alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Windoms]

If a man robbed your neighbors house, would you blame the cheap lock and then tell him he deserved it because of the people he does business with?

Lol if neighbors are drug dealers storing drugs, its normal.
Guilty by association, your responsibility to know where you are putting your feet.
There's a reason why other registrars wouldnt touch these guys.
Rob extended his hands to them.
His actions, his consequences.

Not like the neighbor was an innocent old lady distributing free speech flyers.
She was also protecting and broadcasting their ideas, when everyone else kicked them out because of what they were plotting/discussing.
Now her house got burned down, and everyone thinks she's part of them.

Sounds normal.

 

[mr-x]

Lol if neighbors are drug dealers storing drugs, its normal.
Guilty by association, your responsibility to know where you are putting your feet.
There's a reason why other registrars wouldnt touch these guys.
Rob extended his hands to them.
His actions, his consequences.

Not like the neighbor was an innocent old lady distributing free speech flyers.
She was also protecting and broadcasting their ideas, when everyone else kicked them out because of what they were plotting/discussing.
Now her house got burned down, and everyone thinks she's part of them.

Sounds normal.

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

Epik wasn't dealing drugs. They did business with people with objectionable politics.

 

[Paul]

I would say "made worse" by Epik's lack of data security. I doubt we hear about most breaches but I look forward to the post analysis.

Brad has articulated the issue fairly well. Epik was keen on comparing themselves to a bank, and they certainly weren't concerned about making themselves a target. Even without those two factors, the lack of security we're seeing in the leaked data is far from acceptable.

The practices evident in their code are some of the worst I've seen in at least a decade, especially for a company as prominent as a registrar. It feels like the early 2000's all over again, when companies were still learning that security was important.

Guilty by association, your responsibility to know where you are putting your feet.

That isn't a fair argument: https://en.wikipedia.org/wiki/Association_fallacy This is also getting fairly political and isn't of much immediate consequence.

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

There are going to be knee-jerk reactions to this in which people feel as though their opinions were validated, and it's going to be difficult for them to keep their respective ideologies and impressions of Epik out of their posts. That doesn't mean you should respond in kind.

This also just isn't a productive line of reasoning; it's akin to people saying, "I told you so," and others responding with, "So you're saying they deserved it?" Epik's policies have been discussed extensively elsewhere on NamePros for years--it always descends into a flame war.

Edit: Typo

 

[Windoms]

So Epick deserved to be hacked and their customers are fools for not realizing how evil Epik is standing up for the #1A, Bill of Rights and Constitution.

Epik wasn't dealing drugs. They did business with people with objectionable politics.

Show attachment 200903

Whether they deserved it or not, they knew it was coming.
Therefore a minimum of security.
That is the unforgivable mistake, which turned this into a joke.

Bitmitigate, vpn services, swiss security safety vault stories..
Lame.

 

[Jona4s]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

 

[mr-x]

Brad has articulated the issue fairly well. Epik was keen on comparing themselves to a bank, and they certainly weren't concerned about making themselves a target. Even without those two factors, the lack of security we're seeing in the leaked data is far from acceptable.

The practices evident in their code are some of the worst I've seen in at least a decade, especially for a company as prominent as a registrar. It feels like the early 2000's all over again, when companies were still learning that security was important.

I agree. Let's not loose sight of who perpetrated this crime. Your first post on hacker motives was spot on too.

 

[Windoms]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

I saw your picture/graph, but I didnt understand its meaning.
Simply tell us in words what your findings are or what it meant.
Instead of showing a techie graph that shouldnt be shown pubicly.

 

[Jona4s]

But why is he deleting my posts.

This is supposed to be an open conversation on security, isnt it?

 

[Future Sensors]

Bitmitigate, vpn services, swiss security safety vault stories..

The analogy Epik makes with a Swiss bank is interesting. Banking secrecy has come under considerable pressure in recent years, and information is being shared with tax authorities in other countries.

Depending on how you look at it, Swiss banks are still a strong brand, or maybe not so much.

 

[Paul]

Man, you have to stop deleting my posts. I thought you were in favor of informing people.

Why don't you want people to know the truth.

I was just posting technical info.

You can repost it as long as you clarify what it means. Please explain it in non-technical terms, including why it's important and the caveats that information has.

But why is he deleting my posts.

This is supposed to be an open conversation on security, isnt it?

Yes, but the audience here isn't exclusively technical. If you just post scary-looking images without providing context, they're going to be deleted--they're misleading on their own.

 

[Jona4s]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

and you posted the hostnames of disk images. there's no secret on what has been released and the flaws of their code.

just tell me if you want me to stop looking at the system on the leak and post stuff about it here

 

[Paul]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

It's misleading to people who don't understand what it means without context. Don't just dump information here; explain what it means. This isn't Twitter. Again, you can repost it, and as long as you explain to everyone else what you're posting, why it's important, and what caveats that information it has, that's fine.

 

[Windoms]

Breaking News

 

[Derek Peterson]

a buffer overflow published on cve is not misleading. it's just a non 0day exploit that happens to match a service epik is/was using. I even censored some parts.

and you posted the hostnames of disk images. there's no secret on what has been released and the flaws of their code.

just tell me if you want me to stop looking at the system on the leak and post stuff about it here

I think people, especially users, are concerned with what info is actually in the data since most of us don't have the ability to look for ourselves. Monster obviously isn't answering actual questions.

What is in hacked data?:
1) Are the server login details for hosting accounts?
2) Is the verification items (drivers license, passports, etc)?
3) Is there a record of websites visited by Epik's VPN users (anonymize service - that site seems down)?
4) Are there any communications between Epik/Rob and Feds?

