alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[jmcc]

You don't need to wait until 2022.

As I explain you before, anyone can send 158.6 million TCP whois packets in under an hour, using a few IPs and a single $2 VPS.

Verisign might notice the uptick in those packets. It has been in the business for a few decades and regularly sees such attempts to mine the WHOIS. It also rate limits requests from single IP addresses and may block them. That means that more disposable IP addresses would be necessary.

Then there's the problem of a single dataset. All that your dataset would represent would be a single snapshot of domain names in your list. You would not know how many have been transferred out or transferred in to Epik. You also don't know how many registrations Epik has lost through deletions or gained via new registrations. This means that you have to create multiple datasets for comparison and do this for each gTLD you wish to check. From the legacy gTLD set, there are .COM/NET/ORG/BIZ/INFO/MOBI/ASIA/CAT/COOP/JOBS/MUSEUM/NAME/PRO/TEL/TRAVEL/XXX and the relatively inactive .POST. There are also over 1,100 new gTLDs.

You just need the 158.6m com from the zone file. The same with other gtlds, you can get them on czds.

This brings up another problem. The number of domain names under management by a registry is not always the same as those in the zone file. Almost every gTLD has a number of dark domain names. These are domain names without nameservers. The link below shows how the .COM and .NET are actually slightly larger than the zone files.
https://www.verisign.com/en_US/channel-resources/domain-registry-products/zone-file/index.xhtml

Some of those domain names are in their pending-delete phase when their nameservers are removed and they are about to drop within five days. Others are intentionally dark due to legal action or action by their registrants.

As for the CZDS, not all registries grant access to zone file requests and there are frequent outages while registries renew access requests every 90 days or so. It was a perfectly good specification but ICANN managed to break one of the most important aspects of it (continual access to the zone file unless the registry deactivated it).

Some of the registries, especially the new gTLDs, are moving away from the old WHOIS system to the RDAP system (https://www.icann.org/rdap). That gives the registries a lot more control over access than the WHOIS system.

The only ones missing would be cctld.

Some of the ccTLD registries make the gTLDs seem extremely open by comparison. Registries such as DEnic (the .DE ccTLD registry) doesn't publish anything other than the domain name status and the nameservers via WHOIS. Eurid, (the .EU registry), will provide the registrar via WHOIS but will provide more data via web-based WHOIS. Other registries don't even provide WHOIS. But the big problem with ccTLDs is that access to the zone files varies. Many ccTLD registries will not provide access to their zone files.

Anyone interested doesn't have to wait until 2022.

You can see the transaction reports for .COM here: ( https://www.icann.org/resources/pages/com-2014-03-04-en ) They are in comma separated variable format and should be readable as a text file or in any Open Source spreadsheet software. As you can see, they provide much more information than simply domain names under management for each registrar. (number of nameservers, number of new registrations by years registered, number of renewals by years renewed, number of transfer gains, number of transfer losses, number of deletions, number of deletions for which the registrar did not have to pay (deleted grace). They are statistics rather than actual domain names.

What people outside the domain name industry do not understand is that domain name registrations at a registrar level tend to be incredibly sticky. People, for reasons best known to themselves, tend to register domain names and keep them with the same registrar for the lifetime of the domain name. What has happened with Epik over the last few weeks is that some portfolio operators (they own large numbers of domain names) have changed their nameservers to those of Dan, Afternic, Bodis and others. They may not have actually changed the registrar for their domain names. Most of the domain names on Epik are for sale. These domain names do not have developed websites.

The latest (May 2021) .COM report only shows 701,454 domain names (in total) being transferred. Transfer from one set of nameservers to another is typically higher. Those kinds of generally transfer show up in the changed WHOIS record and in the zone files. Tracking all these changes, even with the registry reports, and understanding them is a complex business.

Regards...jmcc

 

[finitecrystal]

The only issue with this is that some websites have a habit of banning the use of these types of email addresses. I've seen this for public mailbox providers like mailanator. Of course mailinator is different in that all of the mailboxes are public, maybe they'll treat this kind've thing differently.

I've never encountered a problem with this. Of course a lot of websites don't want you using a disposable email address for which anyone can access the inbox. Anyone who has access to your inbox can complete a password reset on most sites. As long as your inbox is private you'll be fine.

 

[mr-x]

Twitter, steam, ubisoft, damn these guys are scraping hard. Maybe they're looking more adresses or saved credit cards. That dumb breach is going to f*ck lots of people. Stupid, and neglected, dumb, f*cking breach.

Silly.


There he goes, brewing lemonade.
He's gonna come out saying it was a conspiracy against freedom and free speech. Lol.

The only thing silly is you mocking someone in one sentence, then proving his point in the next.

All while forgetting the fact that epik is in deep sh*t.


Change the captain.

So you agree, anonymous hurt 10's of thousands of people because they don't like Rob's politics or religion.

