Perhaps The Window For Questionable IPOs Is Opening Up

There Goes PayPal As A Money Laundering Tool

from the for-those-of-you-who-do-that-sort-of-thing dept

Tue, Apr 11th 2006 7:55pm — Mike Masnick

Not that any of you would be using PayPal to stash cash overseas to hide it from the IRS, but if you were doing so... you might want to look for an alternative. We had noted last year that PayPal might be cooperating with the IRS, but apparently they were resisting at least some aspects of the requests from the IRS and the Department of Justice. However, a court has now ruled that the IRS has every right to investigate potential tax cheats using PayPal by requiring the company to turn over data on users who have credit cards from certain "tax haven" countries. It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

28 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Mike, 11 Apr 2006 @ 8:06pm

LMAO...LOL
"It still is somewhat amazing that people actually would think that hiding money via PayPal was likely to work."

That's the understatement of the year. PayPal is eBay, the same eBay who forks over user data (including passwords) when it receives a simple fax asking for it:

http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=925

Now that's Tech Dirt !
[ link to this | view in chronology ]
- Anonymous Coward, 11 Apr 2006 @ 9:06pm
  
  Re: LMAO...LOL
  the FIXED link:
  http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=925
  
  thanks - it is a good read!!
  [ link to this | view in chronology ]
  - cheap accutane, 28 Oct 2008 @ 4:39pm
    
    Re: Re: LMAO...LOL
    [ link to this | view in chronology ]
David Mcleod, 11 Apr 2006 @ 9:00pm

no shit you got that right my brother AMEN!!!!!!!!!
[ link to this | view in chronology ]
Randy, 11 Apr 2006 @ 9:12pm

You are wrong
Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.
Yes, I know this for an absolute positive fact, had to work on the shit long enough.
[ link to this | view in chronology ]
- Mike, 12 Apr 2006 @ 4:32am
  
  Re: You are wrong
  "Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack."
  
  Someone likes to smoke crack instead of READING THE FUCKING ARTICLES people provide to back up their post:
  
  http://research.yale.edu/lawmeme/modules.php?name=News&file=article&sid=925
  [ link to this | view in chronology ]
  - discojohnson, 12 Apr 2006 @ 7:06pm
    
    Re: Re: You are wrong
    No, you're dead wrong. How about instead of believing everything you read on a website that is anti-[insert company here], read what the policy is. People like you blindly forward hoax emails and take them as the truth (go check out snopes before you do that again). I present for your reading pleasure:
    
    We may also share your personal information with:
    
    law enforcement or other governmental officials, in response to a verified request relating to a criminal investigation or alleged illegal activity; (In such events we will disclose name, city, state, telephone number, email address, User ID history, fraud complaints, and bidding and listing history.)
    
    this is from ebay's privacy policy
    [ link to this | view in chronology ]
    - Mike, 14 Apr 2006 @ 7:15am
      
      Re: Re: Re: You are wrong
      The article is from YALE.EDU (not some anti-insert company here website), it quotes eBay's head of security. Perhaps eBay has revised their privacy policy since that scandal broke out (how many years late), but that doesn't excuse their behavior.
      [ link to this | view in chronology ]
Professor Highbrow, 11 Apr 2006 @ 9:12pm

Not much to debate here...
No grounds to argue! Ebay = PayPal. Who are the idiots that thought that they could avoid the IRS? As certain to fail as cheating death...

sorry, Grim Reaper, but I transferred my life to an offshore account. I sold my soul on Ebay and they paid via PayPal.
Then, I transferred the funds to the Prince in Nigeria that keeps sending me those emails asking for my account number so that he can get his millions of dollars transferred to US dollars. He said he'd gimme 10% or something.
[ link to this | view in chronology ]
cw, 11 Apr 2006 @ 9:29pm

I've been hiding $127.43 there for years.
[ link to this | view in chronology ]
John, 11 Apr 2006 @ 10:52pm

Thats if paypal doesnt steal it from you first
Back a while ago I had quite a bit of money in paypal for selling things online, then one day my account was suspended. They never gave me a solid reason, but sure liked to take my money.

Point being, sure you can hide money from the IRS there I assume, but you also run a good chance of paypal taking it for no reason.
[ link to this | view in chronology ]
Scott, 11 Apr 2006 @ 11:08pm

Randy: are you on crack?
So what if the password is hashed before it gets to the database. If you create the key that is used for the hash then you can decrypt the password any time you like.
[ link to this | view in chronology ]
- like duh doooood, 11 Apr 2006 @ 11:27pm
  
  Re: Randy: are you on crack?
  Any sensible developer would assume it's a one way, non reversible hash.
  [ link to this | view in chronology ]
Luke, 12 Apr 2006 @ 12:14am

Psssssssssh
Ebay is screwed up in a lot of ways, but if you think they CAN provide passwords, you are on crack. They do not HAVE the password you idiot. It is hashed before it is stored in the DB.
Yes, I know this for an absolute positive fact, had to work on the shit long enough.

#1 lol, they have a database management program, which doesnt display in code, but actually enables to search by username.

#2 Yes it displays an encoded password. But any idiot can see by looking at the password (encoded) as to which encoding was used and search google for a decoder, I use them alot for lost passwords on a system I am still developing.
[ link to this | view in chronology ]
Ragz, 12 Apr 2006 @ 4:18am

Hash etc
I thought teh whole point of a hash is you can't easily decode it? How can you tell how it's encoded by looking at it? Aren't they all just random looking strings of numbers and letters?
[ link to this | view in chronology ]
- JL, 12 Apr 2006 @ 4:57am
  
  Re: Hash etc
  A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.
  
