General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums'Worst I've seen in 20 years': How the Epik hack reveals every secret the far-right tried to hide
Link to tweet
Mikael Thalen
@MikaelThalen
NEW: The hack of web hosting company Epik has revealed the names behind some of the most notorious far-right sites.
A cybersecurity expert I analyzed the data with said Epik was fully compromised.
Maybe the worst Ive ever seen in my 20-year career.
'Worst I've seen in 20 years': How the Epik hack reveals every secret the far-right tried to hide
A breach of Epik exposed a massive trove of data, including the names of individuals behind some of the far-right's most notorious websites.
dailydot.com
6:20 AM · Sep 16, 2021
https://www.dailydot.com/debug/epik-hack-far-right-sites-anonymous/
A large-scale breach of the domain registrar and web hosting company Epik has exposed a massive trove of data, including the names of individuals behind some of the far-rights most notorious websites.
The data, as first reported by independent journalist Steven Monacelli on Monday, was released as a torrent this week by the hacking collective Anonymous.
In a press release on the hack, dubbed Operation EPIK FAIL, Anonymous claimed that it was able to obtain a decades worth of information, including domain registrations and transfers, account credentials, and emails from an Epik employee.
This dataset is all thats needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just about everybody, the release alleges.
*snip*
SergeStorms
(19,201 posts)"We're not that stupid. It's (the hack) as bogus as covid19 and 5G".
If the reply from ownership is any indication, I think "anonymous" has struck gold.
It's fairly common knowledge who owns these sites anyway. If they truly did get all the user information though, it could be a massive score.
Bev54
(10,052 posts)but I have yet to see any documents, when are they going to be made public? what are they waiting for?
foo_fighter999
(86 posts)They altered the knowledge base to make fun of Epik's denial that they had been breached.
From the article:
"Anonymous also tampered with Epik's knowledge base to mock the company's denial of the breach.
"On September 13, 2021, a group of kids calling themselves 'Anonymous', whom weve never heard of, said they manage[d] to get a hold of, well, honestly, all our data, and then released it," said the altered knowledge base, as seen in an archived copy. "They claim it included all the user data. All of it. All usernames, passwords, e-mails, support queries, breaching all anonymization service[s] we have. Of course its not true. Were not so stupid we'd allow that to happen."
https://arstechnica.com/information-technology/2021/09/anonymous-leaks-gigabytes-of-data-from-epik-web-host-of-gab-and-parler/
That said, I can see how you would think that came from Epik as their actual response to the breach was so utterly stupid that it makes the KB article believable.
"We are not aware of any breach. We take the security of our clients' data extremely seriously, and we are investigating the allegation," an Epik representative told Ars."
That came the day after Anonymous announced the hack. When I saw Epik's response, it was obvious to me that they had been pwned. Badly. And they didn't even know it (yet).
Johnny2X2X
(19,066 posts)In this case though, these people are traitors to their country, publish their names and actions.
Fiendish Thingy
(15,619 posts)ripcord
(5,404 posts)It was wrong when the DNC was hacked and it is wrong now.
hadEnuf
(2,191 posts)Last edited Thu Sep 16, 2021, 06:17 PM - Edit history (1)
MontanaMama
(23,317 posts)#OperationJane. Anonymous has been telling Texas to expect them.
Carlitos Brigante
(26,501 posts)blogslug
(38,001 posts)No wonder they're the last place on earth for criminals and scum.
FM123
(10,053 posts)"Time to find out who in your family secretly ran an Invermectin horse porn fetish site."
Hortensis
(58,785 posts)forward to finding out whose uncles are running ivermectin porn sites? Anyone in our neighborhood? I found news on the hack of TX Republican Party's site, but I don't think that's quite what is meant by "the far-right's most notorious websites," even if it does qualify in my mind.
Anonymous always brings to mind a long-term interest, btw, the 2016 campaign against the Democratic Party (supposedly addressed to Evil Witch Hillary) that they were about to release evidence of our candidate's crimes that would destroy her. While they're releasing stuff, might that finally turn up?
Tommymac
(7,263 posts)BWAAAAHAAAAHAAAAAAAHAAAAA
Da Stupid goes beyond misspellings
The Mouth
(3,150 posts)drmeow
(5,018 posts)"You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them, Monster added. I believe that what the enemy intends for evil, God invariably transforms into good."
Dude - you have dishonorable intentions and you are the enemy. Maybe, just maybe, this hack is God transforming your evil into good!
wiggs
(7,814 posts)that the top .1% is waging against the rest of humanity then perhaps some good comes from it
This is fundamental dynamic that colors all the other issues and makes progress harder. Doing something about it has proven very very difficult, due to the 50 year head start and 90% of the money the top .1% has
lagomorph777
(30,613 posts)For example, it might enable some very targeted and painful boycotts.
DickKessler
(364 posts)foo_fighter999
(86 posts)weeks before they were breached.
"TechCrunch has since learned that Epik was warned of a critical security flaw weeks before its breach.
Security researcher Corben Leo contacted Epiks chief executive Monster over LinkedIn in January about a security vulnerability on the web hosts website. Leo asked if the company had a bug bounty or a way to report the vulnerability. LinkedIn showed Monster had read the message but did not respond.
Leo told TechCrunch that a library used on Epiks WHOIS page for generating PDF reports of public domain records had a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.
You could just paste this [line of code] in there and execute any command on their servers, Leo told TechCrunch.
More at https://techcrunch.com/2021/09/17/epik-website-bug-hacked/
I'm not sure if that's the vulnerability that Anonymous used to breach their servers but, at any rate, if they had a vulnerability that old that they hadn't bothered to take care of, there's a REALLY good chance that it wasn't the only one. Sounds like they were easy pickings.