 

[Future Sensors]

The Epik Data Breach Notifications were filed by outside counsel mr. Thomas Codevilla, partner of SK&S Law Group. This firm is specialized in assisting clients who have been suffering data breaches.

 

[Derek Peterson]

So you agree, anonymous hurt 10's of thousands of people because they don't like Rob's politics or religion.

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

 

[mr-x]

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

My issue is anonymous, a criminal enterprise is primarily responsible. Everything Epik didn't do is secondary.

 

[Derek Peterson]

My issue is anonymous, a criminal enterprise is primarily responsible. Everything Epik didn't do is secondary.

I didn't hire anonymous to protect my privacy nor did I trust them with my personal info.

 

[Beezy]

IT DOESN'T MATTER if they did it because of politics or for financial gain or if it was an ex-girlfriend seeking revenge. The issue is the security at EPIK and it is also the topic of this thread.

X is doing this thing where because he feels it's unfair to lump epik customers in with Rob's ideological ilk, he is trying to do it to the other side and he's whiffing.

He just needs to look up a few basic definitions of things to see why.

 

[mr-x]

X is doing this thing where because he feels it's unfair to lump epik customers in with Rob's ideological ilk, he is trying to do it to the other side and he's whiffing.

He just needs to look up a few basic definitions of things to see why.

And you are ignoring the true people responsible. You want to make this ideological, hence your attack on any contrary information or opinion.

 

[Derek Peterson]

How many domains did you have at Epik? From your personal attacks on Rob and open dislike for Epik I find it hard to believe you hired Epik to do anything.


Show attachment 201066

You seem to have a low, bigoted opinion of Epik customers.

Show attachment 201067


How is this type of bigoted post allowed to stay up? Certainly not on topic of security.

I had one domain at epik as of a couple of months ago, by accident. I had forgotten about it but when realized it was there I moved it away. I called in to have it unlocked and and no one answered. A few minutes later Rob called me on my cell, "because he saw it was me", I said I don't want to talk to you.

I had moved all away many years ago when I realized that Rob Monster didn't care about user privacy (as a result of my exposure of his fake VPN) and his dishonesty.

I also had a credit card on file, which I am not happy about. Stupid of me to leave that active there.

You can't seem to get it through your head that I am a free speech absolutist, a born again Christian and probably further right than him, if I cared about politics, but I do not trust or respect Rob Monster and with good reason.

 

[DN Playbook]

1Password recently added:




https://1password.com/fastmail/

This makes sense to a certain degree. But if you use a different email for each online account, and there could be very many, it may get out of hand. And if you have to do that then you are being very cavalier with your online activities. Which is not good in of itself. Have email for your social media, have another for registrant info, have yet another for signing up to forms, etc. You don't need an army of emails for each account. IMO. There are common sense rules that should tell you whether an email is real or a spoof or spam. And if some account or provider is hacked this can also be evident in the email. And if you cannot tell, how does having a separate email help you? Sorry ahead of time if this shows my ignorance.

 

[carob]

In other news, world's biggest data hack ever just announced, tracking offshore billionaires

https://www.washingtonpost.com/vide...0461e9-aad5-4752-ac57-f01a4314b9fb_video.html

What are the Pandora Papers?
October 3, 2021 | 5:25 PM BST
A massive trove of private financial records shared with The Washington Post exposes vast reaches of the secretive offshore system used to hide billions of dollars from tax authorities, creditors, criminal investigators and citizens around the world.

Lot of researchers working there.

Now maybe we get to find out if the Swiss Bank of Domains has Swiss bank accounts.

 

[Future Sensors]

In other news, world's biggest data hack ever just announced, tracking offshore billionaires

https://www.washingtonpost.com/vide...0461e9-aad5-4752-ac57-f01a4314b9fb_video.html

That link has a paywall, unfortunately, but here's more info:

About Pandora Papers
ICIJ’s largest-ever investigation on the offshore world unlocks financial secrets of politicians, billionaires and the global elite

https://www.icij.org/investigations/pandora-papers/about-pandora-papers-investigation/

 

[DN Playbook]

In other news, world's biggest data hack ever just announced, tracking offshore billionaires

https://www.washingtonpost.com/vide...0461e9-aad5-4752-ac57-f01a4314b9fb_video.html



Lot of researchers working there.

Now maybe we get to find out if the Swiss Bank of Domains has Swiss bank accounts.

I guess this was a journalistic hack. Hacks can have noble intentions to expose crimes.

 

[oldtimer]

The wisest thing to do would be to shut down all their infrastructure and rebuild it from scratch, but as a domain registrar I'm not too sure they have the ability to do that. At the very least it would cause a mass panic and cause a huge influx of ICANN complaints.

As I had suggested in an earlier post (which for some reason has now been deleted) it might be best for them to open a whole new Registrar with a new name that has the latest technologies and systems when it comes to security and then ask ICANN to do a mass transfer of all the domain names to that new Registrar.

