alert Epik Had A Major Breach

[Silentptnr]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[Rob Monster]

Did you look? Because the .org site I mentioned in my previous message is still online and serving the same doxing and harassing content, and whois still shows Epik as the registrar. I will direct message you the URL just for absolute clarity, though I was very clear, and it was included in an abuse report as well.

Furthermore, does this mean that Mr. Camp will continue to be an Epik customer? I assume so, given the number of his domains I am still seeing with Epik listed as the registrar. What happens when he puts this type of content back on the domains you are still servicing? Who is responsible for monitoring to see that he doesn't do that, the victims of his harassment?

As for the .COM it has been nullrouted for many weeks:

;YOURDADDYJOEY.COM. IN A

It is not at Epik.

I believe the site you are referencing is now sinkholed as the registrant did not transfer out despite ample transitional grace period.

Domain Name: YOURDADDYJOEY.ORG
Registrar: Epik Inc.
Registrar IANA ID: 617
Domain Status: ok https://icann.org/epp#ok
Name Server: NS1.SHADOWSERVER.ORG
Name Server: NS2.SHADOWSERVER.ORG

nslookup YOURDADDYJOEY.ORG ns1.shadowserver.org
Server: ns1.shadowserver.org
Address: 64.71.138.162#53

Non-authoritative answer:

*** Can't find YOURDADDYJOEY.ORG: No answer

DNS cache will still be out there but the authoritative route is now sinkholed.

As for whether or not we would re-empower, we don't have a formal "banned for life" policy. We generally subscribe to the view that most people are not beyond redemption.

Once a client is identified as ToS violator, and their grace period has ended, the abuse handling will be quite swift.

Operators of "hot potato" domains are strongly advised to check in with us first before seeking safe harbor at Epik.

 

[Rob Monster]

As someone who likes to quote proverbs, I am going to give you a free one -
"Pride comes before the fall."

If you are going to attempt at being a theologian at least look up the verse:

Pride goeth before destruction, and an haughty spirit before a fall. - Proverbs 16:18

In other words, God gives warning shots. Remember that.

You are not alone though, that verse is often misquoted.

 

[carob]

Someone's earlier post said to Google Joey Camp + Forbes for more info. That turns up this:

https://www.forbes.com/sites/kashmi...scover-police-are-not-as-dumb-as-they-thought

Soon Camp was transferring thousands of dollars, in small amounts, from the university bank account into his own, and into the account of another lucky/unlucky student who Camp hoped to frame for the crime. He did it over Thanksgiving break of 2009, hoping that people wouldn't be paying attention. They were. Police arrested him on November 25th.

But that didn't stop Fowler and Camp...

 

[bmugford]

If you are going to attempt at being a theologian at least look up the verse:

Pride goeth before destruction, and an haughty spirit before a fall. - Proverbs 16:18

In other words, God gives warning shots. Remember that.

You are not alone though, that verse is often misquoted.

There are actually multiple versions that appeared in various bibles over the years, you picked one of them.

I just gave you the relevant abridged version of it. You clearly understand the point.

Brad

 

[Molly White]

Thank you for removing the site in question. I am genuinely grateful.

I will admit, though, that I am disappointed that the priority here was apparently on providing Mr. Camp with "ample transitional grace period", which resulted in Epik spending a month knowingly hosting doxing, harassing, and defamatory content that is actively endangering people.

Do I need to proactively check his other sites as well? It seems this site (the .org, I was not referring to the .com) was only "sinkholed" after I mentioned to you that it was still up.

As for whether or not we would re-empower, we don't have a formal "banned for life" policy. We generally subscribe to the view that most people are not beyond redemption.

Once a client is identified as ToS violator, and their grace period has ended, the abuse handling will be quite swift.

So I did understand you correctly, then, that the onus is on Joey Camp's harassment victims to monitor the domains and websites Epik is powering, and that you will not be proactively ensuring he is following your policies? Despite that you have repeatedly had to engage with him about content that is against Epik TOU and despite the fact that, according to you, Joey Camp has said he sees no issue with the content on his websites and has said he will refuse to process takedown requests?

