Tag Archives: epik

Breaking News, LGBTQIA, Local, National

Anonymous hack of Epik reveals a devastating amount of information

1 Comment

[SAMMAMISH, Wash.] – (MTN) An examination of the Epik Software data released by Anonymous has security experts concluding the claims made by the shadowy organization are true, and it will be a devastating blow. “This is the Panama Papers for hate groups,” a researcher told us after reviewing just part of the 180GB of information retrieved. “In all my years, I have never seen a breach of a domain registrar to this scale. The lack of security to protect this information is breathtaking.”

To understand the significance of the hack and the role Epik has played in platforming hate speech, the history of the company and its founder needs to be examined.

A Brief History of Epik and its CEO, Rob Monster

Epik, located in Sammamish, Washington, was founded in 2009 by Rob Monster, the CEO of the domain registrar and web hosting company. For the first ten years, the company largely remained out of the public eye. Mr. Monster (that is his real name) was known locally for founding a market research company, where the board of directors ousted him and serving as an interim CEO of Digitaltown. In closer circles, Monster’s extreme views on race were an open secret. Everything changed on November 5, 2018.

Gab, a Twitter alternative used by extremists and far-right groups, was thrust into the national spotlight after the Pittsburgh synagogue shooting on October 27, 2018, which left 11 dead and 6 wounded. The massacre was carried out by Robert Gregory Bowers, 46 at the time. Bowers had used Gab to threaten Jews and posted his plans on the site shortly before the massacre happened. It received messages of encouragement and support, and site admins did nothing to warn authorities under the banner of protecting free speech. GoDaddy was the domain registrar for Gab and terminated their services, knocking Gab off the Internet. Epik became the registrar in November, and Gab returned.

In 2019 Epik made a series of acquisitions, including BitMitigate, a cybersecurity firm, and Sibyl Systems, a company providing hosting services for the website Gab. Little is known about Sibyl Systems, including the nation the company is located in or its services. In August of 2019, after 8chan lost its domain and hosting providers, Epik became the site’s host provider.

8Chan, a popular site among extremists and adherents of QAnon, was taken offline after the August 3, 2019, El Paso Walmart shooting that left 23 dead and 23 wounded. Patrick Wood Crusius, 21 at the time, posted a manifesto on 8Chan. That decision proved to be a bridge too far for many service providers and ultimately for Epik itself.

In the 12 months that followed, Amazon Web Services limited some services while Linode and PayPal severed ties with the company. PayPal terminated their relationship with Epik over concerns that the company had the potential to use the PayPal platform for money laundering and tax evasion. Epik created a currency for its customers called “Masterbucks,” which used PayPal as the backbone. In the end, Epik dropped 8chan.

Rob Monster became a cause celebre among Republicans, political conservatives, and those with more extreme views. Epik cemented itself as the domain and host provider for the far-right, and in January 2021, rescued the Twitter alternative Parler, another online platform used by political extremists.

Monster has described himself as a Chrisitan and a libertarian, while others describe a man who has become increasingly radicalized in the last five years. A recent article in Bloomberg Business Week about Nick Lim, the founder of VanwaTech, which provides technical and hosting services to some of the most extreme websites on the planet, highlighted the relationship between Lim and Monster.

“At that point, Epik had spent years in the mundane business of nonideological domain registration, and Rob Monster, its awkwardly named chief executive officer, had a reputation for personally handling customer service calls and posting on arcane industry forums. But Monster had also been radicalized during the Trump years, subjecting his staff to florid conspiracy theories in staff meetings and spending more and more of his energy on politically charged work at Epik.”

“Around this time, Lim and Monster began collaborating. It’s not clear how they met, but they quickly grew close, with Monster becoming a kind of mentor to Lim, according to Joseph Peterson, then Epik’s director of operations.”

In the years that followed, Epik’s business relationship with Gab was a honeypot for like thinkers. The Republican Party and its most extreme supporters, churches, hate groups, individuals, and platforms that support extremists rushed to become clients of Epik. Those decisions are going to prove to be very costly.

The Anonymous hack of Epik

On September 11, 2021, a Texas GOP website, texasgop.org, was hacked by Anonymous. The hack was done in response to a recently passed Texas anti-abortion law, the most restrictive in the United States. While the hack was schadenfreude fodder on social media, for Anonymous it was a lot more. It was the first shot over the bow of Epik, the domain registrar for texasgop.org.

