Dynadot

alert Epik Had A Major Breach

NameSilo
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
A quick glance learned that it were historical openvpn config files with secrets. That could possibly be another attack vector when historical vpn traffic was captured.

So all the traffic was being stored?
 
0
•••
Why their VPN is so critical for you?
You live in China, Iran, RF etc. or why???

No, but I do care about others. He was promising everyone it was fully secure and private but it was really a white label be had no control of, like pretty much every single thing at Epik. eg. their entire website.
 
Last edited:
0
•••
So all the traffic was being stored?

No sign that vpn traffic was captured or stored by Epik. Maybe. Other actors, also possible. Dots may be connected with the config files.
 
1
•••
No sign that vpn traffic was captured or stored by Epik. Maybe. Other actors, also possible. Dots may be connected with the config files.

That would be a huge story if URLs were visible from VPN users? Be great if someone dug into that.
 
0
•••
That would be a huge story if URLs were visible from VPN users? Be great if someone dug into that.

Please note, this is speculation, but serves to clarify how this works.

Parties that store encrypted VPN traffic are often state actors with many technical capabilities. These actors won't do that for just any single home user using a VPN, but a commercial party offering these services at large to a certain segment of interesting clients may be in their sights.

When network traffic is indeed stored, and that can be done at many different places in the network path (often via Internet exchanges where many parties peer data), you will not hear anything about it. Depending on how Epik has configured OpenVPN, historical network traffic can be decrypted. It is concerning that Epik kept all these historical OpenVPN config files on their servers/backups. Since they did this, I have a lot more questions about how they have properly configured all their super-secure services.

Edit/add:
https://en.wikipedia.org/wiki/Forward_secrecy
https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/
https://techcrunch.com/2018/06/25/nsa-att-intercept-surveillance/
 
Last edited:
2
•••
Why their VPN is so critical for you?
You live in China, Iran, RF etc. or why???
There are multitudes of reasons it's a good idea to use a trustworthy VPN besides living under those governments.
 
10
•••
Please note, this is speculation, but serves to clarify how this works.

Parties that store encrypted VPN traffic are often state actors with many technical capabilities. These actors won't do that for a single home user using a VPN, but a commercial party offering these services at large to certain clients may be in their sights.

When network traffic is indeed stored, and that can be at many different places in the network path (often via Internet exchanges where many parties peer data), you will not hear anything about it. Depending on how Epik has configured OpenVPN (q=perfect forward secrecy, etc) historical traffic can be decrypted. It is concerning that Epik kept all these historical OpenVPN config files on their servers/backups. Since they did this, I have a lot more questions about how they have properly configured all their super-secure services.

His first VPN was 100% white label so who knows what's up with that companies storage policy. After abuse in the Fediverse from a bunch of us he finally bought some servers and made his own VPN using that OS codeI guess, but I was always curious if he was storing URLs. I don't know how many people were actually using Epik VPN but if he was storing their URLs he would be in some serious hot water.
 
0
•••
0
•••
0
•••
What conversations?

You want to see which data is being exchanged (the content of websites, email conversations, chats, calls, etc). Since you mentioned "URLs", I wanted to clarify what parties that store encrypted network traffic are really looking for. Sometimes it can be metadata, sometimes it's more than that.
 
Last edited:
0
•••
You want to see which data is being exchanged (the content of websites, email conversations, chats, calls, etc). Since you mentioned "URLs", I wanted to clarify what parties that store encrypted network traffic are really looking for. Sometimes it can be metadata, sometimes it's more.

Hmm, I thought stored URLs was worst case scenario. There is money is data and Monster loves money. I really hope someone digs into this. Gab did same with their dumb browser, brave fork, recorded and sent every URL to some black box in the code. Brave called them out for that.
 
0
•••
Hmm, I thought stored URLs was worst case scenario. There is money is data and Monster loves money. I really hope someone digs into this. Gab did same with their dumb browser, brave fork, recorded and sent every URL to some black box in the code. Brave called them out for that.

My answers are based on security risks. Your approach seems to be more about commercializing user data. That is something else. Possibly. No idea. I have no reason to believe that happened.
 
