There Goes PayPal As A Money Laundering Tool

from the for-those-of-you-who-do-that-sort-of-thing dept

Not that any of you would be using PayPal to stash cash overseas to hide it from the IRS, but if you were doing so... you might want to look for an alternative. We had noted last year that PayPal might be cooperating with the IRS, but apparently they were resisting at least some aspects of the requests from the IRS and the Department of Justice. However, a court has now ruled that the IRS has every right to investigate potential tax cheats using PayPal by requiring the company to turn over data on users who have credit cards from certain "tax haven" countries. It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Mike, Apr 11th, 2006 @ 8:06pm

    LMAO...LOL

    "It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work."

    That's the understatement of the year. PayPal is eBay, the same eBay who forks over user data (including passwords) when it receives a simple fax asking for it:

    http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=925

    Now that's Tech Dirt !

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    David Mcleod, Apr 11th, 2006 @ 9:00pm

    no shit you got that right my brother AMEN!!!!!!!!!

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 11th, 2006 @ 9:06pm

    Re: LMAO...LOL

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Randy, Apr 11th, 2006 @ 9:12pm

    You are wrong

    Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.
    Yes, I know this for an absolute positive fact, had to work on the shit long enough.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Professor Highbrow, Apr 11th, 2006 @ 9:12pm

    Not much to debate here...

    No grounds to argue! Ebay = PayPal. Who are the idiots that thought that they could avoid the IRS? As certain to fail as cheating death...

    sorry, Grim Reaper, but I transferred my life to an offshore account. I sold my soul on Ebay and they paid via PayPal.
    Then, I transferred the funds to the Prince in Nigeria that keeps sending me those emails asking for my account number so that he can get his millions of dollars transferred to US dollars. He said he'd gimme 10% or something.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    cw, Apr 11th, 2006 @ 9:29pm

    I've been hiding $127.43 there for years.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    John, Apr 11th, 2006 @ 10:52pm

    Thats if paypal doesnt steal it from you first

    Back a while ago I had quite a bit of money in paypal for selling things online, then one day my account was suspended. They never gave me a solid reason, but sure liked to take my money.

    Point being, sure you can hide money from the IRS there I assume, but you also run a good chance of paypal taking it for no reason.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Scott, Apr 11th, 2006 @ 11:08pm

    Randy: are you on crack?

    So what if the password is hashed before it gets to the database. If you create the key that is used for the hash then you can decrypt the password any time you like.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    like duh doooood, Apr 11th, 2006 @ 11:27pm

    Re: Randy: are you on crack?

    Any sensible developer would assume it's a one way, non reversible hash.

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Luke, Apr 12th, 2006 @ 12:14am

    Psssssssssh

    Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.
    Yes, I know this for an absolute positive fact, had to work on the shit long enough.


    #1 lol, they have a database management program, which doesnt display in code, but actually enables to search by username.

    #2 Yes it displays an encoded password. But any idiot can see by looking at the password (encoded) as to which encoding was used and search google for a decoder, I use them alot for lost passwords on a system I am still developing.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Ragz, Apr 12th, 2006 @ 4:18am

    Hash etc

    I thought teh whole point of a hash is you can't easily decode it? How can you tell how it's encoded by looking at it? Aren't they all just random looking strings of numbers and letters?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Mike, Apr 12th, 2006 @ 4:32am

    Re: You are wrong

    "Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack."

    Someone likes to smoke crack instead of READING THE FUCKING ARTICLES people provide to back up their post:

    http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=925

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    JL, Apr 12th, 2006 @ 4:57am

    Re: Hash etc

    A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.

    If you have the key that encrypts the password, it's usually possible to unencrypt it.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Randy, Apr 12th, 2006 @ 5:14am

    Learn cryptography

    It is clear none of you debating me understand the concept of a one-way hash. No, it is NOT possible for eBay to provide the original password; same with Paypal. This is why you cannot get them to send you your password; they can only reset your password. Have you noticed other places, that are even less secure, such as E*Trade, do the same?

    This is also part of Sorbanes Oxley requirements. Welcome to computer science 101.

    Even knowing the key, finding any set of characters that hashes to the same value is incredibly difficult (read: computing years of time).

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Randy, Apr 12th, 2006 @ 5:17am

    JL

    I don't care what the article says. I also read an article that the holocaust never happened, and another article about santa claus. I am telling you nothing more than a hard cold fact that is indisputable.

