alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[DN Playbook]

I personally enjoy the security knowledge you share. We can argue about small details about algorithms being strong or weak, but the situation at Epik personally gave me salty tears.

If Epik had formed a competent Red Team immediately after the acquisition in 2011, the company could have gained access to the code much earlier. But hey, never underestimate the capabilities of the Blue Team of a foreign party who completely managed the codebase.

Thanks again.

This is especially scary when you consider that the registrar code is what appears to have been the door that the hackers entered through into E's server. But we have seen that other services, such as hosting, have been compromised. Can you imagine the amount of financial data, banking information, that potentially was hacked from the "epik escrow" service. In addition to data stored for auto-renewals. I don't know if anyone has found any details on that.

 

[oldtimer]

For those who are interested in discussing Cyber Security in general and analyzing some of the root causes that are behind the hostile environment that we are facing in the digital World (and their connections to the real World) there is now a new thread here at NamePros at:


https://www.namepros.com/threads/humanity-and-cyber-attacks.1255328/

Thread Rules:

Everyone's opinion is appreciated, but your comments must be on topic and be on the professional, constructive, and respectful side.

 

[Evil.dll]

I am trying to give a neutral perspective from a background of preventing the collection and dissemination of sensitive information for organizations that have plenty of sensitive information and many advanced persistent threats. I am not affiliated with any organization.

 

[Evil.dll]

For those who are interested in discussing Cyber Security in general and analyzing some of the root causes that are behind the hostile environment that we are facing in the digital World (and their connections to the real World) there is now a new thread here at NamePros at:


https://www.namepros.com/threads/humanity-and-cyber-attacks.1255328/

Thread Rules:

Everyone's opinion is appreciated, but your comments must be on topic and be on the professional, constructive, and respectful side.

As a customer of the Swiss Bank of Domains I would think that you may want to hear what I have to say.

 

[oldtimer]

If this is directed at me and my comments, they have been reviewed by the bravo team mod and approved. If you don’t appreciate my comments you are free to disregard them, but I assure you they relate to this thread.

No, in no way was it directed at you.

The mods had moved some of my comments from here that were in regards to finding the root causes for the situation that has developed with the breach to another thread and I was just giving an invitation to other members who might like to discuss Cyber Security in general to visit the new thread.

Please edit your comments because you are unjustly attacking me due to a misunderstanding.

IMO

 

[Future Sensors]

Dear @oldtimer

It makes much more sense to discuss the security implications for Epik and their customers based on this actual data breach than to discuss cyber security in a fairly undefined other thread with "Humanity" in the title. That's a no-go for me. A renewed sales pitch for your topic is really not necessary.

 

[Future Sensors]

Back to topic. The term Advanced Persistent Threat has now been appropriately mentioned. Precisely because Rob and all Epik staff members on this forum and other forums have always been so actively sharing their personal and technical information, this may have been an important input in the reconnaissance stage, before the actual attack technically took place.

Even in this thread Rob is sharing very specific details about his personal family life. Is that really wise?

https://en.wikipedia.org/wiki/Advanced_persistent_threat

 

[Evil.dll]

Back to topic. The term advanced persistent threats has now been appropriately mentioned. Precisely because Rob and all Epik staff members on this forum and other forums have always been so actively sharing personal and technical information, this may have been an important input in the reconnaissance stage, before the actual attack technically took place.

Even in this thread Rob is sharing very specific details about his personal family life. Is that really wise?

https://en.wikipedia.org/wiki/Advanced_persistent_threat

My dear friend TA0003

 

[Evil.dll]

“Adversaries may obtain and abuse credentials of a domain account as a means of gaining Initial Access, Persistence, Privilege Escalation, or Defense Evasion. Domain accounts are those managed by Active Directory Domain Services where access and permissions are configured across systems and services that are part of that domain. Domain accounts can cover users, administrators, and services.”

 

[Evil.dll]

“The future of Identity management” is a lot like the “Swiss Bank of Domains”
This will make sense to some, and is pertinent to this thread because they are both claims, made by the same company about services offered. Strongly suggest you weigh the first statement against the second and come to your own conclusions

 

[Kirtaner]

People are telling me this thread isn't about trolls and you are quoting me a nazi troll named Weev and another longtime old anti-semitic troll "Kirtaner".

That's for Twitter, not Namepros. There is no justification for using this thread to make registrars content policers (which the large ones already aren't).

Don't insinuate such things of me ever again.

Rob Monster's continued responses to this event are disappointing.

 

[jmcc]

There has been a "rigidly defined areas of uncertainty and doubt" thread created. Can people please leave this thread for for the discussion of the Epik databreach and its effects?

Regards...jmcc

 

[Bravo Mod Team]

I posted this with the permission of Bravo

they have been reviewed by the bravo team mod and approved

Responsible disclosure is permitted and shared expertise is an appreciated contribution to the community, but you’re giving us a little too much credit:

We haven't had time to review posts unless they are reported, moderated due to automated mechanisms, skimmed while spot checking, or they @mention us (these are hit-or-miss).

Of the posts we’ve seen by you, they’ve mostly been on topic and contributory.

Thanks for sharing your technical expertise.

 

[Future Sensors]

There is something fascinating to see among Epik customers right now. There is one very loyal group that has gained more confidence in the company as a result of the incident. This group is now actively encouraging other people to bring more domains to Epik, while there is no guarantee that the security problems have been resolved (keyword again: APT).

Then you have a group of highly concerned, previously extremely loyal, customers who ask the company for answers that they never get.

 

[Bravo Mod Team]

We haven't had time to review posts

A good example is all of the posts that came in while typing our previous message. A different mod team can handle those; this mod team is tired and calling it a day.

