alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[.X.]

I mean, just one example -

After the Capitol riot, ‘Stop the Steal’ organizer Ali Alexander was scrambling to hide his digital footprint

https://www.dailydot.com/debug/ali-alexander-epik-hack-web-domains-capitol-riot/

Thanks to Epik's poor security, all that stuff is exposed now. He will probably be getting a visit from the FBI soon, if he hasn't already.

Many people like to do shady stuff behind the scenes. There will certainly be some connections people don't appreciate being made public.

The data will be analyzed by thousands of people and many connections will be made, whether the person likes it or not.

Brad

so this cat has been debting politics for two decades .. I have never seen him before ..but the article kinda makes him out celebrity or high influencer status

 

[bmugford]

Even though (as @Lox found) a lot of stuff was edited out from public "release", emails are in.
So, we should expect more phishing attempts.
The following may be helpful to combat phishing:
1) How to get email headers:
https://mxtoolbox.com/Public/Content/EmailHeaders/
2) Understanding An Email Header:
https://mediatemple.net/community/products/dv/204643950/understanding-an-email-header
3) IP address check and extra details:
https://bgp.he.net

And again, the hackers likely have far more data. Anything they redacted or did not release was their own choice.

It still would not make me real comfortable with my data in the hands of another party, to do with as they please.

Brad

 

[bmugford]

I watched the almost entire 3 hours of Rob's live event in response to the Epik hack on prayermeeting site which was posted to Youtube. Lots of off topic conversations, an appearance by a neo-nazi showing off a swastika tattoo on his chest, Rob breaking out in prayer, during the course of the meeting. But what I gleaned is that Epik/Rob purchased a registrar from another company. This registrar, now Epik, used poorly written code by a Russian developer located in Crimea then Ukraine (after Russia invaded Crimea). This code seems to be still powering Epik, or at least the registrar side. Unless Epik reuses portions of the code, it will be a massive undertaking to rewrite everything from scratch and do it the right way.

I believe we are talking about this, from over a decade ago -

https://domainnamewire.com/2011/07/14/epik-acquires-domain-name-registrar-intrustdomains/

And again we can circle right back to incompetence then. You buy a registrar a decade ago and rely on that old shitty code, while calling yourself the "Swiss bank of domains" and mentioning "innovation".

The marketing does not match the reality.

Brad

 

[DN Playbook]

I believe we are talking about this, from over a decade ago -

https://domainnamewire.com/2011/07/14/epik-acquires-domain-name-registrar-intrustdomains/

And again we can circle right back to incompetence then. You buy a registrar a decade ago and rely on that old shitty code, while calling yourself the "Swiss bank of domains" and mentioning "innovation".

The marketing does not match the reality.

Brad

It is very likely Epik is using PHP 5.x and old server software which is why the hack probably was not difficult. BTW, latest version of PHP is 8. PHP 5.x code will not work on servers running PHP 7 and later. So you have to stick with outdated server software and all the vulnerabilities associated with that and outdated PHP.

 

[dirk]

Shout out to the well aged @jberryhill retweet re @NickLim // Ron Watkins

https://twitter.com/x/status/1440402839889539081

Well well... They finally make mention of Nick. All I'm going to say, Epik made a big mistake acquiring BM... Probably didn't look closely into the 'product'.

Some background:
https://www.bloomberg.com/news/feat...have-been-kept-online-by-nick-lim-s-vanwatech

 

[Grilled]

ATTN: People of Twitter

If Emily G had purchased robmonsterenablesnazis.com at Epik, and if @Rob Monster confiscated that domain, as @namesilo exercised their registrar right to confiscate BreonnaTaylor.com see official comment from namesilo HERE, then this would not breach the registry code of conduct for front-running.

To be considered frontrunning, I believe the domain has to be purchased by the registrar before the customer who searched their system for availability. Main difference here, it looks to be a confiscated domain, not a front run purchase. As to what specific grounds was the domain confiscated, I don't know. Maybe a clause where the CEO felt he was being harassed and his name was going to be used in bad faith? Not sure which term or violation that would fall under.

https://twitter.com/x/status/1440367033837776896

Reference the alleged purchase:

https://twitter.com/x/status/1438567055637233669

⚠ RETRACTION ⚠

I have been informed that robmonsterenablesnazis.com was never a confiscated domain. The domain remained in the registrants account for a year, left for non-renewal, and went through the customary grace period. Despite the nature of the domain, free speech prevailed for this domain at epik.


I believe I remember reading namePros members questioning epik's expiration process, with expired domains sometimes automatically set to an epik for sale landing page, and/or WHOIS Information changing away from the registrant and to an @Epik.com email address... (@frank-germany -- you may have reported something of this nature, do you recall?)

