Tag Archives: hackers

Breaking News, LGBTQIA, Local, National

Anonymous hack of Epik reveals a devastating amount of information

1 Comment

[SAMMAMISH, Wash.] – (MTN) An examination of the Epik Software data released by Anonymous has security experts concluding the claims made by the shadowy organization are true, and it will be a devastating blow. “This is the Panama Papers for hate groups,” a researcher told us after reviewing just part of the 180GB of information retrieved. “In all my years, I have never seen a breach of a domain registrar to this scale. The lack of security to protect this information is breathtaking.”

To understand the significance of the hack and the role Epik has played in platforming hate speech, the history of the company and its founder needs to be examined.

A Brief History of Epik and its CEO, Rob Monster

Epik, located in Sammamish, Washington, was founded in 2009 by Rob Monster, the CEO of the domain registrar and web hosting company. For the first ten years, the company largely remained out of the public eye. Mr. Monster (that is his real name) was known locally for founding a market research company, where the board of directors ousted him and serving as an interim CEO of Digitaltown. In closer circles, Monster’s extreme views on race were an open secret. Everything changed on November 5, 2018.

Gab, a Twitter alternative used by extremists and far-right groups, was thrust into the national spotlight after the Pittsburgh synagogue shooting on October 27, 2018, which left 11 dead and 6 wounded. The massacre was carried out by Robert Gregory Bowers, 46 at the time. Bowers had used Gab to threaten Jews and posted his plans on the site shortly before the massacre happened. It received messages of encouragement and support, and site admins did nothing to warn authorities under the banner of protecting free speech. GoDaddy was the domain registrar for Gab and terminated their services, knocking Gab off the Internet. Epik became the registrar in November, and Gab returned.

In 2019 Epik made a series of acquisitions, including BitMitigate, a cybersecurity firm, and Sibyl Systems, a company providing hosting services for the website Gab. Little is known about Sibyl Systems, including the nation the company is located in or its services. In August of 2019, after 8chan lost its domain and hosting providers, Epik became the site’s host provider.

8Chan, a popular site among extremists and adherents of QAnon, was taken offline after the August 3, 2019, El Paso Walmart shooting that left 23 dead and 23 wounded. Patrick Wood Crusius, 21 at the time, posted a manifesto on 8Chan. That decision proved to be a bridge too far for many service providers and ultimately for Epik itself.

In the 12 months that followed, Amazon Web Services limited some services while Linode and PayPal severed ties with the company. PayPal terminated their relationship with Epik over concerns that the company had the potential to use the PayPal platform for money laundering and tax evasion. Epik created a currency for its customers called “Masterbucks,” which used PayPal as the backbone. In the end, Epik dropped 8chan.

Rob Monster became a cause celebre among Republicans, political conservatives, and those with more extreme views. Epik cemented itself as the domain and host provider for the far-right, and in January 2021, rescued the Twitter alternative Parler, another online platform used by political extremists.

Monster has described himself as a Chrisitan and a libertarian, while others describe a man who has become increasingly radicalized in the last five years. A recent article in Bloomberg Business Week about Nick Lim, the founder of VanwaTech, which provides technical and hosting services to some of the most extreme websites on the planet, highlighted the relationship between Lim and Monster.

“At that point, Epik had spent years in the mundane business of nonideological domain registration, and Rob Monster, its awkwardly named chief executive officer, had a reputation for personally handling customer service calls and posting on arcane industry forums. But Monster had also been radicalized during the Trump years, subjecting his staff to florid conspiracy theories in staff meetings and spending more and more of his energy on politically charged work at Epik.”

“Around this time, Lim and Monster began collaborating. It’s not clear how they met, but they quickly grew close, with Monster becoming a kind of mentor to Lim, according to Joseph Peterson, then Epik’s director of operations.”

In the years that followed, Epik’s business relationship with Gab was a honeypot for like thinkers. The Republican Party and its most extreme supporters, churches, hate groups, individuals, and platforms that support extremists rushed to become clients of Epik. Those decisions are going to prove to be very costly.

