing a shop."
      No, they are damaging. The Walmart picket was not even at Walmart, it was at NY City hall.

      There is nothing similar to damaging a company to non-violent picketing.

      "Businesses now have to decide if they are willing to be complicit with increasingly authoritarian governments and suffer retaliation for that, or they can decide to fight on the side of democracy and tell the governments to stick it until forced otherwise."

      They are on the side of democracy, as stated, you have a choice as to whether you will use PayPal or not. Nobody has forced you to use this nor any other company.

      Yes,they are a business and if they see that people will leave them if they do not offer services to organisations such as Wikileaks, then they will support Wikileaks. Simply put, more people do not care what PayPal does with respect to Wikileaks than do.

      That is a democracy.

      report
    2. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      "That is democracy."
      Actually, it is plutocracy, since as I pointed out above, it is not one vote each, but the rich get far more votes than anyone else. In a society as massively unequal as the USA, this really makes a big difference and the deliberate blurring of political and economic freedoms (that is, the subsuming of political into economic freedoms) benefits only the powerful.

      report
    3. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      Actually, in any capitalist society, the "rich"have far fewer votes. There are many more people in the "middle classes"

      In total, they exceed the votes of the rich by many many times.

      But the arguement you have is not new. We have a right to be equally poor. That is what the heart of it is.

      report
    4. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      I think I might have given the wrong impression. So let me clarify; I am not talking about political votes. You were suggesting that democracy can be equated with the right of consumers to take their spending elsewhere if they don't like a particular corporation. My reply was that if this is democracy, then the "votes" (i.e. money) are not distributed evenly. The rich get many more "votes" with their money than the poor. And if we are considering the US context: "America’s wealthiest 1 percent accounted for 21 percent of all income in 2005, while the bottom 50 percent earned just 12.8." Inequality has increased since then.

      https://www.wsws.org/articles/2007/oct2007/usa-o16.shtml

      report
    5. Rockstar Philosopher

      Rockstar Philosopher

      In reply to Craig S Wright

      You're working on the assumption that consumers have any power, and that freedom of choice is akin to freedom of speech. I reject both hypothesis as fallacies.

      report
    6. Rockstar Philosopher

      Rockstar Philosopher

      In reply to Craig S Wright

      "socialist countries that are far more unequal."

      That is absolutely false. Byron has given you the evidence to go and chase that up. If you're unaware of the Gini index look into that. If you're able to honestly evaluate that it should fundamentally alter your understanding of ethics, politics and economics.

      report
    7. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Rockstar Philosopher

      Basically, the Gini index is one of the most flawed statistical lies used in the persuit of socialism as a goal.

      It makes so many false assumptions it is not funny. It does not class people by age and gender and does not account for differences in the distributions of age over time.

      It does not measure actual wealth and confuses income and wealth.

      It compares what it calls a measure of wealth (falsely) in different classes of populations.

      Please try reading something such as the following before…

      Read more
    8. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Rockstar Philosopher

      To expound further, the Gini index is not as you tout a measure of inequality, but one of income distribution without regard to age and other factors. It fails as a measure of inequality for many reasons, mainly as it does not measure wealth. Inequality is a measure more of wealth at a point in one’s life than over a generalized population.
      A person at 20 cannot be compared directly with one at 50. The same person at 20 does not have the wealth and resources of one at the age of 50 as one tends to…

      Read more
    9. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      ""America’s wealthiest 1 percent accounted for 21 percent of all income in 2005,"

      You have again mixed terms Byron. Income is not wealth.

      You have compared pensioners and students with working people in their 45-55 age range and called this a fair comparision.

      Yu cannot state "America’s wealthiest 1 percent accounted for 21 percent of all income in 2005," as this is not what you are actually comparing. Many of the top 1% income earners are far from being in the top of the wealth category.

      Further, most males in the US come into the top 5% income bracket and a significant amount enter the top 1% income bracket at some point in their careers.

      Please stop comparing 20 year old college students with 55 year old plumbers. This is exactly what you are doing and it is a common falacy that does nothing to help your arguement.

      report
    10. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      You are correct: income is not wealth. US wealth inequality is greater than income inequality.

      "Wealth inequality can be assessed by looking at the share of wealth owned by the richest 1% of Americans. In 2009, this Top 1% of U.S. households owned 35.6% of the nation’s private wealth. That’s more than the combined wealth of the bottom 90 percent."
      http://inequality.org/wp-content/uploads/2011/01/wealth-inequality-charts.pdf

      Now this is still comparing twenty year olds with fifty-five year olds…

      Read more
  4. Byron Smith
    Byron Smith is a Friend of The Conversation.

    Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

    A little more context for this article. Mercedes Renee Haefer, a twenty-year old journalism student, has been arrested and charged with participating in an "Anonymous" DDoS event. If convicted, she faces up to fifteen years of incarceration and $500,000 in fines.
    http://unlvrebelyell.com/2011/07/25/unlv-student-arrested-by-fbi-for-hacking-in-support-of-wikileaks/

    The average sentence for rape in the USA is 11.8 years.

    report
    1. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      Of course, a simple DDoS, something about the same as vandalism is not the extent of what Anonymous have done.

      Hacking police systems and releasing information is a recent example.

      Byron, do you support the release of operational information? A few EU Police agencies have been hacked and information has been taken and distributed by members of Anon. Do you support this? After all, that information is some of the same types of data that Wikileaks was promoting?

      The ongoing people smuggling operations that have been compromised and cancelled for that breach, do you support that as well, it is the result. What would you tell those woman and children in enforced sex slavery that will be left in that position as undercover operatives have been withdrawn now for their safety?

      It is simple to say it is JUST an economic protest. But what of the people’s lives that are effected by this?

      report
    2. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      "The average sentence for rape in the USA is 11.8 years."

      Here you are taking the average and comparing it to the maximum. Nice trick Byron.

      The Maximum sentance for "sexual assult" or "rape"as it was called is not the same as the average. The maximum is sentance for rape is life in the US.

      Here in Australia, the max sentance for perjury (lying in court) is 20 years. So, she is facing a sentance that is NOT as bad as lying to a judge.

      report
    3. Craig S Wright

      PhD; Adjunct Lecturer in Computer Science at Charles Sturt University

      In reply to Byron Smith

      "up to 15 years for participating in a DDoS is ridiculous"

      Generally I would as well. There could be exceptions, a DDoS against the Ambulance service for instance where life may be lost would be an example.

      report
    4. Rockstar Philosopher

      Rockstar Philosopher

      In reply to Craig S Wright

      Anonymous is an anarchistic organisation, you can't use one action to shed light on another because it is highly likely they are being done by complete different people for complete different reasons.

      report
    5. Byron Smith
      Byron Smith is a Friend of The Conversation.

      Ministry assistant, ecologcal ethicist and PhD candidate at University of Edinburgh

      In reply to Craig S Wright

      Let me clarify my previous comment. Your article is about both PayPal and Anonymous. My interest is focused on PayPal. I have no qualms in acknowledging that much of the activity that goes under the label "Anonymous" (which is, or at least claims to be, as RP notes, an anarchist movement (not even an organisation)) is puerile, illegal, destructive and irresponsible. My point was simply to note that PayPal is itself quite problematic, and to label it as a trusted organisation hides the very real questions about its actions regarding WikiLeaks.

      report