On Monday, Anonymous reported that they had hacked Epik and released 180GB of data in a press release. Anonymous claimed they had 10 years of information in the release, including all domain purchases, domain transfers, whois history, DNS changes, mail forwarders, payment history (no credit cards), account credentials including passwords, and GitHub repositories. Our researchers’ conclusion last night? It’s true, all of it.

Reporter Steven Monacelli broke the hacking news on Twitter. A few hours later, Rob Monster replied to the tweet and called the hack “a nothing burger.”

Epik’s own website was hacked late Monday night, with an FAQ entry mocking CEO Rob Monster. The FAQ entry was public for hours before being removed.

Epik website was hacked on Monday night with an FAQ entry about the Anonymous hack

Last night, researchers were pouring through the information. Among the thousands of innocuous sites for yoga studios and home renovations, the information on who is behind some of the most notorious websites on the Internet was in plain view. Nazi sites, anti-Semitic sites, QAnon, misinformation on COVID, elections, and doxing sites. Sites that illegally sell guns, drugs and are involved in human trafficking and prostitution.

Epik customers who used the company’s anonymizing services were left unprotected. Although the information was stored in a different database, it was easily cross-referenced to the list of domain owners. Incredibly, none of the data was “encrypted at rest.”

The reaction has already been swift. Joey Camp, an agent provocateur from Colorado, was one of the first individuals outed from the hack. Within hours he has already issued threats online and is making claims the hack isn’t real. Not only is it real, but the information shows the list of websites Camp owns, including ones that aren’t as openly attached to his personal brand. A cluster of dozens of pro-Trump websites is connected back to a medical doctor in California.

A security expert we talked to concluded, “It would be like locking the door of the bank at night but leaving the alarm off and the vault open.” For Republican leadership, religious conservatives, and the people backing misinformation, hate, and extremists websites, this is only the beginning of the problems that will lie ahead. Passwords can be changed and websites hardened to prevent transfers or attacks, but the who’s who behind online hate is available to the world.

Breaking News, National

BREAKING: Epik Software home to a California recall vote misinformation website

[SAMMAMISH, Wash.] – (MTN) The first fallout of the Anonymous hack of Sammamish based Epik Software is coming to light, and it includes a misinformation campaign by Republican Larry Elder in the California governor recall.

As the chances of current Governor Gavin Newsom being recalled all but evaporated in the last few weeks, Larry Elder and his surrogates started a campaign to try and delegitimize the election before it even started.

In a report on NBC News, Elder appealed to his supporters yesterday to use an online form on the website stopcafraud.com to report fraud. He went on to claim the site had “detected fraud” in the “results” of the California recall election “resulting in Governor Gavin Newsom being reinstated as governor.”

“This is really becoming the standard GOP playbook,” said Lee Drutman, a senior fellow at the New America think tank who studies democracy. “This is democracy 101. If you don’t have elections that are accepted and decisive, then you don’t really have a democracy, because the alternative is violence or authoritarianism.”

There is one major problem with the claim of fraud – the election hasn’t even started. So where does Epik come into this?

Epik Software is the domain registrar for stopcafraud.com, created on August 27. Allegedly, information gleaned from the hack shows the website is already prepopulated with fake data before the site went live to the public according to a claim made by Heidi Cuda, an investigative reporter.

When the website was first published, it contained no disclaimer that it was backed and funded by the Elder campaign, a campaign law violation. After NBC News reached out for comment, the required disclaimer was added. Additionally, the website has no privacy policy and does not provide disclaimers on how the data collected may or may not be used by third parties.

It is important to note that Epik Software is not directly involved in the physical creation of the website or the manufacturing of fake data. The company provides DNS and hosting services, and is popular among alt-right, white nationalist, militant, QAnon, and misinformation groups.

BIPOC, Breaking News, LGBTQIA, Local, National

BREAKING: DNS and host provider Epik Software hacked by Anonymous

4 Comments

An update to this story is available: Anonymous hack of Epik reveals a devastating amount of information

Editor’s Note: This story has been updated to reflect the amount of data hacked is 180GB.

[Sammamish, Wash.] – (MTN) Sammamish, Washington based Epik Sofware, the controversial DNS and host provider for websites and apps such as Parler, Gab, and 8Chan was breached by the hacker group Anonymous. The organization announced they were able to access and download ten years of data, with most of it unencrypted. In a message posted by the group, they provided details to access founder Rob Monster’s e-mails, as proof of their claims.