A total rebranding might not be a bad idea at this time provided that they come up with a whole new mindset, strategy, goal, and platform.

IMO

 

[Windoms]

As I had suggested in an earlier post (which for some reason has now been deleted) it might be best for them to open a whole new Registrar with a new name that has the latest technologies and systems when it comes to security and then ask ICANN to do a mass transfer of all the domain names to that new Registrar.

A total rebranding might not be a bad idea at this time provided that they come up with a whole new mindset, strategy, goal, and platform.

IMO

Massive transfer of domains I dont think so. Tigers might follow trails leftbehind.

Needs a new company, and his identity concealed.
I advised this a year ago.
Swiss bank of domains.
Private domaining private banking.

Laws of the domainer's registrar
#1 don't mess with your customer's sell through rate
#2 don't mess with payment options

PR band aids won't save epik.
You'll need a real plan.
Like 1$ .com's.
if you intend to buy time and try to shift tides.
You'll need to lock landers at epik.
Since we can no longer sell them underground through afternic.
And raise commission to 15% 20% 30%.
Domainers won't complain.
It's 1$ .com's.

Maybe limit that to invitation only accounts.
If you intend to mitigate risk.
Before new guy spends 100$.
Only to have you lose 1000$.

1$ .coms.
I buy 100 names.
You pay 1000$.
Platform minimum sales price $1000.
30% commission.
1% sell through rate.
You get $300.
You paid $1000.
Doesn't work.

But maybe you can work with numbers.
And keep bad apples out.
To make it work.

My consultant fee is $10,000 per email.
But here's a free one.
A very good one.

Get back to the original pitch.
Swiss bank registrar, for serious domainers.
Offer cheap .coms.
Select customers.
Force all sales to go through epik.
Raise minimum sales price.
Raise commission.
Monitor all new regs during tasting period (you can limit or advise accounts or get a refund from wherever registrars get domains from)
Tailored, close-up experience, for select & succesful customers.
Collaboration.
Which justifies high commission.

Squadhelp keeps 75% when they register on your behalf. People still do it, but it's BS.
You could have 40.

Forbid transfers for 3 years. Only allowed before when sale occurs (buyer convenience).
At cost renewals.
Minimum sales price.
Select customers.

You could always offer $2.99 .coms.
If you wish to mitigate further.

You can keep your current customers.
And start this as a side program.
Invitation only.
You know who is making numbers, you know who to invite.
@Rob Monster

If customer registers 100 domains. You pay 800$.
Sale occurs, 50% commission of 2000$ minimum sales price is 1000$ revenue.
But 2000$ is a lot, as a minimum, not as a selling price.

Now 2.99$ registration price x 100 registrations is 300$ saved on $800.
You pay $500.
50% commission on $1000 minimum sales price is $500.
You break even.
Thats the standing ground, based on 1% str and $1000 sales price.
40% commission better than 50%. But hey, its collaboration.

1% str, 2% str, 3% str.
$1000 sale price. $5000 sale price. Moonshot sale price.
Select invitations.
Monitor new regs. Limit/advise accounts.

You become some type of financial analyst.
More work.
More thrill.

Do it, and registrars are losing their new reg customers to you.
You want the serious ones.
They apply, with proof of sales.
Or you invite.

The swiss bank of domains.

Back then they had some trust.
Now needs a whole new entity.

 

[oldtimer]

Needs a new company, and his identity concealed.
I advised this a year ago.
Swiss bank of domains.
Private domaining private banking.

Your idea to have accounts by invitation only and keep everything private might be good for some people, but keep in mind that Epik wants to cater to regular customers too in addition to domainers and so I believe that as I already mentioned earlier it will be more practical to create a whole new Registrar and start from scratch.

Doing mass transfers has been done by ICANN in many occasions in the past when some Registrars went out of business, but in this case ICANN might agree to do it to help Epik get a fresh start under a new name and in a new environment that hasn't been poisoned by all the recent controversies.

IMO

 

[Kirtaner]

their only crime is that of curiosity

Epik hasn't made a statement on the second release, either, which is peculiar at this point.

 

[Derek Peterson]

Epik hasn't made a statement on the second release, either, which is peculiar at this point.

Not really, same MO as Gab. Put out very basic CYA email and then just play victim and ignore and continue on, business as usual. As I said earlier, unless you prove real crime or intentional fed honeypot most customers will agree that Epik is victim and continue on as if nothing happened. Many won't even hear about hack or understand what it is or means and fewer will care.

 

[Future Sensors]

Epik hasn't made a statement on the second release, either, which is peculiar at this point.

Epik currently chooses the Silence on the Wire strategy

It has already been noted by several participants. At some point you will have to start telling honestly what happened, in order to restore the relationship with customers.

Here's a good read:

https://www.teiss.co.uk/communicating-a-data-breach-best-practices/