For what it's worth, I agree with you that most people are not beyond redemption. But I am also not so foolish to expect a person who sees no issue with his behavior, who has continued to actively engage in harassing and doxing behavior over this past month since you spoke with him, and who has said he will not work with you to ensure his content is within your terms, to suddenly decide to change his ways. I don't think you are foolish, either.

 

[Rob Monster]

You clearly had no business ever being the "acting CTO" or whatever you claimed to be.

Your kitchen-sink rhetoric is so obvious. Serious question: why are you such a ding-dong? Keep it up and you too will go to my ignore list. You are just about there.

As for tech leadership, I have been working with computers since I was around 8 years old. My Dad was a Professor of Computer Science. My relationship with computers dates back to paper tape and 300-baud. I have worked with computers for my entire life. My first job at P&G was as a Systems Analyst. I wrote the first version of the software of the company called GMI which we sold for more than $100 million cash.

As for Epik, my primary technical duty at Epik since 2009 was what some might call "vision casting," which is very much on display. In general, I delegate responsibility and authority to people who I trust to do a good job in their assigned areas. That said, we have already acknowledged that some acquired was old. That does not change the fact that we out-innovated every other company in the industry. And we still do.

Looking ahead, the appointment of an "Office of the CTO" is a statement of commitment that the full scope of Epik has arguably become too big for any one "normal" person to keep in their head. In addition to ongoing appetite for (technology) acquisitions, our direct investment in software development is running at an all-time high, and I don't see any slowdown in sight.

 

[carob]

re Joey Camp and use of Epik services, Rob Monster was asked this:

When do you expect this to be complete? It has been a month and he has multiple domains with Epik, where he continues to host the exact same site you removed. Again, multiple reports have been made with these domains.

Is there a list of those Joey Camp domains registered at Epik?

Can someone supply a reference to the specific Epik ToS item they violate?

Are the sites also hosted at Epik?


Epik can and do delete domains that violate their ToS, meaning the domain drops and any dropcatcher can then register it.

Epik could alternatively force the registrant to transfer the domain to another registrar, as GoDaddy have done,, or Epik could just suspend or reroute the domain temporarily so the domain owner still has the domain, just can't use it for the site they want to.

Epik can presumably suspend or cancel any hosting account at any time for ToS violations.


Anyone looking to invest in or join Epik would of course want to be sure the ToS were being enforced to avoid scandal and mistrust, and harm to third parties.

 

[bmugford]

Your kitchen-sink rhetoric is so obvious. Serious question: why are you such a ding-dong? Keep it up and you too will go to my ignore list. You are just about there.

As for tech leadership, I have been working with computers since I was around 8 years old. My Dad was a Professor of Computer Science. My relationship with computers dates back to paper tape and 300-baud. I have worked with computers for my entire life. My first job at P&G was as a Systems Analyst. I wrote the first version of the software of the company called GMI which we sold for more than $100 million cash.

As for Epik, my primary technical duty at Epik since 2009 was what some might call "vision casting," which is very much on display. In general, I delegate responsibility and authority to people who I trust to do a good job in their assigned areas. That said, we have already acknowledged that some acquired was old. That does not change the fact that we out-innovated every other company in the industry. And we still do.

Looking ahead, the appointment of an "Office of the CTO" is a statement of commitment that the full scope of Epik has arguably become too big for any one "normal" person to keep in their head. In addition to ongoing appetite for (technology) acquisitions, our direct investment in software development is running at an all-time high, and I don't see any slowdown in sight.

Oh, no. I might be on Rob's ignore list. That is not much of a threat.

A "free speech" warrior who needs to block someone else for saying things they don't like.

The proof is in the pudding. You are the only board member and majority shareholder.
Whose fault is it then? There is no one else to blame for the "shitty Russian code" and poor security protocols.

Using decade old "shitty code" = innovation?

Brad

 

[Rob Monster]

There are actually multiple versions that appeared in various bibles over the years, you picked one of them.

I just gave you the relevant abridged version of it. You clearly understand the point.

Brad

No, you are missing an essential point. The secular proverb misses essential subtlety.

Check out the Masoretic source text sometime and you will see the source from which translations draw:

https://www.blueletterbible.org/kjv/pro/16/18/t_conc_644018

Good for you though. Proverbs and Psalms are excellent. Proverbs 16 is a personal favorite -- it is packed with life wisdom. Check it out sometime.