Epik Software provides hosting and DNS to thousands of websites, most involved in the dark corners of the web that spread hate, discuss and plan domestic terrorism, platform QAnon conspiracies, and spread disinformation. A DNS is similar to the physical address of a home or business. Websites use an IP address, which could be thought of as latitude and longitude for a physical location. Most people won’t navigate to an address using that data and instead will look for “100 Main Street.” A DNS provider enables a URL (or multiple URLs) to point to an IP to a common URL.

The potential information on the people or business behind sites such as Parler, Gab, The Storm Front, prolifewhistleblower, 8Chan, BitChute, and Patriot.win, to list a few. Additionally, Anonymous is claiming they have passwords, internal communications, and other data going back ten years. For some sites and apps such as Parler, most information is already known. The bigger reveal could expose thousands of people involved in websites that peddle suicide advice, medical misinformation, and support QAnon.

One-hundred-and-eighty gigabytes of compressed data were released and currently, several sources are working to verify the data and make it usable for researchers and journalists.

The company based out of Sammamish, Washington, and run by Rob Monster, operates under the banner of protecting First Amendment rights. However, the company has a history of not cooperating with criminal investigations when websites have crossed lines into potential criminal behavior.

The company recently made headlines for providing DNS services to the Texas website prolifewhistleblower, after GoDaddy booted the site. The website was created so people could report anyone helping a Texas resident gain access to an abortion, and earn a $10,000 bounty. Less than a week after Epik became the DNS, their legal team also dropped the website. GoDaddy has offices in Kirkland, Washington.

Breaking News, National

Alternative Social Media Site Gab deletes Twitter account and site is down

1 Comment

[SEATTLE] – (MTN) Alternative social media platform Gab, a favorite of alt-right and extremist groups such as the Proud Boys, is down, and the Twitter account was deleted today. Gab, which uses Sammamish, Washington Epik Software as registrar, is hosted on Cloudflare. The website returns a 521 error, indicating a security configuration problem or the site has been taken offline. Twitter stated that they have not taken any action against Gab’s account.

Andrew Torba who founded Gab in 2016, claimed that the site picked up over 600,000 when Parler was de-platformed by AWS. As Parler struggled to find a new technology solution, Torba reached out to then Parler CEO John Matze through social media, offering advice for restarting Parler. Matze was fired from Parler on January 29, 2021, and says it was without cause or severance.

Gab has played prominently as one of the platforms used by insurrections to plan the storming of the U.S. Capitol on January 6, 2021. Users of the site posted videos and information about the Capitol, how to pry doors open, office locations, and videos of events inside the Capitol. After the failed coup, CEO Torba bragged Gab was adding 10,000 users per hour. The CEO also claimed they were working with law enforcement in their ongoing investigation of the attack but wouldn’t share any further details.

Gab, a microblogging site similar in concept to Twitter, became publicly available in May 2017. On October 27, 2018, neo-Nazi Robert Gregory Bowers killed 11 people at the Tree of Life Synagogue in Pittsburgh, Pennsylvania. His bio on Gab included statements such as, “Jews are the children of Satan,” and posted on his Gab account right before he attacked the temple, “Screw your optics, I’m going in.”

After the massacre, Gab suspended Bower’s account and cooperated with the FBI. The day after the shooting, PayPal, GoDaddy, with offices in Kirkland, and Medium terminated their business relationships with Gab. Gab’s host provider Joyent also ended its relationship, taking the site offline. On November 4, 2018, Epik Sofware agreed to be the registrar for the Gab domain.

Torba has been known to use these types of events to create publicity for himself and the social media platform. With the Twitter account deleted and the 521 error from Cloudflare, it appears there is more to this story than an attempt to make headlines.

Breaking News, National

From Russia with love, Parler finds a new host via Latin America

Parler, the alternative social media platform that was shut down after every vendor supporting them abandoned the service, is back up and running. Yesterday, the website was live again, displaying a welcome message.

Now seems like the right time to remind you all — both lovers and haters — why we started this platform. We believe privacy is paramount and free speech essential, especially on social media. Our aim has always been to provide a nonpartisan public square where individuals can enjoy and exercise their rights to both.

We will resolve any challenge before us and plan to welcome all of you back soon. We will not let civil discourse perish!”

