Epik Hack reveals owners of most notorious far-right sites
A large-scale breach of domain registrar and web hosting company Epik revealed a huge amount of data, including the names of the people behind some of the far-right’s most notorious websites.
Data, as first reported by freelance journalist Steven Monacelli on Monday, was torrented this week by hacking collective Anonymous.
In a press release on the hack, dubbed Operation EPIK FAIL, Anonymous claimed it was able to obtain “the equivalent of a decade” of information, including domain registrations and transfers, information Epik employee account identification and emails.
“This dataset is all that is needed to trace the actual ownership and management of the fascist side of the Internet that has eluded researchers, activists and, well, pretty much everyone,” the statement said.
A compressed version of the torrent was then published by the collective of journalists DDoSecrets, which plans to upload and host the data for journalists and researchers.
Epik’s clients include social media sites like Parler and Gab as well as far-right forums like TheDonald. A pro-life website that urged Texas residents to report women requesting abortions from authorities in the wake of the state’s abortion decision was also a temporary client of Epik.
In a statement to Gizmodo on Tuesday, an Epik spokesperson said the company was “not aware of any violations.”
Epik CEO Robert Monster sent customers an email on Wednesday acknowledging “a suspected security incident” but did not provide details.
“Our internal team, together with outside experts, worked diligently to remedy the situation,” Monster wrote. “We are taking proactive steps to resolve the issue. We will keep you posted on our progress.
“You are in our prayers today. We are grateful for your support and prayer. When situations arise where individuals might not have honorable intentions, I pray for them, ”Monster added. “I believe that what the enemy wants for evil, God invariably transforms for good.”
The Daily Dot attempted to reach Monster for comment, whose phone number and Skype username were listed in emails about the breach, but did not receive a response.
Analysis of the data by the Daily Dot revealed the names, addresses, phone numbers and email addresses of those who registered web domains for a range of sites related to everything from QAnon conspiracy theory to forums for supporters of former President Donald Trump. The data was also verified on Wednesday evening by the Save.
The Daily Dot spoke to a person listed as TheDonald’s registrar, an offshoot of a pro-Trump forum banned from Reddit last year, which runs from the Patriots.win domain. The individual confirmed that the information listed in the breach was his own but claimed he had moved away from the site.
TheDonald’s original subreddit, which had nearly 800,000 members, was removed by Reddit for repeatedly breaking the platform’s rules against harassment, hate speech and content manipulation.
The forum replacement at Patriots.win also found himself embroiled in controversy following the Jan.6 riot on Capitol Hill after members were found to have discussed hanging and beheading politicians.
Another person listed as running a fake version of 8chan also confirmed to the Daily Dot that the information listed in the breach was correct over the phone.
A Linux engineer tasked with conducting an impact assessment on behalf of a customer who uses Epik’s services told The Daily Dot that the breach was one of the worst he has ever seen. The engineer was not allowed to speak about the violation by his employer and was granted anonymity from the Daily Dot.
“They are fully end-to-end compromised,” they said. “Perhaps the worst I have ever seen in my 20 year career.”
The engineer told The Daily Dot what they described as Epik’s “full master database”, which contains hosting account usernames and passwords, SSH keys and even certain credit card numbers, all stored in the clear.
The data also includes Auth-Codes, access codes necessary to transfer a domain name between registrars. The engineer said that with all of the data in the leak, which also included admin passwords for WordPress logins, any attacker could easily take over the websites of countless Epik customers.
The Daily Dot was unable to confirm claims made in the press release by Anonymous that each of Epik’s customers were exposed to the breach.
The analysis suggests that the hacked data runs until February 28, 2021. The release of the data comes just days after hackers aligned with Anonymous demeaned the official Texas Republican Party website over the new restrictions on the hackers. ‘State on Abortion.
This week’s top tech stories
* First published: Sep 16, 2021, 8:07 a.m. CDT
Mikael Thalen is a Seattle-based tech and security reporter covering social media, data breaches, hackers, and more.