alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Libby]

Smth about learning to code I’m sure.

 

[Molly White]

Who’s Kenn Palm? Sorry. I just got here.

Kenn Palm was the founder and owner of IntrustDomains, the Colorado Springs-based company that Monster/Epik acquired in 2011. It was the source of the "shitty Russian code" and the captive dev team who created it. The company was apparently "at the forefront of bulk / automated domain sales spam" (per bmugford). Evidently Monster and Epik were using their drop catching services before the acquisition.

 

[Future Sensors]

I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.

 

[Derek Peterson]

I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.

I don't think anyone is gonna be in a rush to use Epik's code. Maybe some of the code from some project the acquired but even that I doubt.

 

[jmcc]

I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.

They may not get ICANN accreditation. If they are not accredited by ICANN then they are not an ICANN accredited registrar. This whole registrar/reseller thing is an issue within ICANN working groups as the market is a very different one from when the whole registry/registrar model was created. It was ok for the 1990s where the majority of the Internet was just US/CA/EU/AU/NZ/JP) but the Internet has evolved globally and some regions such as Africa have only a few ICANN registrars. There are more ccTLD registrars now than there are active ICANN registrars.

https://www.icann.org/resources/pages/accreditation-2012-02-25-en

The worrying thing, from a stability viewpoint, is that there may be other insecure registrars.

Regards...jmcc

 

[Derek Peterson]

And - knowing now that this was in fact a Kenn Palm's Intrust operation not a Rob Monster's Epik operation - also spammers and dropcatch scammers.

You think that is why Monster was saving all domain searches - trying to front run domains or at least trends?

 

[DN Playbook]

The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

The same can be said of hacktivists and online providers that are "not lovely people". Who are thugs, as you put it.

Kenn Palm was the founder and owner of IntrustDomains, the Colorado Springs-based company that Monster acquired in 2011. It was the source of the "shitty Russian code" and the captive dev team who created it. The company was apparently "at the forefront of bulk / automated domain sales spam" (per bmugford). Evidently Monster and Epik were using their drop catching services before the acquisition.

InTrustDomains was a shady business from the get go. So is there any surprise how we got here? How does the saying go? "Birds of a feather..."?

 

[Future Sensors]

They may not get ICANN accreditation.

Agree. But I used 'mimic'

 

[jmcc]

Agree. But I used 'mimic'

That would be unfortunate for them. The hard part is that the whole codebase would have to be reverse-engineered to see how it worked as otherwise it might be just a partial imitation/emulation. That would be adding a completely new set of potential vulnerabilities.

The sales platform code may be the basis for some imitation. That's a very competitive section of the market.

Regards...jmcc

 

[Future Sensors]

The code will certainly be inspirational for plenty of existing players in the domain registrar biz and aftermarket.

 

[Derek Peterson]

Agree. But I used 'mimic'

what is mimic?

 

[DN Playbook]

I don't think anyone is gonna be in a rush to use Epik's code. Maybe some of the code from some project the acquired but even that I doubt.

The code will certainly be inspirational for plenty of existing players in the domain registrar biz and aftermarket.

This feels like an experiment to create a brand, build it up, then sell it. The subsidiary brands/services were created very quickly, rushed. Like to make the company appear to have more value. I have never seen a company push out the door so many brands/services in such a short span of time. If the Russian "shitty code" was never fixed, who built those brands? I think you, @Derek Peterson, stated that these were white label reseller services by other companies. Given the short span of time in which they were launched, that would make sense. There doesn't appear to be any other rational explanation.

 

[Derek Peterson]

This feels like an experiment to create a brand, build it up, then sell it. The subsidiary brands/services were created very quickly, rushed. Like to make the company appear to have more value. I have never seen a company push out the door so many brands/services in such a short span of time. If the Russian "shitty code" was never fixed, who built those brands? I think you, @Derek Peterson, stated that these were white label reseller services by other companies. Given the short span of time in which they were launched, that would make sense. There doesn't appear to be any other rational explanation.

Exactly. That was the whole point. "Launch" a bunch of products (white label) and make the company look as much like GoDaddy as possible, from a biz perspective, get a big pay and cash out. The term is pump and dump.

He knows exactly what he is doing. he knew what he was doing 2 years ago when he lied about his white label VPN and called me a liar, loser, troll, etc etc and threatened to sue me and several other people. Just like he is doing now. It still amazes me how little he cares for others and how he can lie and attack people he knows that are telling the truth.

 

[Future Sensors]

There doesn't appear to be any other rational explanation.

Sometimes, such Swiss companies get created. And their marketing is superb. Engineers very talented.

https://en.wikipedia.org/wiki/Crypto_AG

 

[DN Playbook]

Sometimes, such Swiss companies get created. And their marketing is superb. Engineers very talented.

https://en.wikipedia.org/wiki/Crypto_AG

That's quite the rabbit hole. LOL. I wouldn't be surprised if CIA, DOJ, FBI, and other governments were monitoring/spying. But if any of them owned E it would have been run a lot smarter. LOL.

 

[Future Sensors]

That's quite the rabbit hole. LOL. I wouldn't be surprised if CIA, DOJ, FBI, and other governments were monitoring/spying. But if any of them owned E it would have been run a lot smarter. LOL.

I'm sure it will be found out. Including the ones investing in this business with their capital.

 

[Derek Peterson]

That's quite the rabbit hole. LOL. I wouldn't be surprised if CIA, DOJ, FBI, and other governments were monitoring/spying. But if any of them owned E it would have been run a lot smarter. LOL.

They probably were but they can't use the data to prosecute without warrants and they can't get the warrants without probable cause against individuals. No way they could blanket warrant to go on fishing expedition SO they use these hackers to do their dirty work and publish the data publicly, then they can use to bring charges or co-opt people with threats to work as CIs.

 

[Future Sensors]

what is mimic?

 

[Derek Peterson]

Show attachment 202272

Thanks so much I thought it was some open source software application for managing registrars.

 

[Future Sensors]

A quick glance learned that it were historical OpenVPN config files with secrets. That could possibly be another attack vector when historical VPN traffic was captured.

@Derek Peterson At time of writing, this was my best explanation. With the new information that got published about the breach, I have my doubts about the word 'historical' VPN traffic which might as well be 'current' VPN traffic. Still not sure, but have to alert of the possibility.