The Anonymous hack of Epik

On September 11, 2021, a Texas GOP website, texasgop.org, was hacked by Anonymous. The hack was done in response to a recently passed Texas anti-abortion law, the most restrictive in the United States. While the hack was schadenfreude fodder on social media, for Anonymous it was a lot more. It was the first shot over the bow of Epik, the domain registrar for texasgop.org.

On Monday, Anonymous reported that they had hacked Epik and released 180GB of data in a press release. Anonymous claimed they had 10 years of information in the release, including all domain purchases, domain transfers, whois history, DNS changes, mail forwarders, payment history (no credit cards), account credentials including passwords, and GitHub repositories. Our researchers’ conclusion last night? It’s true, all of it.

Reporter Steven Monacelli broke the hacking news on Twitter. A few hours later, Rob Monster replied to the tweet and called the hack “a nothing burger.”

Epik’s own website was hacked late Monday night, with an FAQ entry mocking CEO Rob Monster. The FAQ entry was public for hours before being removed.

Epik website was hacked on Monday night with an FAQ entry about the Anonymous hack

Last night, researchers were pouring through the information. Among the thousands of innocuous sites for yoga studios and home renovations, the information on who is behind some of the most notorious websites on the Internet was in plain view. Nazi sites, anti-Semitic sites, QAnon, misinformation on COVID, elections, and doxing sites. Sites that illegally sell guns, drugs and are involved in human trafficking and prostitution.

Epik customers who used the company’s anonymizing services were left unprotected. Although the information was stored in a different database, it was easily cross-referenced to the list of domain owners. Incredibly, none of the data was “encrypted at rest.”

The reaction has already been swift. Joey Camp, an agent provocateur from Colorado, was one of the first individuals outed from the hack. Within hours he has already issued threats online and is making claims the hack isn’t real. Not only is it real, but the information shows the list of websites Camp owns, including ones that aren’t as openly attached to his personal brand. A cluster of dozens of pro-Trump websites is connected back to a medical doctor in California.

A security expert we talked to concluded, “It would be like locking the door of the bank at night but leaving the alarm off and the vault open.” For Republican leadership, religious conservatives, and the people backing misinformation, hate, and extremists websites, this is only the beginning of the problems that will lie ahead. Passwords can be changed and websites hardened to prevent transfers or attacks, but the who’s who behind online hate is available to the world.

BIPOC, Breaking News, LGBTQIA, Local, National

BREAKING: DNS and host provider Epik Software hacked by Anonymous

4 Comments

An update to this story is available: Anonymous hack of Epik reveals a devastating amount of information

Editor’s Note: This story has been updated to reflect the amount of data hacked is 180GB.

[Sammamish, Wash.] – (MTN) Sammamish, Washington based Epik Sofware, the controversial DNS and host provider for websites and apps such as Parler, Gab, and 8Chan was breached by the hacker group Anonymous. The organization announced they were able to access and download ten years of data, with most of it unencrypted. In a message posted by the group, they provided details to access founder Rob Monster’s e-mails, as proof of their claims.

Epik Software provides hosting and DNS to thousands of websites, most involved in the dark corners of the web that spread hate, discuss and plan domestic terrorism, platform QAnon conspiracies, and spread disinformation. A DNS is similar to the physical address of a home or business. Websites use an IP address, which could be thought of as latitude and longitude for a physical location. Most people won’t navigate to an address using that data and instead will look for “100 Main Street.” A DNS provider enables a URL (or multiple URLs) to point to an IP to a common URL.

The potential information on the people or business behind sites such as Parler, Gab, The Storm Front, prolifewhistleblower, 8Chan, BitChute, and Patriot.win, to list a few. Additionally, Anonymous is claiming they have passwords, internal communications, and other data going back ten years. For some sites and apps such as Parler, most information is already known. The bigger reveal could expose thousands of people involved in websites that peddle suicide advice, medical misinformation, and support QAnon.

One-hundred-and-eighty gigabytes of compressed data were released and currently, several sources are working to verify the data and make it usable for researchers and journalists.

