IT.COM

alert Epik Had A Major Breach

Spaceship Spaceship
Watch

Silentptnr

Domains88.comTop Member
Impact
47,106
Last edited:
33
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Someone on the replies of that Micah Flee tweet about Epik's Gitlab posted an archived page of We Can Develop IT from March 2021 that shows Rob Monster as their "partner" alongside Kenn Palm and Vitaliy Opryshko as the other partners. This is very interesting because if you go to the We Can Develop IT webpage now Rob Monster is no longer there.
 
5
•••
3
•••
Someone on the replies of that Micah Flee tweet about Epik's Gitlab posted an archived page of We Can Develop IT from March 2021 that shows Rob Monster as their "partner" alongside Kenn Palm and Vitaliy Opryshko as the other partners. This is very interesting because if you go to the We Can Develop IT webpage now Rob Monster is no longer there.

Apparently this friendship was not so close that the keys to the codebase were entrusted to him.
 
1
•••
0
•••
Apparently this friendship was not so close that the keys to the codebase were entrusted to him.
Hackers and Russians have had more access to the entire company than Rob. Totally normal.
 
7
•••
0
•••
Hackers and Russians have had more access to the entire company than Rob. Totally normal.

Based on what I’ve seen from infra built for and by the right this is p typical and is, in fact, totally normal.
 
2
•••
Hackers and Russians have had more access to the entire company than Rob. Totally normal.

And - knowing now that this was in fact a Kenn Palm's Intrust operation not a Rob Monster's Epik operation - also spammers and dropcatch scammers.
 
0
•••
Who’s Kenn Palm? Sorry. I just got here.
 
2
•••
Based on what I’ve seen from infra built for and by the right this is p typical and is, in fact, totally normal.
Gosh, imagine that. Wonder why that is.
 
0
•••
Smth about learning to code I’m sure.
 
2
•••
Who’s Kenn Palm? Sorry. I just got here.
Kenn Palm was the founder and owner of IntrustDomains, the Colorado Springs-based company that Monster/Epik acquired in 2011. It was the source of the "shitty Russian code" and the captive dev team who created it. The company was apparently "at the forefront of bulk / automated domain sales spam" (per bmugford). Evidently Monster and Epik were using their drop catching services before the acquisition.
 
Last edited:
6
•••
I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.
 
0
•••
I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.

I don't think anyone is gonna be in a rush to use Epik's code. Maybe some of the code from some project the acquired but even that I doubt.
 
1
•••
I fear that now that the complete codebase is accessible, this will prove to be an inspiration for other entrepreneurs who want to quickly mimic an ICANN accredited registrar. We will see insecure whitelabel implementations elsewhere. With or without appropriate license.
They may not get ICANN accreditation. If they are not accredited by ICANN then they are not an ICANN accredited registrar. This whole registrar/reseller thing is an issue within ICANN working groups as the market is a very different one from when the whole registry/registrar model was created. It was ok for the 1990s where the majority of the Internet was just US/CA/EU/AU/NZ/JP) but the Internet has evolved globally and some regions such as Africa have only a few ICANN registrars. There are more ccTLD registrars now than there are active ICANN registrars.

https://www.icann.org/resources/pages/accreditation-2012-02-25-en

The worrying thing, from a stability viewpoint, is that there may be other insecure registrars.

Regards...jmcc
 
4
•••
And - knowing now that this was in fact a Kenn Palm's Intrust operation not a Rob Monster's Epik operation - also spammers and dropcatch scammers.

You think that is why Monster was saving all domain searches - trying to front run domains or at least trends?
 
0
•••
The reality is that the people he was profiling were not lovely people. They may become more lovely in the future. If they don't then one can assume that other Joey's will emerge when thugs overreach.

The same can be said of hacktivists and online providers that are "not lovely people". Who are thugs, as you put it.

Kenn Palm was the founder and owner of IntrustDomains, the Colorado Springs-based company that Monster acquired in 2011. It was the source of the "shitty Russian code" and the captive dev team who created it. The company was apparently "at the forefront of bulk / automated domain sales spam" (per bmugford). Evidently Monster and Epik were using their drop catching services before the acquisition.

InTrustDomains was a shady business from the get go. So is there any surprise how we got here? How does the saying go? "Birds of a feather..."?
 
5
•••
0
•••
Agree. But I used 'mimic' :xf.cool:
That would be unfortunate for them. :) The hard part is that the whole codebase would have to be reverse-engineered to see how it worked as otherwise it might be just a partial imitation/emulation. That would be adding a completely new set of potential vulnerabilities.

The sales platform code may be the basis for some imitation. That's a very competitive section of the market.

Regards...jmcc
 
1
•••
The code will certainly be inspirational for plenty of existing players in the domain registrar biz and aftermarket.
 
Last edited:
2
•••
0
•••
I don't think anyone is gonna be in a rush to use Epik's code. Maybe some of the code from some project the acquired but even that I doubt.

The code will certainly be inspirational for plenty of existing players in the domain registrar biz and aftermarket.

This feels like an experiment to create a brand, build it up, then sell it. The subsidiary brands/services were created very quickly, rushed. Like to make the company appear to have more value. I have never seen a company push out the door so many brands/services in such a short span of time. If the Russian "shitty code" was never fixed, who built those brands? I think you, @Derek Peterson, stated that these were white label reseller services by other companies. Given the short span of time in which they were launched, that would make sense. There doesn't appear to be any other rational explanation.
 
8
•••
This feels like an experiment to create a brand, build it up, then sell it. The subsidiary brands/services were created very quickly, rushed. Like to make the company appear to have more value. I have never seen a company push out the door so many brands/services in such a short span of time. If the Russian "shitty code" was never fixed, who built those brands? I think you, @Derek Peterson, stated that these were white label reseller services by other companies. Given the short span of time in which they were launched, that would make sense. There doesn't appear to be any other rational explanation.


Exactly. That was the whole point. "Launch" a bunch of products (white label) and make the company look as much like GoDaddy as possible, from a biz perspective, get a big pay and cash out. The term is pump and dump.

He knows exactly what he is doing. he knew what he was doing 2 years ago when he lied about his white label VPN and called me a liar, loser, troll, etc etc and threatened to sue me and several other people. Just like he is doing now. It still amazes me how little he cares for others and how he can lie and attack people he knows that are telling the truth.
 
4
•••
Last edited:
0
•••
2
•••
Back