    Ebay can CHANGE your password, even to something they know... but they cannot provide the password you chose. That is a physical impossibility.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Andy, Apr 12th, 2006 @ 5:30am

    Re: Learn cryptography

    Randy is quite right - for a lowdown on the difficulty of brute-forcing a one-way hash, check out the link below, using MD5 as an example:

    http://www.iusmentis.com/technology/encryption/pgp/pgpattackfaq/hash/

    To quote the article:

    "To find such message (assuming it exists) it would take a machine that could try 1,000,000,000 messages per second about 1.07 times 1022 years. (To find m would require the same amount of time.) "

    If you're able to decrypt such a cipher it's usually because there is a particular weakness in the algorithm, or because you are in possession of information that will give you an edge. Either way:

    1) Why would eBay waste their time cracking a password when they can change it?

    2) We can safely assume that a company making the money eBay does has invested funds in ensuring a secure solution for user passwords.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Brad, Apr 12th, 2006 @ 5:41am

    Crypto & Policy

    Yes, A one way hash is called a "One-Way Hash" for a reason. However there are other ways to "crack" a password... brute force, etc. which don't really matter what method is used to encrypt it.
    Also any customer service employee who feels like breaking policy can change the password of anyone's account at anytime they choose, login & get any info they want. But if that's what you are arguing, then all I can say is that you should never conduct any money transaction over the internet b/c every company you do business with can do the same.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Mike, Apr 12th, 2006 @ 5:46am

    Re: JL

    "I don't care what the article says...Ebay can CHANGE your password, even to something they know... but they cannot provide the password you chose."

    The contention is that eBay will provide law enforcement with a password to access accounts. Who said anything about the original password? Btw, that's the eBay head of security quoted in TFA.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    JL, Apr 12th, 2006 @ 5:52am

    Re: JL

    First off, my comment was not at all geared towards you so I have no idea why your so enraged in a response towards me. I was simply trying to explain what your average hash is to Ragz.

    Second, let's take a look at what I said shall we?

    "A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.

    If you have the key that encrypts the password, it's usually possible to unencrypt it."

    Note the word usually in my last sentence. I by no means meant 100% of the time you can reverse a hash, or was I attempting to slander anything you said. Ebay and Paypal very easily could have an algorithim that is very hard to unencrypt.

    Next time try to read a bit more carefully before you blow your hot head around and relate a simple explanation to things like an article denying the Holocaust...

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Mike, Apr 12th, 2006 @ 6:01am

    Re: Re: JL

    Huh, enraged? Thanks for the crypto enlightenment. But when someone starts a sentence with "I don't care what the article says" and disputes something not mentioned in it or in posts for that matter, I'd say that's webrage for ya. No hard feelings though, let's keep it civil.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Apr 12th, 2006 @ 11:27am

    where!!

    where are honest money hiders supposed to hide their money now?

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    discojohnson, Apr 12th, 2006 @ 7:06pm

    Re: Re: You are wrong

    No, you're dead wrong. How about instead of believing everything you read on a website that is anti-[insert company here], read what the policy is. People like you blindly forward hoax emails and take them as the truth (go check out snopes before you do that again). I present for your reading pleasure:

    We may also share your personal information with:

    law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity; (In such events we will disclose name, city, state, telephone number, email address, User ID history, fraud complaints, and bidding and listing history.)


    this is from ebay's privacy policy

     

    reply to this | link to this | view in thread ]

  23.  
    identicon
    Mike, Apr 14th, 2006 @ 7:15am

    Re: Re: Re: You are wrong

    The article is from YALE.EDU (not some anti-insert company here website), it quotes eBay's head of security. Perhaps eBay has revised their privacy policy since that scandal broke out (how many years late), but that doesn't excuse their behavior.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    ezra burgoyne, Feb 14th, 2007 @ 2:57am

    just wow

    ...

    wow, just wow.
    i see everyone's drawn out their e-peens for this.

    of course they can give law enforcement access to anyone's records by resetting the password or using special authentication for flagged accounts like a one time pass or a "master key" law enforcement can use on flagged accounts. jesus christ, are you guys that dumb enough to spend 293840 comments trying to show off your knowledge about hash functions and cracking md5, 3des, etc when it doesn't matter? apparently so. even if mention was made in an article about transmitting of a user's "original password", it's probably just an easy way for a journalist to explain the process of giving a third party access to someone's account records.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    Mike, Apr 13th, 2007 @ 7:12am

    PAYPAL

    We use paypal at funny t-shirts and i haven't thought about hiding money...but I guess that takes a backseat to the illegal immigrants we hire to make our shirts!

     

    reply to this | link to this | view in thread ]

  26.  
    identicon
    cheap accutane, Oct 28th, 2008 @ 4:39pm

    Re: Re: LMAO...LOL

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Frank, Apr 20th, 2010 @ 10:59am

    Informative

    Nice and informative. GoTankless.com

     

    reply to this | link to this | view in thread ]

  28.  
    identicon
    Kelly, Feb 1st, 2011 @ 6:28pm

    I got my mom a paypal account

    her password is her name..sshhhhh!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This