Mother Jones is reporting that according to a release from someone claiming to be associated with the online collective known as Anonymous, Epik, the domain registrar known for hosting far-right websites and social media services, was recently hacked.
The group said in a statement attached to a torrent file of the dumped data this week that the 180 gigabytes represents a “decade’s worth” of company data, including “all that’s needed to trace actual ownership and management” of the company. Customers’ payment histories, domain purchases and transfers, passwords, credentials, and employee mailboxes were all claimed by the group. The stolen data cache also includes files from the company’s internal web servers and databases containing customer records for Epik-registered domains.
“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody,” the hacker boasted in announcing the attack.
The hackers did not specify how they obtained the breached data or when the hack occurred, but timestamps on the most recent files indicate that the hack occurred in late February.
The company bills itself as the “Swiss Bank of Domains,” with CEO Rob Monster joking earlier this year to NPR that he’s “the Lex Luthor of the internet.”
In that story, Monster compared white supremacist leaders to “shock jocks,” and claimed that while he does not believe such content should be “available to people on the internet,” publishing it was “the decision of our client organizations.”
Among Epik’s clients are Gab, the social networking platform where a user boasted about targeting a Pittsburgh synagogue just before carrying out his deadly attack, and Parler, whose links to the January 6 attack on the US Capitol prompted major tech providers to ban it.
Emma Best, a key figure at DDoS Secrets, a web archive with a public interest mission of hosting hacked and leaked data, tweeted Tuesday morning that the site was working to acquire the materials and share them with researchers and journalists.
"Emma Best, a key figure with DDoS Secrets, a web archive with a public interest mission of hosting hacked and leaked data [stated] the site was working to obtain the materials and share them with researchers and journalists. …preparing 180 gigabytes of data…" pic.twitter.com/GMZ9RU7i7p
— Julie the vaccinated and cranky (@JulieTheCranky) September 16, 2021
STORY CONTINUES BELOW...
According to the group, it is preparing 180 gigabytes of data from “Epik, known for hosing fascist, white supremacist and other right-wing content.”
Best noted the group’s history with the hacked-domain registrar in a separate tweet, noting that Epik’s services “were used to defame, stalk, and threaten #DDoSSecrets” members after the site hosted data obtained from Gab. “Epik knew. Gab’s CEO knew. They all enabled it,” Best wrote.
🔥A new site (DDoS) will post hundreds of thousands of hacked emails and gigabytes of leaked documents from #Russian🇷🇺oligarchs and Kremlin apparatchiks.
— Dena Grayson, MD, PhD (@DrDenaGrayson) January 24, 2019
While a company spokesperson did not respond to a request for comment from Mother Jones on Tuesday afternoon, Gizmodo reported that a company spokesperson claimed Epik had launched an investigation but was “not aware of any breach.”
According to Tech Crunch, Epik was warned about a critical security flaw weeks before the breach.
In January, security researcher Corben Leo contacted Epik’s CEO Monster via LinkedIn about a security vulnerability on the web host’s website. Leo inquired if the company offered a bug bounty or if there was a way to report the vulnerability. Monster was shown on LinkedIn to have read the message but not responded.
According to Leo, a library used on Epik’s WHOIS page to generate PDF reports of public domain records contained a decade-old vulnerability that allowed anyone to remotely run code directly on the internal server without any authentication, such as a company password.
“You could just paste this [line of code] in there and execute any command on their servers,” Leo told TechCrunch.
Leo ran a proof-of-concept command from the public-facing WHOIS page to ask the server to display its username, which confirmed that code could run on Epik’s internal server, but he did not test to see what access the server had, as doing so would be illegal.
for those who don't know the context / can't read that:
a hacking group breached Epik, a hosting service for most of the far right's domains, including parler and gab, and distributed all their info publicly. and the release says "the notorious 'hackers on estradiol' present:"
— fag daughter (@DiodeLass) September 17, 2021
It’s not known if the Anonymous hacktivists used the same vulnerability that Leo discovered. (Part of the stolen cache also includes folders relating to Epik’s WHOIS system, but the hacktivists left no contact information and could not be reached for comment.) But Leo contends that if a hacker exploited the same vulnerability and the server had access to other servers, databases or systems on the network, that access could have allowed access to the kind of data stolen from Epik’s internal network in February.
“I am really guessing that’s how they got owned,” Leo told TechCrunch, who confirmed that the flaw has since been fixed.
— Anonymous🏴🐾 ☕🍵 (@YourAnonRiots) September 16, 2021
Monster confirmed receiving Leo’s LinkedIn message, but did not respond to our questions about the breach or when the vulnerability was patched.
“We get bounty hunters pitching their services. I probably just thought it was one of those,” said Monster. “I am not sure if I actioned it. Do you answer all your LinkedIn spams?”