 

[FernandoBMS]

Two questions for @Rob Monster:

- Is Vitaliy Opryshko still Head Of Software Development at Epik dot com?

- Are you still in business with Kenn Palm?

 

[bmugford]

Two questions for @Rob Monster:

- Is Vitaliy Opryshko still Head Of Software Development at Epik dot com?

- Are you still in business with Kenn Palm?

Wow, Kenn Palm. That name sure brings back some old memories.

InTrust Domains really was at the forefront of bulk / automated domain sales spam. Then Epik acquired them.

Brad

 

[Rob Monster]

Thank you for removing the site in question. I am genuinely grateful.

The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

During the grace period, we were assured that there we no TOS violations, and that the content was lawful public records. What we did not do was a blanket takedown as there was no court order.

There is a place for whistleblower sites. I philosophically have no problem with them so long as the content that is published is lawful and not willful dis-info.

For the record, I consider your Wikipedia article to be disinfo, mainly because it catalogs factually inaccurate articles with no editorial balance. Don't worry though, people are noticing, e.g. this today:

https://twitter.com/x/status/1448897746505719809

You can spare me circular reasoning. I am on to more productive things but wish everyone a blessed weekend.

 

[Molly White]

The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

During the grace period, we were assured that there we no TOS violations, and that the content was lawful public records. What we did not do was a blanket takedown as there was no court order.

Assured... by who? Joey Camp? Which public records described all of these people as pedophiles and sex pests? Or described me as addicted to drugs? You've already made it clear through multiple statements that you think the doxing, defamation, harassment, and threats are deserved by people you do not think are "honorable" or "lovely". This extends to their families as well?

You may be interested to know that Joey Camp has already moved his doxing site that you just took down to another domain registered by Epik. I will send it to you in a DM. Do you see the problem here? [Update 1:11am ET: It seems this domain is now redirecting elsewhere—this seems to have been a change by Joey Camp rather than an action by Epik.] [Update 1:27 am ET: The doxing site is back up at this Epik-registered domain. You can imagine how much I am enjoying spending my Friday night keeping an eye on this.]

 

[bmugford]

The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

During the grace period, we were assured that there we no TOS violations, and that the content was lawful public records. What we did not do was a blanket takedown as there was no court order.

There is a place for whistleblower sites. I philosophically have no problem with them so long as the content that is published is lawful and not willful dis-info.

For the record, I consider your Wikipedia article to be disinfo, mainly because it catalogs factually inaccurate articles with no editorial balance. Don't worry though, people are noticing, e.g. this today:

https://twitter.com/x/status/1448897746505719809

You can spare me circular reasoning. I am on to more productive things but wish everyone a blessed weekend.

Wow, so they were not lovely people, according to you. Your opinion is just that, an opinion.

In my opinion you are getting dangerously close to a tacit endorsement of some of these disgusting actions. It sure sounds like "It is ok, because they are not lovely people."

The harassment, intimidation, and doxxing of @Molly White though is not acceptable. Do you think it was?

It sounds like you are ready to take another shot at the Wikipedia article, and make a clown of yourself again.

Brad

 

[FernandoBMS]

It sounds like you ready to take another shot at the Wikipedia article, and make a clown of yourself again.

Did he ever point out what the inaccurate information would be in the Wikipedia article or does he just stick to these generic complaints?

 

[bmugford]

Did he ever point out what the inaccurate information would be in the Wikipedia article or does he just stick to these generic complaints?

You know I asked him and his Epik fanboys the same question multiple times in the first thread, and it was basically just general complaints without specifics.

@Molly White has offered many times to correct any factual errors. Just because a Wikipedia article is inconvenient for Epik, doesn't mean it is not factual.

Brad

 

[carob]

re Rob Monster's reply to Molly White:

As for the .COM it has been nullrouted for many weeks:

;YOURDADDYJOEY.COM. IN A

It is not at Epik.

I believe the site you are referencing is now sinkholed as the registrant did not transfer out despite ample transitional grace period.

What is the grace period? Is action taken by Epik not immediate and if so, why not? Can you not just cancel the domain?

As for whether or not we would re-empower, we don't have a formal "banned for life" policy. We generally subscribe to the view that most people are not beyond redemption.

