Labeled as alert in Warnings and Alerts, started by Silentptnr, Sep 14, 2021
So all the traffic was being stored?
No, but I do care about others. He was promising everyone it was fully secure and private but it was really a white label be had no control of, like pretty much every single thing at Epik. eg. their entire website.
No sign that vpn traffic was captured or stored by Epik. Maybe. Other actors, also possible. Dots may be connected with the config files.
That would be a huge story if URLs were visible from VPN users? Be great if someone dug into that.
Please note, this is speculation, but serves to clarify how this works.
Parties that store encrypted VPN traffic are often state actors with many technical capabilities. These actors won't do that for just any single home user using a VPN, but a commercial party offering these services at large to a certain segment of interesting clients may be in their sights.
When network traffic is indeed stored, and that can be done at many different places in the network path (often via Internet exchanges where many parties peer data), you will not hear anything about it. Depending on how Epik has configured OpenVPN, historical network traffic can be decrypted. It is concerning that Epik kept all these historical OpenVPN config files on their servers/backups. Since they did this, I have a lot more questions about how they have properly configured all their super-secure services.
There are multitudes of reasons it's a good idea to use a trustworthy VPN besides living under those governments.
His first VPN was 100% white label so who knows what's up with that companies storage policy. After abuse in the Fediverse from a bunch of us he finally bought some servers and made his own VPN using that OS codeI guess, but I was always curious if he was storing URLs. I don't know how many people were actually using Epik VPN but if he was storing their URLs he would be in some serious hot water.
URLs are only metadata. You want to have the content of conversations.
You want to see which data is being exchanged (the content of websites, email conversations, chats, calls, etc). Since you mentioned "URLs", I wanted to clarify what parties that store encrypted network traffic are really looking for. Sometimes it can be metadata, sometimes it's more than that.
Hmm, I thought stored URLs was worst case scenario. There is money is data and Monster loves money. I really hope someone digs into this. Gab did same with their dumb browser, brave fork, recorded and sent every URL to some black box in the code. Brave called them out for that.
My answers are based on security risks. Your approach seems to be more about commercializing user data. That is something else. Possibly. No idea. I have no reason to believe that happened.
Mine is also security risk but all things are possible. but also, in many cases, like gab's case, owners are forced to add such thing to keep out of jail.
If you want to remove this message it's fine, but it's all blanked out so nothing sensitive.
Just to give an idea what's out there being scraped on onion sites.
Another thing I've read is that a considerable percentage of the leaked clients IPs responded a scan with some open ports. That's one step away from a script with shellcode and a rsync of all their disk data.
I'm not saying users disks are also on onion, but some IPs were tested and found vulnerable to remote exploiting.
Are these Epik IPs associated with Russia as well?
Slightly related but relevant because of the "shitty Russian code" RM mentioned in the video meeting:
Russia excluded from 30-country meeting to fight ransomware and cyber crime
"WASHINGTON, Oct 13 (Reuters) - Russia was not invited to attend a 30-country virtual meeting led by the United States that is aimed at combating the growing threat of ransomware and other cyber crime, a senior administration official said. Many ransomware gangs operate from Ukraine and Russia, private sector cybersecurity experts say. Some U.S. officials and analysts have said Russian ransomware gangs operate with the Kremlin's tacit approval, but are not directly controlled by the government."
This video clip from the Day Of The Jackal sums up the difference between the approach of state level actors and that of hacktivists:
Considering that all of the Epik's code is public and the epic amount of holes in the code isn't Epik in a constant state of hack and if so how can they, in good faith, be taking people's credit cards, transferring domains or anything?
I bet Monster is afraid to announce that Epik is now fully secure because the hackers will post some funny image on Epik's homepage within hours.
This is what has been communicated by Epik in the overview of 'actions taken' by the company:
"Shut down all outside access endpoints into Epik’s systems;"
There are now several ways to interpret this further. Let's hope^wpray for the best.
This is a good read. and largely accurate for the most part.
I can confirm his expertise.
Welcome to the forum.
Interesting. When was this approximately?
2019'ish. I've heard he has done the same with many alt-right companies. His dream is to take over Gab. Always has been. He may have started investing earlier this year and last when gab was down to about $20K in the bank and burning about $40K/month.
I'm unable to check, but since you've provided supporting evidence on other matters here on several occasions, I'm inclined to believe this. This looks like very active acquisition. Relevant because I consider it the motive for the current data leaks by the ladies.
Before he takes over Gab he may want to check out your video naming Gab as a pedo site. That would be a bad business move if you're correct
I told Monster of Gab's pedo problems within weeks of him taking their domain to Epik (see attachment). He called me a liar and threatened me and tried to make me take down by videos exposing gab.
The hosting company Epik purchased, where gab was hosting at that time, was 3 literal teens running a couple servers on leased racks that hosted lolicon and pedo porn doing about $2.500/month in revenues.
Epik currently HOSTS tons of pedo site.
Separate names with a comma.