0
•••
My answers are based on security risks. Your approach seems to be more about commercializing user data. That is something else. Possibly. No idea. I have no reason to believe that happened.

Mine is also security risk but all things are possible. but also, in many cases, like gab's case, owners are forced to add such thing to keep out of jail.
 
Last edited:
0
•••
If you want to remove this message it's fine, but it's all blanked out so nothing sensitive.

Just to give an idea what's out there being scraped on onion sites.

yxEoPWw.png


Another thing I've read is that a considerable percentage of the leaked clients IPs responded a scan with some open ports. That's one step away from a script with shellcode and a rsync of all their disk data.

I'm not saying users disks are also on onion, but some IPs were tested and found vulnerable to remote exploiting.
 
Last edited:
10
•••
but some IPs were tested

Are these Epik IPs associated with Russia as well?

Slightly related but relevant because of the "shitty Russian code" RM mentioned in the video meeting:

Russia excluded from 30-country meeting to fight ransomware and cyber crime
"WASHINGTON, Oct 13 (Reuters) - Russia was not invited to attend a 30-country virtual meeting led by the United States that is aimed at combating the growing threat of ransomware and other cyber crime, a senior administration official said. Many ransomware gangs operate from Ukraine and Russia, private sector cybersecurity experts say. Some U.S. officials and analysts have said Russian ransomware gangs operate with the Kremlin's tacit approval, but are not directly controlled by the government."
https://www.reuters.com/world/russi...eting-fight-ransomware-cyber-crime-2021-10-13
 
Last edited:
0
•••
These actors won't do that for just any single home user using a VPN, but a commercial party offering these services at large to a certain segment of interesting clients may be in their sights.
This video clip from the Day Of The Jackal sums up the difference between the approach of state level actors and that of hacktivists:

Regards...jmcc
 
2
•••
Considering that all of the Epik's code is public and the epic amount of holes in the code isn't Epik in a constant state of hack and if so how can they, in good faith, be taking people's credit cards, transferring domains or anything?

I bet Monster is afraid to announce that Epik is now fully secure because the hackers will post some funny image on Epik's homepage within hours.
 
2
•••
I bet Monster is afraid to announce that Epik is now fully secure because the hackers will post some funny image on Epik's homepage within hours.

This is what has been communicated by Epik in the overview of 'actions taken' by the company:

"Shut down all outside access endpoints into Epik’s systems;"

There are now several ways to interpret this further. Let's hope^wpray for the best.
 
Last edited:
2
•••
3
•••
2
•••
1
•••
Interesting. When was this approximately?

2019'ish. I've heard he has done the same with many alt-right companies. His dream is to take over Gab. Always has been. He may have started investing earlier this year and last when gab was down to about $20K in the bank and burning about $40K/month.
 
Last edited:
2
•••
2019'ish. I've heard he has done the same with many alt-right companies. His dream is to take over Gab. Always has been. He may have started investing earlier this year and last when gab was down to about $20K in the bank and burning about $40K/month.

I'm unable to check, but since you've provided supporting evidence on other matters here on several occasions, I'm inclined to believe this. This looks like very active acquisition. Relevant because I consider it the motive for the current data leaks by the ladies.
 
Last edited:
0
•••
2019'ish. I've heard he has done the same with many alt-right companies. His dream is to take over Gab. Always has been. He may have started investing earlier this year and last when gab was down to about $20K in the take and burning about $40K/month.

Before he takes over Gab he may want to check out your video naming Gab as a pedo site. That would be a bad business move if you're correct
 
1
•••
Before he takes over Gab he may want to check out your video naming Gab as a pedo site. That would be a bad business move if you're correct

I told Monster of Gab's pedo problems within weeks of him taking their domain to Epik (see attachment). He called me a liar and threatened me and tried to make me take down by videos exposing gab.

The hosting company Epik purchased, where gab was hosting at that time, was 3 literal teens running a couple servers on leased racks that hosted lolicon and pedo porn doing about $2.500/month in revenues.

Epik currently HOSTS tons of pedo site.
 

Attachments

  • first email to the monster.png
    first email to the monster.png
    130.9 KB · Views: 118
Last edited:
0
•••
Back