 

[Paul]

Are the server login details for hosting accounts part of the hacked data?

There is information that looks a lot like credentials and session IDs for hosting. The passwords appear to have been redacted, but session IDs are still present. I don't know whether any of the session IDs are valid or how sensitive they are, and I'm certainly not going to test them.

Is the verification items part of hacked data (drivers license, passports, etc)?

Not that I've seen.

Is there a record of websites visited by Epik's VPN users (anonymize service - that site seems down)?

Not that I've seen. It's possible DNS requests were inadvertently logged somewhere--there's no shortage of inadvertent logging of sensitive information--but I doubt it would be trivial to link such logs to individual users.

Are there any communications between Epik and Feds?

I'm not particularly interested in crawling through the communications that were leaked--there are already plenty of other people doing that--but I did check to see whether my own emails with Rob + Epik were included, and I didn't see them. That leads me to question whether any information was deliberately withheld, so I would be cautious in assessing any controversial communications that do come to light. Remember that all of the data you're seeing passed through an attacker first, and that attacker claims to have had an agenda. While fabricating data without being noticed would have been difficult for such a large dataset, withholding information would have been trivial, and there are multiple signs they did just that.

 

[Future Sensors]

but I did check to see whether my own emails with Rob + Epik were included, and I didn't see them

According to the external MX records for the epik.com domain, Epik is using the trusted Google mail services for incoming email. The SPF records tell something about their sending IP ranges (Rob, if you're reading this: there's a typo in your spf records, "ip4:5"). I don't know how mail is handled, forwarded, and stored on internal servers. It's possible that it's all stored at Google for security reasons.

 

[Derek Peterson]

There is information that looks a lot like credentials and session IDs for hosting. The passwords appear to have been redacted, but session IDs are still present. I don't know whether any of the session IDs are valid or how sensitive they are, and I'm certainly not going to test them.

Scary. Probably how they got Oathkeepers server.

Not that I've seen. It's possible DNS requests were inadvertently logged somewhere--there's no shortage of inadvertent logging of sensitive information--but I doubt it would be trivial to link such logs to individual users.

Wouldn't surprise me. Wouldn't surprise me if intentional.

I'm not particularly interested in crawling through the communications that were leaked--there are already plenty of other people doing that--but I did check to see whether my own emails with Rob + Epik were included, and I didn't see them. That leads me to question whether any information was deliberately withheld, so I would be cautious in assessing any controversial communications that do come to light. Remember that all of the data you're seeing passed through an attacker first, and that attacker claims to have had an agenda. While fabricating data without being noticed would have been difficult for such a large dataset, withholding information would have been trivial, and there are multiple signs they did just that.

Yes, exactly. The feds always scrub the scene to protect themselves and their assets and you already know who I think the hackers are working for.

 

[bmugford]

Breaking News
Show attachment 200908

(That is to Rob, not you for posting it.)

How about an update on the actual data breach?

Brad

 

[branding]

Breaking News
Show attachment 200908

 

[Future Sensors]

https://twitter.com/x/status/1443975549442011136

https://twitter.com/x/status/1443975550998130698

https://twitter.com/x/status/1443975552440930306

 

[Future Sensors]

In the absence of any direction from Epik, new Twitter members are taking the lead in responsible security research.

 

[branding]

Is it to Destroy

or

Is it to Reform

Thanks. There was a lot worthy to discuss in your post but I decided to highlight the one thing that's applicable to this thread, imo.

Sure, some people are looking for blood, wouldn't mind seeing E destroyed. However, I have no doubt the vast majority of E users would rather see them prevail and succeed in securing their registrar.

Second chances are fine. But to be given one, one should atone for the fuckup(s) in the past, pardon my french.

From what I'm observing, E seems to be doubling down on their story of being the victim. When you have that mindset, reform is not an option.

 

[FernandoBMS]

Epik wasn't dealing drugs. They did business with people with objectionable politics.

"His company Epik describes itself as “the Swiss bank of domains” and is one of the few US-based registrars with a history of refusing to respond to reports of illegal activity. According to a report by the pharmaceutical watchdog organization LegitScript, Epik has been told that some of the domains the company sponsors sell illegal drugs and inauthentic medications, yet the company has not acted." (WIRED, 2018)

 

[Windoms]

Sad story is there are probably people who had the same password with gmail and had some of their stuff stolen. Once you have access to gmail, you have everything.

Epik's sept 15th email was secretive and didnt tell anyone about possible data or password leaks.
Only talked about an "alleged security incident".

Breach was acknowledged on sept 19th email, including possible username and password leaks.

Which means lots of people had no idea for 5 days.

...

 

[Derek Peterson]

Thanks. There was a lot worthy to discuss in your post but I decided to highlight the one thing that's applicable to this thread, imo.

Sure, some people are looking for blood, wouldn't mind seeing E destroyed. However, I have no doubt the vast majority of E users would rather see them prevail and succeed in securing their registrar.

Second chances are fine. But to be given one, one should atone for the fuckup(s) in the past, pardon my french.

From what I'm observing, E seems to be doubling down on their story of being the victim. When you have that mindset, reform is not an option.

This is more like Epik and Rob's 3r or 4th chance. I exposed their fake VPN over 2 years ago and he reacted the exact same way - lie, attack, deflect and manipulate with hyper-spiritual gobly gook. The fact is that they just don't care. You can not make someone care. You might be able to force them to make some changes but the same behavior will be back in the future to hurt others again.