There Goes PayPal As A Money Laundering Tool
from the for-those-of-you-who-do-that-sort-of-thing dept
Not that any of you would be using PayPal to stash cash overseas to hide it from the IRS, but if you were doing so… you might want to look for an alternative. We had noted last year that PayPal might be cooperating with the IRS, but apparently they were resisting at least some aspects of the requests from the IRS and the Department of Justice. However, a court has now ruled that the IRS has every right to investigate potential tax cheats using PayPal by requiring the company to turn over data on users who have credit cards from certain “tax haven” countries. It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.
Comments on “There Goes PayPal As A Money Laundering Tool”
“It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.”
That’s the understatement of the year. PayPal is eBay, the same eBay who forks over user data (including passwords) when it receives a simple fax asking for it:
Now that’s Tech Dirt !
the FIXED link:
thanks – it is a good read!!
no shit you got that right my brother AMEN!!!!!!!!!
You are wrong
Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.
Yes, I know this for an absolute positive fact, had to work on the shit long enough.
Re: You are wrong
“Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack.”
Someone likes to smoke crack instead of READING THE FUCKING ARTICLES people provide to back up their post:
Re: Re: You are wrong
No, you’re dead wrong. How about instead of believing everything you read on a website that is anti-[insert company here], read what the policy is. People like you blindly forward hoax emails and take them as the truth (go check out snopes
before you do that again). I present for your reading pleasure:
We may also share your personal information with:
law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity; (In such events we will disclose name, city, state, telephone number, email address, User ID history, fraud complaints, and bidding and listing history.)
Re: Re: Re: You are wrong
Not much to debate here...
No grounds to argue! Ebay = PayPal. Who are the idiots that thought that they could avoid the IRS? As certain to fail as cheating death…
sorry, Grim Reaper, but I transferred my life to an offshore account. I sold my soul on Ebay and they paid via PayPal.
Then, I transferred the funds to the Prince in Nigeria that keeps sending me those emails asking for my account number so that he can get his millions of dollars transferred to US dollars. He said he’d gimme 10% or something.
I’ve been hiding $127.43 there for years.
Thats if paypal doesnt steal it from you first
Back a while ago I had quite a bit of money in paypal for selling things online, then one day my account was suspended. They never gave me a solid reason, but sure liked to take my money.
Point being, sure you can hide money from the IRS there I assume, but you also run a good chance of paypal taking it for no reason.
Randy: are you on crack?
So what if the password is hashed before it gets to the database. If you create the key that is used for the hash then you can decrypt the password any time you like.
Re: Randy: are you on crack?
Any sensible developer would assume it’s a one way, non reversible hash.
#1 lol, they have a database management program, which doesnt display in code, but actually enables to search by username.
#2 Yes it displays an encoded password. But any idiot can see by looking at the password (encoded) as to which encoding was used and search google for a decoder, I use them alot for lost passwords on a system I am still developing.
I thought teh whole point of a hash is you can’t easily decode it? How can you tell how it’s encoded by looking at it? Aren’t they all just random looking strings of numbers and letters?
Re: Hash etc
A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.
If you have the key that encrypts the password, it’s usually possible to unencrypt it.
It is clear none of you debating me understand the concept of a one-way hash. No, it is NOT possible for eBay to provide the original password; same with Paypal. This is why you cannot get them to send you your password; they can only reset your password. Have you noticed other places, that are even less secure, such as E*Trade, do the same?
This is also part of Sorbanes Oxley requirements. Welcome to computer science 101.
Even knowing the key, finding any set of characters that hashes to the same value is incredibly difficult (read: computing years of time).
Re: Learn cryptography
Randy is quite right – for a lowdown on the difficulty of brute-forcing a one-way hash, check out the link below, using MD5 as an example:
To quote the article:
“To find such message (assuming it exists) it would take a machine that could try 1,000,000,000 messages per second about 1.07 times 1022 years. (To find m would require the same amount of time.) ”
If you’re able to decrypt such a cipher it’s usually because there is a particular weakness in the algorithm, or because you are in possession of information that will give you an edge. Either way:
1) Why would eBay waste their time cracking a password when they can change it?
2) We can safely assume that a company making the money eBay does has invested funds in ensuring a secure solution for user passwords.
I don’t care what the article says. I also read an article that the holocaust never happened, and another article about santa claus. I am telling you nothing more than a hard cold fact that is indisputable.
Ebay can CHANGE your password, even to something they know… but they cannot provide the password you chose. That is a physical impossibility.
“I don’t care what the article says…Ebay can CHANGE your password, even to something they know… but they cannot provide the password you chose.”
The contention is that eBay will provide law enforcement with a password to access accounts. Who said anything about the original password? Btw, that’s the eBay head of security quoted in TFA.
First off, my comment was not at all geared towards you so I have no idea why your so enraged in a response towards me. I was simply trying to explain what your average hash is to Ragz.
Second, let’s take a look at what I said shall we?
“A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.
If you have the key that encrypts the password, it’s usually possible to unencrypt it.”
Note the word usually in my last sentence. I by no means meant 100% of the time you can reverse a hash, or was I attempting to slander anything you said. Ebay and Paypal very easily could have an algorithim that is very hard to unencrypt.
Next time try to read a bit more carefully before you blow your hot head around and relate a simple explanation to things like an article denying the Holocaust…
Re: Re: JL
Huh, enraged? Thanks for the crypto enlightenment. But when someone starts a sentence with “I don’t care what the article says” and disputes something not mentioned in it or in posts for that matter, I’d say that’s webrage for ya. No hard feelings though, let’s keep it civil.
Crypto & Policy
Yes, A one way hash is called a “One-Way Hash” for a reason. However there are other ways to “crack” a password… brute force, etc. which don’t really matter what method is used to encrypt it.
Also any customer service employee who feels like breaking policy can change the password of anyone’s account at anytime they choose, login & get any info they want. But if that’s what you are arguing, then all I can say is that you should never conduct any money transaction over the internet b/c every company you do business with can do the same.
where are honest money hiders supposed to hide their money now?
wow, just wow.
i see everyone’s drawn out their e-peens for this.
of course they can give law enforcement access to anyone’s records by resetting the password or using special authentication for flagged accounts like a one time pass or a “master key” law enforcement can use on flagged accounts. jesus christ, are you guys that dumb enough to spend 293840 comments trying to show off your knowledge about hash functions and cracking md5, 3des, etc when it doesn’t matter? apparently so. even if mention was made in an article about transmitting of a user’s “original password”, it’s probably just an easy way for a journalist to explain the process of giving a third party access to someone’s account records.
We use paypal at funny
t-shirts and i haven’t thought about hiding money…but I guess that takes a backseat to the illegal immigrants we hire to make our shirts!
Nice and informative.
I got my mom a paypal account
her password is her name..sshhhhh!