  If you have the key that encrypts the password, it's usually possible to unencrypt it.
  [ link to this | view in chronology ]
Randy, 12 Apr 2006 @ 5:14am

Learn cryptography
It is clear none of you debating me understand the concept of a one-way hash. No, it is NOT possible for eBay to provide the original password; same with Paypal. This is why you cannot get them to send you your password; they can only reset your password. Have you noticed other places, that are even less secure, such as E*Trade, do the same?

This is also part of Sorbanes Oxley requirements. Welcome to computer science 101.

Even knowing the key, finding any set of characters that hashes to the same value is incredibly difficult (read: computing years of time).
[ link to this | view in chronology ]
- Andy, 12 Apr 2006 @ 5:30am
  
  Re: Learn cryptography
  Randy is quite right - for a lowdown on the difficulty of brute-forcing a one-way hash, check out the link below, using MD5 as an example:
  
  http://www.iusmentis.com/technology/encryption/pgp/pgpattackfaq/hash/
  
  To quote the article:
  
  "To find such message (assuming it exists) it would take a machine that could try 1,000,000,000 messages per second about 1.07 times 1022 years. (To find m would require the same amount of time.) "
  
  If you're able to decrypt such a cipher it's usually because there is a particular weakness in the algorithm, or because you are in possession of information that will give you an edge. Either way:
  
  1) Why would eBay waste their time cracking a password when they can change it?
  
  2) We can safely assume that a company making the money eBay does has invested funds in ensuring a secure solution for user passwords.
  [ link to this | view in chronology ]
Randy, 12 Apr 2006 @ 5:17am

JL
I don't care what the article says. I also read an article that the holocaust never happened, and another article about santa claus. I am telling you nothing more than a hard cold fact that is indisputable.

Ebay can CHANGE your password, even to something they know... but they cannot provide the password you chose. That is a physical impossibility.
[ link to this | view in chronology ]
- Mike, 12 Apr 2006 @ 5:46am
  
  Re: JL
  "I don't care what the article says...Ebay can CHANGE your password, even to something they know... but they cannot provide the password you chose."
  
  The contention is that eBay will provide law enforcement with a password to access accounts. Who said anything about the original password? Btw, that's the eBay head of security quoted in TFA.
  [ link to this | view in chronology ]
- JL, 12 Apr 2006 @ 5:52am
  
  Re: JL
  First off, my comment was not at all geared towards you so I have no idea why your so enraged in a response towards me. I was simply trying to explain what your average hash is to Ragz.
  
  Second, let's take a look at what I said shall we?
  
  "A Hash is a security algorithim that uses a key (a series of letters and numbers) and changes whatever your changing into a series of letters, numbers, and symbols.
  
  If you have the key that encrypts the password, it's usually possible to unencrypt it."
  
  Note the word usually in my last sentence. I by no means meant 100% of the time you can reverse a hash, or was I attempting to slander anything you said. Ebay and Paypal very easily could have an algorithim that is very hard to unencrypt.
  
  Next time try to read a bit more carefully before you blow your hot head around and relate a simple explanation to things like an article denying the Holocaust...
  [ link to this | view in chronology ]
  - Mike, 12 Apr 2006 @ 6:01am
    
    Re: Re: JL
    Huh, enraged? Thanks for the crypto enlightenment. But when someone starts a sentence with "I don't care what the article says" and disputes something not mentioned in it or in posts for that matter, I'd say that's webrage for ya. No hard feelings though, let's keep it civil.
    [ link to this | view in chronology ]
Brad, 12 Apr 2006 @ 5:41am

Crypto & Policy
Yes, A one way hash is called a "One-Way Hash" for a reason. However there are other ways to "crack" a password... brute force, etc. which don't really matter what method is used to encrypt it.
Also any customer service employee who feels like breaking policy can change the password of anyone's account at anytime they choose, login & get any info they want. But if that's what you are arguing, then all I can say is that you should never conduct any money transaction over the internet b/c every company you do business with can do the same.
[ link to this | view in chronology ]
Anonymous Coward, 12 Apr 2006 @ 11:27am

where!!
where are honest money hiders supposed to hide their money now?
[ link to this | view in chronology ]
ezra burgoyne, 14 Feb 2007 @ 2:57am

just wow
...

wow, just wow.
i see everyone's drawn out their e-peens for this.

of course they can give law enforcement access to anyone's records by resetting the password or using special authentication for flagged accounts like a one time pass or a "master key" law enforcement can use on flagged accounts. jesus christ, are you guys that dumb enough to spend 293840 comments trying to show off your knowledge about hash functions and cracking md5, 3des, etc when it doesn't matter? apparently so. even if mention was made in an article about transmitting of a user's "original password", it's probably just an easy way for a journalist to explain the process of giving a third party access to someone's account records.
[ link to this | view in chronology ]
Mike, 13 Apr 2007 @ 7:12am

PAYPAL
We use paypal at funny t-shirts and i haven't thought about hiding money...but I guess that takes a backseat to the illegal immigrants we hire to make our shirts!
[ link to this | view in chronology ]
Frank, 20 Apr 2010 @ 10:59am

Informative
Nice and informative. GoTankless.com
[ link to this | view in chronology ]
Kelly, 1 Feb 2011 @ 6:28pm

I got my mom a paypal account
her password is her name..sshhhhh!
[ link to this | view in chronology ]