Who is "we"?

 

[Molly White]

Did he ever point out what the inaccurate information would be in the Wikipedia article or does he just stick to these generic complaints?

As far back as August 2019, when I became aware he was posting on Gab about "countering Wikipedia hit-pieces", I have invited him to point out any errors or raise any concerns about the biography or the company article in whatever way he's most comfortable: by contacting me, by writing on the Wikipedia article talk page, by asking for input from uninvolved Wikipedians aside from me, whatever.

Our first communication was after such an invitation, I believe. He direct messaged me on Twitter to point out an error—in a Wikipedia article I had never edited. At the time, the Wikipedia article on Lisa Bloom said that her husband, Braden Pollock, was on the board of Gab (where it should have said Epik). I quickly corrected the error. In the same conversation, even before I had an opportunity to respond, he felt the need to say that Bloom was the daughter of "a civil rights lawyer who would have a field day with defamation". He also told me "she is a super-lawyer. Definitely not a person to annoy with libelous nonsense".

He has never pointed to any specific errors in either the Epik or the Rob Monster articles, despite my repeated invitations over two years. Regardless, I went through both articles carefully after he insisted they were erroneous to try to find any errors myself. It may be that he thinks there are errors in the source material that are being reflected into the Wikipedia article—I have also repeatedly encouraged him to provide sources that contradict any erroneous source statements, or to reach out to journalists to issue corrections (which can then be reflected into Wikipedia). He has never provided such contradictory sourcing, and hasn't specified what these errors in source material might be.

He has in the past asked for things to be added to one or the other page, but has either not been able to provide adequate independent, reliable sourcing, or has wanted things to be added that can't be supported by the sources he linked.

I don't wish to take this thread on more of a tangent about Wikipedia, but am always happy to discuss Wikipedia in more detail if I can be informative or helpful, either to do with these articles or more broadly (in another thread, on a different platform, whatever makes sense).

 

[Derek Peterson]

It has become pretty clear at this point that Rob Monster has no sense of guilt for lying about his products and services and hurting a lot of people in the process and that he never will. He has gone so far to cover up his many lies as to attack, defame and even threaten people for simply telling the truth and trying to help others post hack.

As annoying and frustrating as it is to listen to a liar and a thief caught in the act try to deflect, lie, yell and threaten his way out of responsibility, it is refreshing to know that soon this arrogant man will be fully exposed in this world and that some day God will judge his foolish, treacherous soul. There are scriptural examples of God forgiving drunkards, idolaters, adulterers, fornicators of all types and even murderers but the one class of people God had absolutely no mercy on were Christian grifters. (Acts 5. Matt 27:1-5) They were given no opportunity to repent even though they wanted to. That's why when you listen to Monster talk about the Bible and scriptural things it comes off as weird and contrived and self serving because it's all him, not God and not the Holy Ghost.

Rob Monster lied and hurt a lot of people for money and fame. He falsely accused real Children of God, he tried to manipulate believers by trying to gaslight them into doubting their own salvation and even threatened them, all in an attempt to cover up his lies. Rob Monster didn't curse any data because he doesn't have the power to do that but he has cursed himself before God that is for certain.

God has more love for all these leftists and hackers and very confused souls in that world than he does for Rob Monster. That I can prove from scripture.

 

[DN Playbook]

Control the narrative. Control the outcome.

Controlling the narrative, like free speech, is not absolute. We are seeing forceful efforts to control the narrative contrary to facts.

He has never pointed to any specific errors in either the Epik or the Rob Monster articles, despite my repeated invitations over two years. Regardless, I went through both articles carefully after he insisted they were erroneous to try to find any errors myself.

@Rob Monster, is there anything incorrect in what @Molly White states? There seems to be a pattern here.

The best way to put things to rest is to copy and paste the questions with your answers below.

 

[carob]

There are scriptural examples of God forgiving drunkards, idolaters, adulterers, fornicators of all types and even murderers but the one class of people God had absolutely no mercy on were Christian grifters. (Acts 5. Matt 27:1-5)

Have you considered the possibility that Rob Monster may have made a pact with Satan?

