alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Future Sensors]

Yeah, I had some massive battles with Monster when he was lying about his white label VPN. Do we know if Monster was saving those URLs of the VPN users? Do we know if those poor VPN users have had the URLs they visit leaked?

A quick glance learned that it were historical OpenVPN config files with secrets. That could possibly be another attack vector when historical VPN traffic was captured.

 

[Bravo Mod Team]

As for TrustPilot, I think their content integrity team is pretty mighty.

Disagree, unless you mean mighty incompetent?

(You know why; we reported it directly to you in January and again in April.)

 

[Derek Peterson]

Stop sharing controversial stuff in this thread.

Show attachment 201865

Monster answers all his hack questions by attacking old websites that never lied or got hacked.

Little history on bitchute and Rob Monster. I used to be pretty good friends with the owner of Bitchute, Ray, until he started working with EU to geo-restrict and ID users, Rob reached out to Ray with the pitch that he was interested in purchasing Bitchute, but he wanted to see ALL under the hood before doing deal. Ray asked me what to do and I said Rob is lying, don't show him anything, he is just fishing for info to make his own, make his sign a LOI with non refundable deposit. Rob walked away. I have heard Monster has done this with several other companies. I think I heard similar story even about dan dot com and Monster.

 

[Derek Peterson]

Disagree, unless you mean mighty incompetent?

(You know why; we reported it directly to you in January and again in April.)

Do tell.

 

[Jurgen Wolf]

Why their VPN is so critical for you?
You live in China, Iran, RF etc. or why???

 

[Derek Peterson]

A quick glance learned that it were historical openvpn config files with secrets. That could possibly be another attack vector when historical vpn traffic was captured.

So all the traffic was being stored?

 

[Derek Peterson]

Why their VPN is so critical for you?
You live in China, Iran, RF etc. or why???

No, but I do care about others. He was promising everyone it was fully secure and private but it was really a white label be had no control of, like pretty much every single thing at Epik. eg. their entire website.

 

[Future Sensors]

So all the traffic was being stored?

No sign that vpn traffic was captured or stored by Epik. Maybe. Other actors, also possible. Dots may be connected with the config files.

 

[Derek Peterson]

No sign that vpn traffic was captured or stored by Epik. Maybe. Other actors, also possible. Dots may be connected with the config files.

That would be a huge story if URLs were visible from VPN users? Be great if someone dug into that.

 

[Future Sensors]

That would be a huge story if URLs were visible from VPN users? Be great if someone dug into that.

Please note, this is speculation, but serves to clarify how this works.

Parties that store encrypted VPN traffic are often state actors with many technical capabilities. These actors won't do that for just any single home user using a VPN, but a commercial party offering these services at large to a certain segment of interesting clients may be in their sights.

When network traffic is indeed stored, and that can be done at many different places in the network path (often via Internet exchanges where many parties peer data), you will not hear anything about it. Depending on how Epik has configured OpenVPN, historical network traffic can be decrypted. It is concerning that Epik kept all these historical OpenVPN config files on their servers/backups. Since they did this, I have a lot more questions about how they have properly configured all their super-secure services.

Edit/add:
https://en.wikipedia.org/wiki/Forward_secrecy
https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/
https://techcrunch.com/2018/06/25/nsa-att-intercept-surveillance/

 

[Molly White]

Why their VPN is so critical for you?
You live in China, Iran, RF etc. or why???

There are multitudes of reasons it's a good idea to use a trustworthy VPN besides living under those governments.

 

[Derek Peterson]

Please note, this is speculation, but serves to clarify how this works.

Parties that store encrypted VPN traffic are often state actors with many technical capabilities. These actors won't do that for a single home user using a VPN, but a commercial party offering these services at large to certain clients may be in their sights.

When network traffic is indeed stored, and that can be at many different places in the network path (often via Internet exchanges where many parties peer data), you will not hear anything about it. Depending on how Epik has configured OpenVPN (q=perfect forward secrecy, etc) historical traffic can be decrypted. It is concerning that Epik kept all these historical OpenVPN config files on their servers/backups. Since they did this, I have a lot more questions about how they have properly configured all their super-secure services.

His first VPN was 100% white label so who knows what's up with that companies storage policy. After abuse in the Fediverse from a bunch of us he finally bought some servers and made his own VPN using that OS codeI guess, but I was always curious if he was storing URLs. I don't know how many people were actually using Epik VPN but if he was storing their URLs he would be in some serious hot water.

 

[Future Sensors]

curious if he was storing URLs

URLs are only metadata. You want to have the content of conversations.

 

[Derek Peterson]

URLs are only metadata. You want to have the content of conversations.

What conversations?

 

[Future Sensors]

What conversations?

You want to see which data is being exchanged (the content of websites, email conversations, chats, calls, etc). Since you mentioned "URLs", I wanted to clarify what parties that store encrypted network traffic are really looking for. Sometimes it can be metadata, sometimes it's more than that.

 

[Derek Peterson]

You want to see which data is being exchanged (the content of websites, email conversations, chats, calls, etc). Since you mentioned "URLs", I wanted to clarify what parties that store encrypted network traffic are really looking for. Sometimes it can be metadata, sometimes it's more.

Hmm, I thought stored URLs was worst case scenario. There is money is data and Monster loves money. I really hope someone digs into this. Gab did same with their dumb browser, brave fork, recorded and sent every URL to some black box in the code. Brave called them out for that.

 

[Future Sensors]

Hmm, I thought stored URLs was worst case scenario. There is money is data and Monster loves money. I really hope someone digs into this. Gab did same with their dumb browser, brave fork, recorded and sent every URL to some black box in the code. Brave called them out for that.

My answers are based on security risks. Your approach seems to be more about commercializing user data. That is something else. Possibly. No idea. I have no reason to believe that happened.

 

[Derek Peterson]

My answers are based on security risks. Your approach seems to be more about commercializing user data. That is something else. Possibly. No idea. I have no reason to believe that happened.

Mine is also security risk but all things are possible. but also, in many cases, like gab's case, owners are forced to add such thing to keep out of jail.

 

[Jona4s]

If you want to remove this message it's fine, but it's all blanked out so nothing sensitive.

Just to give an idea what's out there being scraped on onion sites.

Another thing I've read is that a considerable percentage of the leaked clients IPs responded a scan with some open ports. That's one step away from a script with shellcode and a rsync of all their disk data.

I'm not saying users disks are also on onion, but some IPs were tested and found vulnerable to remote exploiting.

 

[Future Sensors]

but some IPs were tested

Are these Epik IPs associated with Russia as well?

Slightly related but relevant because of the "shitty Russian code" RM mentioned in the video meeting:

Russia excluded from 30-country meeting to fight ransomware and cyber crime
"WASHINGTON, Oct 13 (Reuters) - Russia was not invited to attend a 30-country virtual meeting led by the United States that is aimed at combating the growing threat of ransomware and other cyber crime, a senior administration official said. Many ransomware gangs operate from Ukraine and Russia, private sector cybersecurity experts say. Some U.S. officials and analysts have said Russian ransomware gangs operate with the Kremlin's tacit approval, but are not directly controlled by the government."
https://www.reuters.com/world/russi...eting-fight-ransomware-cyber-crime-2021-10-13