In an exclusive phone call with Fox News, Parler CEO John Matze told the network, “I’m confident that by the end of the month, we’ll be back up.”

An Internet security expert told us, “Parler is using DDoS-Guard. Essentially, this is the Russian equivalent to CloudFlare that provides DDoS protection to a number of sites. The IP address is registered to DDoS-Guard with a Belize address, an administrative contact in Ecuador, and a Russian email address.

Last week, Parler secured domain hosting with Sammammish based, Epik Software. With Parler addressing the needs for domain registration and hosting, they are likely now building servers, installing software, and transferring their software and database onto the new infrastructure. Said our contact in Internet security, “How long until they’re up depending on how long it takes them to get all that done.

Breaking News, Local, National

EXCLUSIVE – Parler finds new domain host at Sammamish, Washington based Epik

4 Comments

UPDATED 1/12/21 @ 5:58 PM – added information on Epik connections to Neo-Nazi website Stormfront.

Tune in Monday, January 11, 2021, at 8 PM PST for the Malcontentment Happy Hour with David and Jennifer at MalcontentNews.TV. No subscription required.

[SAMAMMISH] – (Malcontent News) Alternative social media platform Parler may have found a new host with Sammamish, Washington based Epik. Public records show that the Parler domain was transferred to Epik on January 11, 2021, indicating the platform is at least on life support. Parler has touted itself as a free speech community similar to Twitter, without moderation. The service was plagued with security breaches, became a haven for hardcore pornography and the ideology of white nationalism.

Parler has been on a rollercoaster ride since the insurrection in Washington D.C., on January 6. Twitter put President Donald Trump on a 12-hour ban for three tweets they determined were inciteful to violence. The President removed the tweets in compliance with terms of service but issued two more inflammatory and dangerous tweets on Friday after his ban ended. Twitter, Facebook, and Instagram permanently banned the President, and by Saturday morning almost every social media platform had taken the same steps. President Trump tried to move to at least five more Twitter accounts, including the official POTUS account of the US government.

Parler rocketed to the number one downloaded app on the Google Play and Apple stores as the online drama unfolded, and shortly thereafter, Google removed the Parler app from their store. On Saturday Apple gave an ultimatum to Parler to add moderation or face being removed also. On the same day, Amazon announced they would no longer provide PaaS and SaaS infrastructure to Parler effective at midnight on Sunday.

A Puget Sound Internet security expert told Malcontent News “Parler has a new DNS registrar. Epik software is headquartered in Sammamish and it’s the same one used by 8chan, Gab, and The Daily Stormer. They don’t have servers up yet, but DNS is a critical part of Internet hosting.”

They went on to explain, “A DNS handles the translation of the domain name, such as “Google.com”, to an IP address, such as 198.51.100.23. This is so when a user goes to a site, they just type in “Google.com” and don’t have to remember an IP address. This also allows the site to change IP addresses if needed.”

“They don’t appear to have servers to actually host, but that’s likely a matter of time.”

Defiant Parler leadership indicated on Saturday morning that people were, “lining up to support them,” but by Sunday morning they revealed they may not be able to ever go forward with every supplier and vendor abandoning the company, including their legal team. Parler was reported to have removed a parlay from conspiracy theory lawyer L Lin Wood on Saturday, calling for the execution of Vice President Michael Pence. Attorney Wood is said to be under Secret Service investigation for his message.

In another blow, as the lights started to go out for the platform, hackers were able to download all of the public-facing information and “parlays,” the equivalent of tweets, from Parler. Hackers reported that EXIF data, which would include the date, time, and GPS location on uploaded pictures were not stripped from the data, representing a significant privacy breach for users.

This morning on Fox and Friends, Jeannie Pirro compared the services that left Parler to Kristallnacht and Nazi Germany. The First Amendment does not protect speech on privately owned platforms beyond some edge cases. The Amendment provides protection against government-backed censorship, prevents the establishment of a national religion, ensures the freedom of the press, freedom of assembly, and the right to seek redress of grievances. Social platforms such as Facebook, Twitter, and Instagram are private businesses, who operate on a, “we reserve the right to refuse service,” basis.

Epik is facing its own challenges as a hosting platform. PayPal recently terminated their relationship with the hosting provider, which provides hosting for the platform Gab, which is a haven for the Proud Boys, and Stormfront, a Neo-Nazi Holocaust-denying website.