If you notice closely, all the "nazi domains" were filed under ForSale@EPIK(.)com, and albeit Robs name (He seems to like putting his name on things like another orange fella) was attached to the WHOIS, the domains never reached rob's personal Epik email account. Thus, possibly explaining how robmonsterenablesnazis.com reached the databae of domains filed under Rob Monster || ForSale@epik/com, through an automated expiration cycle of restributing, and offering expired customer names with an epik for sale landing page // changed WHOIS/DBinfo during the expiration cycle.

This also likely means Rob Monster never actually owned NaziHunt.com (or the other nazi domains), and is therefor possibly not the secret Nazi Hunter we were all hoping for. This would also remove Robs direct connection to owning SexyNazis.com as all these domains were apparently dropped by epik customers, and due to epiks questionable expiration practices, might have been placed under [email protected] upon expiry.

....

DISCLAIMER: Please remember most of the information being posted is raw data, and there is a lot of room for misinterpretation, many times depending on company process/policy/procedures. Research and ask questions, just try and stay away from absolute conclusions until full confirmation, not just high speculation.

https://twitter.com/x/status/1440179980365828104

 

[labrocca]

and did not comply with the laws which led to thousand of customers in danger.

Oh? Which law was that? Keep in mind they are a US Company and are not obligated to follow laws outside of their jurisdiction.

You seem to be really happy to see Epik in this situation. As if you're gloating about it.

If you're pitching yourself as a shield for the persecuted, protecting their freedom of speech, you'd better not be storing such verbose PII in this manner. That's not to say you can't store it, but it can't be sitting in the clear in your backups alongside the rest of your data.

Absolutely.

btw, since many appear to want to jump shit and trash Epik. Some of us user their service for their censorship resistance. I know of almost no other registrar that's going to shield me from false complaints and wrongful accusations. I have been with registrars that first notice they boot you doesn't even matter the complaint is obvious bogus. So maybe that's why I am rooting for Epik. I don't want to see the only censor resistant registrar die. Some of you really don't understand what sort of threat that is to our society.

Quick question … the people who are apart of .. or affiliated with these websites … do you think they don’t want to be known to run or be affiliated with these sits ???

It sort of depends. Here in Vegas we've met some Proud Boys at anti-vax rallies. A couple gave us business cards with their names and other information. They are not hiding. It's actually the opposite. If you tried to be part of Facebook or Twitter they get censored. So the assumption is that they are ashamed or doing things in secret when that's not the case at all. They are at Anti-mask rallies too without masks. I think though like any normal person they don't want to be harassed as individuals at their homes or workplace. That's an unfortunate consequence now for upsetting the left. They will contact your employer and get you fired, or at least attempt to.

Thanks to Epik's poor security, all that stuff is exposed now. He will probably be getting a visit from the FBI soon, if he hasn't already.

That's so ridiculous. Every domain already has the Registrar as public information. If a domain was registered with Epik and the FBI wanted to know more they'd simply send them a subpoena for the information. WTF is wrong with you people? You act like there is deep shady shit going on hosting LEGAL websites just because you don't agree with their politics. It is NOT against the law to host, run, manage, or own a Nazi website for example in America. And actually our Consitution protects that as a Right.

You guys continue to act like you have some moral authority over the choices of Epik. Society is disappointing lately.

 

[frank-germany]

I believe I remember reading namePros members questioning epik's expiration process, with expired domains sometimes automatically set to an epik for sale landing page, and/or WHOIS Information changing away from the registrant and to an @Epik.com email address... (@frank-germany -- you may have reported something of this nature, do you recall?)

sounds familiar

not sure
long ago
but sounds reasonable

 

[dirk]

I believe I remember reading namePros members questioning epik's expiration process, with expired domains sometimes automatically set to an epik for sale landing page, and/or WHOIS Information changing away from the registrant and to an @Epik.com email address... (@frank-germany -- you may have reported something of this nature, do you recall?)

Yes. Can confirm this happens. And they actively follow up on leads that were established when it was under ownership of the (previous) registrant.

 

[Grilled]

sounds familiar

not sure
long ago
but sounds reasonable

This 2019 post from you HERE might be what I'm recalling (All the way back to page 9 of the 94 wacky pages of discuss your epik eperience)

here is my epik experience of today
it's about a domain of mine that is expiring at epik
its clearly registered at epik at the time being today
september 06 2019
Show attachment 128488
just now I got this email
Show attachment 128489
when I want to keep that name, I have to pay $90 USD
Show attachment 128490
on the other hand epik
is trying to sell it on the domain landing page
for $1895 USD as of today
Show attachment 128491
now if that name still is at epik as a registrar
why should I be asked to pay $90 USD to renew and keep it?
meanwhile:
do the "transfer coupon deals" make more sense to you, folks?

 

[.X.]

Oh? Which law was that? Keep in mind they are a US Company and are not obligated to follow laws outside of their jurisdiction.

You seem to be really happy to see Epik in this situation. As if you're gloating about it.