It's also possible that his many associations have left him open to blackmail and he has become a puppet - take your pick, extremists, Feds, Russians, Chinese, profiteers pulling the strings.

The ignoring of reported security issues might not be simple ignorance or indifference, it might be avoidance of costs. The whole point of Epik may have been to build it up and sell it on, a kind of pump and dump where admitting security issues and the costs of fixing them would make a sale harder.

 

[Future Sensors]

Operators of "hot potato" domains are strongly advised to check in with us first before seeking safe harbor at Epik.

Will you stop personally recruiting these specific customers on controversial sites from now on? It may have become apparent by now that this aspect plays an important role in the narrative.

 

[shoulda9393]

This should all be settled in the courts, not some rambling thread. Here's my opinions as an uninvolved outlooker, and I'm not insisting anyone take my advice.

I come to this thread to see general updates on Epik security and instead I find countess drama about obscure Wikipedia admins, "Anonymous", and some guy named Joey using the Epik hack as a proxy for personal disputes none of us need to know about.

If people have a legal issue with the owner of an antifa doxxing site that is legally valid, it seems they should file a legal complaint to the owner of the site, in my opinion. Not try to pretend they can use domain infrastructure long term to accomplish whatever they want. That harms the internet at large when the foundations of the web are used to settle personal disputes.

As Epik had a massive breach and if they know the hackers involved, it would make sense for them to file a criminal and/or civil complaint against the hackers instead of engaging with them in public, as the hack was indeed extremely illegal. If passwords weren't hashed at Epik, and everything was in plaintext, customers should be notified about when that will change (by email) so they can decide how to use the service in a way that protects their information safety.

ICANN or whoever regulates transfers should also get involved if EPP codes are still at risk due to what seemed to be a total server compromise, and if not, customers should be notified the EPP codes are completely safe, by email, routinely imo.

Epik should have put up a notice about the hack on their site as well rather than Namepros in my opinion. Also the emails were vague and including religious references in any of them was super unprofessional.

 

[koolishman]

This should all be settled in the courts, not some rambling thread. Here's my opinions as an uninvolved outlooker, and I'm not insisting anyone take my advice.

I come to this thread to see general updates on Epik security and instead I find countess drama about obscure Wikipedia admins, "Anonymous", and some guy named Joey using the Epik hack as a proxy for personal disputes none of us need to know about.

If people have a legal issue with the owner of an antifa doxxing site that is legally valid, it seems they should file a legal complaint to the owner of the site, in my opinion. Not try to pretend they can use domain infrastructure long term to accomplish whatever they want. That harms the internet at large when the foundations of the web are used to settle personal disputes.

As Epik had a massive breach and if they know the hackers involved, it would make sense for them to file a criminal and/or civil complaint against the hackers instead of engaging with them in public, as the hack was indeed extremely illegal. If passwords weren't hashed at Epik, and everything was in plaintext, customers should be notified about when that will change (by email) so they can decide how to use the service in a way that protects their information safety.

ICANN or whoever regulates transfers should also get involved if EPP codes are still at risk due to what seemed to be a total server compromise, and if not, customers should be notified the EPP codes are completely safe, by email, routinely imo.

Epik should have put up a notice about the hack on their site as well rather than Namepros in my opinion. Also the emails were vague and including religious references in any of them was super unprofessional.

Well put. Devoid of emotion and to the point.

 

[DN Playbook]

This should all be settled in the courts, not some rambling thread. Here's my opinions as an uninvolved outlooker, and I'm not insisting anyone take my advice.

I come to this thread to see general updates on Epik security and instead I find countess drama about obscure Wikipedia admins, "Anonymous", and some guy named Joey using the Epik hack as a proxy for personal disputes none of us need to know about.

As Epik had a massive breach and if they know the hackers involved, it would make sense for them to file a criminal and/or civil complaint against the hackers instead of engaging with them in public, as the hack was indeed extremely illegal. If passwords weren't hashed at Epik, and everything was in plaintext, customers should be notified about when that will change (by email) so they can decide how to use the service in a way that protects their information safety.

I agree with you to a point. From this thread we have learned that a class action is being explored. However, this thread is about giving us context so we can make decisions to protect ourselves. Legal cases can be settled out of court that would include an NDA. This would leave everyone else in the dark.