The company based out of Sammamish, Washington, and run by Rob Monster, operates under the banner of protecting First Amendment rights. However, the company has a history of not cooperating with criminal investigations when websites have crossed lines into potential criminal behavior.

The company recently made headlines for providing DNS services to the Texas website prolifewhistleblower, after GoDaddy booted the site. The website was created so people could report anyone helping a Texas resident gain access to an abortion, and earn a $10,000 bounty. Less than a week after Epik became the DNS, their legal team also dropped the website. GoDaddy has offices in Kirkland, Washington.

BIPOC, Breaking News, Local

Lake Washington School District site hacked by white nationalists

1 Comment

[KIRKLAND] – (MTN) White Nationalists hacked the Lake Washington School District website and replaced the homepage and other resources with offensive and racist content on Thursday. Reports of the site being defaced spread quickly on social media during the afternoon hours.

The website was restored briefly by officials, but moments later returned to its defaced state. The content was so offensive, Facebook was removing screenshots of images people were sharing.

Additionally, some people received an offensive message from a school district e-mail address named, “Very Important! Heil Hitler.” The content contained the same graphic and a similar message that was on the website.

The homepage of the website displayed a small graphic of what appeared to be a woman dressed as a German World War II SS soldier and a swastika. The site then had a list of racial slurs and praised Brenton Tarrant, Anders Breivik, Timothy McVeigh, and Dylann Roof. Brenton Tarrant was a mass killer in New Zealand, Anders Breivik a mass killer in Norway, Timothy McVeigh was the Oklahoma City Bomber, and Dylann Roof executed nine people in a historic Black church in South Carolina.

The Lake Washington School District released the following statement:

Just after 4:00 p.m. on Thursday, June 17, we received reports of a hack to our district’s website and all of its pages. The page that was presented as part of the hack included vile, disgusting and disturbing language that is filled with hate, racism and is completely unacceptable. Lake Washington School District (LWSD) does not, in any way, condone this type of language and we are saddened that this action is intentionally trying to hurt people of certain races and cultures. We will get to the bottom of this hack and in the meantime we want to apologize to everyone who had to see this page, and we especially want to say our sincerest apologies to anyone who may have felt personally impacted by this. LWSD is committed to all of our students, staff and families, and in this moment, we stand united in protecting our community as anti-racist educators and leaders. We will continue to provide updates as necessary.

Editor’s note: Our service agreements with Google News and NewsBreak prevent us from sharing these images on those services. If you want to see the photo gallery you will need to visit using a PC, Mac, iOS, or Android web browser such as Chrome, Edge, or Safari. Viewer discretion is advised.

[Best_Wordpress_Gallery id=”53″ gal_title=”Lake Washington Website Hack”]

The image also declared, “long live Evropa,” and 14/88.

Evropa is a possible reference to Identity Evropa, a white nationalist group that is aligned to identity politics. On May 31, 2020, Identity Evropa created a fake Twitter account declaring that Antifa and Black Lives Matter protesters were coming to the suburban and rural areas on June 1, initiating near panic in some communities, including the local town of Snohomish.

The number 14 is code for 14 words, a white nationalist view of, “We must secure the existence of our people and a future for white children,” according to the ADL. The 88 is code for “Heil Hitler,” with H being the eighth letter in the alphabet.

The Lake Washington School District website currently has a single message, “We’re experiencing technical difficulties and are working on restoring service. Thank you for your patience.”

Dylann Roof, a person highlighted in the hack, executed 9 Black members of the Emanuel African American Methodist Episcopal Church six years ago today. The timing of the hack may just be coincidental, or coordinated to commemorate the horrific event.

Roof was taken alive by police in Shelby, North Carolina, who received harsh criticism for taking him to Burger King before booking him into jail. Roof boldly confessed to the massacre and stated to authorities he hoped to start a Race War. His racist views were formed after the 2012 death of Trayvon Martin. He was convicted of 33 crimes in federal court on December 15, 2016, and 13 additional state crimes in South Carolina on March 31, 2017. He was sentenced to death in federal court and made a plea deal to serve nine consecutive life terms without the possibility of parole in South Carolina.