Absolutely.

btw, since many appear to want to jump shit and trash Epik. Some of us user their service for their censorship resistance. I know of almost no other registrar that's going to shield me from false complaints and wrongful accusations. I have been with registrars that first notice they boot you doesn't even matter the complaint is obvious bogus. So maybe that's why I am rooting for Epik. I don't want to see the only censor resistant registrar die. Some of you really don't understand what sort of threat that is to our society.



It sort of depends. Here in Vegas we've met some Proud Boys at anti-vax rallies. A couple gave us business cards with their names and other information. They are not hiding. It's actually the opposite. If you tried to be part of Facebook or Twitter they get censored. So the assumption is that they are ashamed or doing things in secret when that's not the case at all. They are at Anti-mask rallies too without masks. I think though like any normal person they don't want to be harassed as individuals at their homes or workplace. That's an unfortunate consequence now for upsetting the left. They will contact your employer and get you fired, or at least attempt to.



That's so ridiculous. Every domain already has the Registrar as public information. If a domain was registered with Epik and the FBI wanted to know more they'd simply send them a subpoena for the information. WTF is wrong with you people? You act like there is deep shady shit going on hosting LEGAL websites just because you don't agree with their politics. It is NOT against the law to host, run, manage, or own a Nazi website for example in America. And actually our Consitution protects that as a Right.

You guys continue to act like you have some moral authority over the choices of Epik. Society is disappointing lately.

that answers my question I posted today … I didn’t think a person that is in a certain affiliation would care if someone posted they are apart of the affiliation .. it wouldn’t make sense for them to want to hide their affiliation unless it was an illegal affiliation .. which none of these are illegal to participate in … so it appears more to be around beliefs IMO .. .. solely a Right vs Left issue .. as opposed to anything of an illegal nature .. at this point I am confident to write it off on Right vs Left beefing .. I don’t see anything else to it at this point ..

The hack is illegal .. aside from that .. I don’t see anything else to it that is illegal .. atleast not in the USA ..

both Right and Left rights matter .. they matter a lot … otherwise we wouldn’t be able to even talk about this right now … it comes down to respect IMO .. not for the Nazi tattoo fuck because he is an example of exactly what a complete fuckup really is

 

[johnn]

https://archive.is/2021.09.21-18243...ogy/2021/09/21/epik-far-right-hack-anonymous/

 

[.X.]

https://archive.is/2021.09.21-18243...ogy/2021/09/21/epik-far-right-hack-anonymous/

why would the details be embarrassing to the site owners or the people who have affiliation with a group ??

 

[Lox]

....there is a lot of room for misinterpretation

As a result, a lot of people will lose their jobs or incorrectly isolated. The keyboard warriors are ruthless.

 

[Grilled]

https://twitter.com/x/status/1440424845808832518

 

[.X.]

As a result, a lot of people will lose their jobs or incorrectly isolated. The keyboard warriors are ruthless.

that very well could be .. I would hope not .. sensitivity and ethical judging certainly has been a trend in 2021 .. the problem I see with it .. the very people passing down judgment firing people have their own gigs that some people don’t agree with or might think is unethical .. that’s a guarantee .. and if they are ashamed of their gigs .. then they probably shouldn’t participate in it

 

[blockhead]

I believe I remember reading namePros members questioning epik's expiration process, with expired domains sometimes automatically set to an epik for sale landing page, and/or WHOIS Information changing away from the registrant and to an @Epik.com email address

One time I was curious about the process, so I inquired via the landing page about a domain of mine that had expired a few days earlier (meaning, it would still be under my control for several weeks). Rob quickly responded asking if I could pay some $x,xxx price for it. Seemed a little inappropriate to me - I don't know of any other registrar that would do something like that - but what do I know. Technically, the domain was a few days expired.

 

[Grilled]

DISCLAIMER: Please remember most of the information being posted is raw data, and there is a lot of room for misinterpretation

As a result, a lot of people will lose their jobs or incorrectly isolated.

ATTN: # EpikFail twitter ::

First off, thank you!!

Secondly....

Please exercise responsibly.

Remember, with great power, comes great responsibility.

 

[TestCase]

One time I was curious about the process, so I inquired via the landing page about a domain of mine that had expired a few days earlier (meaning, it would still be under my control for several weeks). Rob quickly responded asking if I could pay some $x,xxx price for it. Seemed a little inappropriate to me - I don't know of any other registrar that would do something like that - but what do I know. Technically, the domain was a few days expired.

Don't expired names on GD get automatically put in GD's expiring domain auction even though they can be renewed by the previous/last registrant? If that's the case, then what Epik/Rob did/does isn't much different.

 

[Lox]

https://twitter.com/x/status/1440424845808832518

If I have a large scale cyberhate I will step down as CEO, surround myself with the best brains I can and give them an Go - sail the ship. And 90% of ..L_*0-0*_R.. should be able to have omg orgasm after a big PR. imo