 

[Evil.dll]

The bottom line is as many credible sources other than myself have pointed out is that the nature of the information that was leaked in this breach is massive. And with persistence and privilege escalation the breach has gotten worse. A failure to disclose to customers the nature of the data that was leaked would be an admission of culpability, so you will likely not hear a lot if anything relevant to that from any entity. However as consumers, you have a right to understand how companies use and store your data. Customers in certain geographical areas have stricter laws on consumer privacy. It has been publicly disclosed that there was a data leak by numerous credible sources, the nature of how the information was stored was not in compliance with best practices and certainly not within the standards of PCI DSS standards. In my opinion you should exercise your right to know how your information is being used.

 

[jmcc]

The bottom line is as many credible sources other than myself have pointed out is that the nature of the information that was leaked in this breach is massive. And with persistence and privilege escalation the breach has gotten worse.

There seems to be a rather curious aspect to the maximum file dates on the releases and some were from 2020. (I'm going on what I've read on Twitter and other commentary rather than the data as I didn't download any of it.) The later releases seem to have older maximum dates than the first leaked data. That may be an indication of escalation or, perhaps, an indication of an earlier compromise date for some servers. It may also be an indication of data from backups being used to increase access.

The main problem with the analysis is that while people reviewing the leaked data may understand various software vulnerabilities, they may not be familiar with registrar and domain name operations and that means that there is a steep learning curve.

Regards...jmcc

 

[shoulda9393]

Don't insinuate such things of me ever again.
Rob Monster's continued responses to this event are disappointing.

Ok well because the people you work(ed?) with on Twitter claim, in public, your origin is the same irony-bro racist milieu of the cultures you are now (rightly) working to destroy. I was just going with it their empirical citations, including archived tweets, that you haven't fully "changed". But given I'm not into cancel culture, I'll take your word that you've been misunderstood or that such posts were just racist jokes and not seriously racist jokes.

But for what's actually important:

If you were involved in the registrar hack, you have no moral high ground here given the hack was an illegal action against thousands of non-politiical people. You claim to be the head and/or founder of "Anonymous". "Anonymous" took responsibility for the leak of Epik customer data.

What is the preoccupation with Epik, when Epik already booted off the worst sites years ago? The last time I heard your name was about your (admirable) hatred of the Q movement, who are largely not on Epik, but at Vanwatech.

Is the thought that websites wouldn't have a home without Epik? Because that's not true, the rogue sites already moved elsewhere. Is the thought that you are "punishing online Nazis that you wish you could have stopped x years ago", then why celebrate on Twitter a leak that wasn't targeted, but rather everyone who used the service, including thousands of non-political people...

This thread is about illegal actions on the part of Anonymous against domain owners. As you haven't straight up admitted to being directly involved in the hack, no one can claim you did it. All that's known so far is news outlets as of late have directly attributed you to being a capital A "Anonymous hacker". And your public statements celebrate a possible demise of Epik.

Also, what is Rob supposed to do? If he shuts down, then the sites you claim to hate, but have shared similar sentiment with many years ago, would then be moved by ICANN to a new registrar. If a site doesn't trust where ICANN would move the domain to, they would just move to registrars that are foreign or that you have no emotional control over.

 

[Derek Peterson]

Ok well because the people you work(ed?) with on Twitter claim, in public, your origin is the same irony-bro racist milieu of the cultures you are now (rightly) working to destroy. I was just going with it their empirical citations, including archived tweets, that you haven't fully "changed". But given I'm not into cancel culture, I'll take your word that you've been misunderstood or that such posts were just racist jokes and not seriously racist jokes.

But for what's actually important:

If you were involved in the registrar hack, you have no moral high ground here given the hack was an illegal action against thousands of non-politiical people. You claim to be the head and/or founder of "Anonymous". "Anonymous" took responsibility for the leak of Epik customer data.

What is the preoccupation with Epik, when Epik already booted off the worst sites years ago? The last time I heard your name was about your (admirable) hatred of the Q movement, who are largely not on Epik, but at Vanwatech.

Is the thought that websites wouldn't have a home without Epik? Because that's not true, the rogue sites already moved elsewhere. Is the thought that you are "punishing online Nazis that you wish you could have stopped x years ago", then why celebrate on Twitter a leak that wasn't targeted, but rather everyone who used the service, including thousands of non-political people...

This thread is about illegal actions on the part of Anonymous against domain owners. As you haven't straight up admitted to being directly involved in the hack, no one can claim you did it. All that's known so far is news outlets as of late have directly attributed you to being a capital A "Anonymous hacker". And your public statements celebrate a possible demise of Epik.

Also, what is Rob supposed to do? If he shuts down, then the sites you claim to hate, but have shared similar sentiment with many years ago, would then be moved by ICANN to a new registrar. If a site doesn't trust where ICANN would move the domain to, they would just move to registrars that are foreign or that you have no emotional control over.

False. This thread is about the illegal and fraudulent actions of Rob Monster and Epik. Everyone knows that hacking is illegal so there is really nothing to discuss in that dept. Maybe you should back and read 100 pages and get caught up on Monster's actions.

 

[shoulda9393]

False. This thread is about the illegal and fraudulent actions of Rob Monster and Epik. Everyone knows that hacking is illegal so there is really nothing to discuss in that dept. Maybe you should back and read 100 pages and get caught up on Monster's actions.

Umm no, this thread is about the illegal breach of Epik. Who did the breach? Anonymous. Who claims to be the founder of anonymous? Aubrey. Was he directly involved in the hack? I don't know, he should tell us.