Roof appealed his death sentence in federal court on May 25, 2021.

Local, National

No, you don’t need to panic buy gasoline or diesel fuel, and no one needed to either

[SEATTLE] – (MTN) Yesterday scattered reports came in through the Puget Sound region of longer than normal lines at some gas stations as news spread of shortages in several southeastern states. Overnight the national average for the price of gasoline broke $3.00 a gallon for the first time in 7 years, while scenes of hoarding gasoline into tubs, trashcans, and in one case a plastic bag flooded the Internet. Anyone worried about gasoline shortages in the Pacific Northwest can relax, and so can almost all Americans.

The Colonial Pipeline feeds 45% of the gas, diesel, and aviation fuel used on the east coast from Texas to the northeastern states. The line was crippled by a Russian ransomware attack on Friday, and pipeline managers had to shut down operations to keep the attack from spreading to other systems. Over the weekend it appeared that operations would resume by Tuesday, but then officials said it may not be until May 15, or longer. That’s when the panic buying started.

On the east coast, Asheville, North Carolina was one of the first cities to report gasoline station closings, and spot closures spread through mostly southeastern states. According to TTAC, only 7% of the gas stations in the southeast were reporting they had run out of fuel. Like toilet paper just a year ago, buyers rushed to gas stations to buy every last drop, filling every container, including unsafe ones, with the fuel.

The issue spiraled from the comical to the dystopian with fights breaking out at gas stations. In North Carolina, 2 people were arrested after a fight described as, “wild,” erupted after a woman tried to cut into a queue for gas, and then rammed a car.

The Pacific Northwest is nearly a closed-loop for vehicle and aviation fuel. The Pacific Ocean and the Rocky Mountains create natural boundaries that make it challenging to ship crude and refined products to our region.

For oil tankers, the trip from the Middle East is a long journey to our corner of the country. The Rocky Mountains prevent large pipelines from reaching our region, so almost all of the crude oil that is turned into fuel for the Pacific Northwest comes from Alaska and is refined in Washington state. Because refineries have to be calibrated to accept certain crude oil products based on the viscosity and how sour it is, using Canada tar sand oil isn’t a viable alternative.

Because Washington and Oregon, and parts of Idaho and California, are in this isolated region our supply is unique and isolated from disruptions east of the Rockies. However, our region is not isolated from national price fluctuations. The Pacific Northwest bears the brunt of market price increases when national averages increase, even when our supply chain isn’t disrupted. There is additional price pressure with the Memorial Day weekend, and the start of driving season, less than 3 weeks away.

Earlier today, officials from Colonial Pipeline announced that fuel was once again flowing, days ahead of schedule. It will take several days for the fuel supply to stabilize, but the best thing consumers can do is not panic buy.

The Russian hacker group DarkSide claimed responsibility for the ransomware attack, but stated they were only interested in making money, and not committing an act of aggression. Russian officials distanced themselves from the group, citing they had no involvement in the hack, and that it was not state-sanctioned.

Over a 9 month period in 2020, the Russian government committed a series of cyberattacks on multiple United States government agencies in what is called the worst breach of government data security in history. Known as the SolarWinds attack, Russian agents used software vulnerabilities within SolarWinds, VMware, and Microsoft. The scope of the attack was revealed in December 2020.

BIPOC, Editorial, LGBTQIA, Local, National

Malcontentment Happy Hour: May 10, 2021

Video

Our live webcast from the former Seattle Anarchist Jurisdiction

The show from May 10, 2021, featured David Obelcz and our co-host Jennifer Smith. Patrons at the $5 and above level get access to our show notes and research documents.

  • Toyota campaign contribution story made our readers salty
  • Colonial Pipeline shutdown committed by Russian hackers
  • No one is talking about the AAHM raid done by the King County Sheriff
  • Franklin Graham coming to Bellevue and protests planned – controversy explained
  • Democracy vouchers explained
  • Jenny Durkan’s Textgate
  • Seattle Deputy Mayor Casey Sixkiller enters the 2021 mayor race
  • Angelyiah Lim wins the 2020 Lee Johnson Community Service Award