Anonymous Hacks Far-Right Web Host Epik, Leaks Decade of Client Data

I keep telling people, get off the internet. Not entirely, but try to get personal info off of there. Back off of social media. It’s just not safe. For anyone.

It’s all fun and games, until you get doxxed, and a mob shows up at your door, frightening your kids into the house and hurling abuses. Yikes.

anna ~ grace said:

I keep telling people, get off the internet. Not entirely, but try to get personal info off of there. Back off of social media. It’s just not safe. For anyone.

It’s all fun and games, until you get doxxed, and a mob shows up at your door, frightening your kids into the house and hurling abuses. Yikes.

Click to expand...

..or maybe don't pretend the internet will allow one to live a double-life undiscovered...as the real estate agent in Florida discovered.

wing2000 said:

..or maybe don't pretend the internet will allow one to live a double-life undiscovered...as the real estate agent in Florida discovered.

Click to expand...

Anyone encouraging people to move to Florida is pretty suspicious in the first place, I'd say.

It's not at all surprising that the Tech Trust will resort to crime to maintain their monopoly...

SoldierOfTheKing said:

It's not at all surprising that the Tech Trust will resort to crime to maintain their monopoly...

Click to expand...

What exactly are you insinuating here ?

Unclear if it's part of the same hack, but

Data from Oath Keepers leaked online after alleged hack

The hack includes, among other things, the militia’s Rocket.Chat server, an open source communication platform where members coalesce. An older archive details messages made in June 2020 while a second cache shows messages sent from March 2021 up until Sept. 19.

More than 10,000 emails from the inboxes of high-profile members including state chapter leaders were also found in the breach, with dates ranging from Jan. 13 to Sept. 19.

A membership list for the organization contains more than 38,000 email addresses, although it’s unclear which are linked to current and former members. The email addresses in some instances are also tied to names, physical addresses, phone numbers, IP addresses, and donation amounts made to the militia. Official U.S. military email addresses are also littered throughout the breach.

iluvatar5150 said:

Anonymous leaks gigabytes of data from alt-right web host Epik

Hacktivist collective Anonymous claims to have obtained gigabytes of data from Epik, which provides domain name, hosting, and DNS services for a variety of clients. These include the Texas GOP, Gab, Parler, and 8chan, among other right-wing sites. The stolen data has been released as a torrent. The hacktivist collective says that the data set, which is over 180GB in size, contains a "decade's worth of data from the company."

Anonymous says the data set is "all that's needed to trace actual ownership and management of the fascist side of the Internet that has eluded researchers, activists, and, well, just about everybody." If this information is correct, Epik's customers' data and identities could now fall into the hands of activists, researchers, and just about anyone curious enough to take a peek.

Epik is a domain registrar and web services provider known to serve right-wing clients, some of which have been turned down by more mainstream IT providers due to the objectionable and sometimes illicit content hosted by the clients.

Twitter account tracking some of the developments:
https://twitter.com/epikfailsnippet

One of their explainer threads, in a readable format:
Thread by @epikfailsnippet on Thread Reader App​

Click to expand...

Fascists have always been socialists and communists.

NAZI stands for National SOCIALIST Workers Party

USSR Union of SOCIALIST Soviet Republic.

chad kincham said:

Fascists have always been socialists and communists.

NAZI stands for National SOCIALIST Workers Party

USSR Union of SOCIALIST Soviet Republic.

Click to expand...

Yeah, and North Korea is officially the Democratic People's Republic of Korea.

Oh, and People's Republic of China.
And, Syrian Arab Republic.

chad kincham said:

Fascists have always been socialists and communists.

NAZI stands for National SOCIALIST Workers Party

USSR Union of SOCIALIST Soviet Republic.

Click to expand...

Democratic People's Republic of Korea. I guess you had some point to make.

essentialsaltes said:

Unclear if it's part of the same hack, but

Data from Oath Keepers leaked online after alleged hack

A membership list for the organization contains more than 38,000 email addresses

Click to expand...

ProPublica identified [North Carolina state representative] Clampitt and 47 more state and local government officials on the list, all Republicans: 10 sitting state lawmakers; two former state representatives; one current state assembly candidate; a state legislative aide; a city council assistant; county commissioners in Indiana, Arizona and North Carolina; two town aldermen; sheriffs or constables in Montana, Texas and Kentucky; state investigators in Texas and Louisiana; and a New Jersey town’s public works director.

Background on Oath Keepers.

essentialsaltes said:

Unclear if it's part of the same hack, but

Data from Oath Keepers leaked online after alleged hack
A membership list for the organization contains more than 38,000 email addresses, although it’s unclear which are linked to current and former members. The email addresses in some instances are also tied to names, physical addresses, phone numbers, IP addresses, and donation amounts made to the militia. Official U.S. military email addresses are also littered throughout the breach.

Click to expand...

The names of hundreds of U.S. law enforcement officers, elected officials and military members appear on the leaked membership rolls of a far-right extremist group that’s accused of playing a key role in the Jan. 6, 2021, insurrection at the U.S. Capitol, according to a report released Wednesday.

essentialsaltes said:

The names of hundreds of U.S. law enforcement officers, elected officials and military members appear on the leaked membership rolls of a far-right extremist group that’s accused of playing a key role in the Jan. 6, 2021, insurrection at the U.S. Capitol, according to a report released Wednesday.

Click to expand...

This could be an interesting tidbit…but right now just looks like the ADL is beating-the-drum to see if it’s going to rain.

Strathos said:

I thought 'Anonymous' and 4chan were some of the biggest breeding grounds of the 'alt-right' internet culture in the first place.

Click to expand...

You could just say "breeding ground for internet culture".

Pommer said:

This could be an interesting tidbit…but right now just looks like the ADL is beating-the-drum to see if it’s going to rain.

Click to expand...

The ADL was founded by Jews to prevent the good people of Georgia from lynching Jews convicted by good Georgian juries in murder cases when Jews kill teenage workers in a pencil factory, hardly a reliable or unbiased source.

Anyway, Jews don't beat drums to make it rain, that's cultural appropriation, the Jews have other ways to make it rain.

essentialsaltes said:

After the Capitol riot, ‘Stop the Steal’ organizer Ali Alexander was scrambling to hide his digital footprint
[Most] domains owned by Alexander were tied to the Stop the Steal movement. The Daily Dot was able to obtain a list of 57 such domains.
Also
ChristianNationalism.us
CommunionOfPatriots.com
JoeBidenIsSick.com

Click to expand...

Alexander has made it clear who he considers enemies. And now...

Even working in tech (a lot of it in the InfoSec realm), I still chuckle a bit at the premise of a "decentralized leaderless activist network" taking credit for a hack under a moniker.

If it's a "leaderless movement", and there's no official structure to it, and literally anyone with a Guy Fawkes mask they got on amazon can claim affiliation, seems silly to say "Anonymous hacked XYZ".

Either there is an secret organization structure or (inner circle) of a select few people who actually know what they're doing, and let everyone else do "hacker cosplay" because it creates the "I am Spartacus" effect when it comes time to try to bust someone for crimes, or it's not a group at all, and it's just become the "universal standard" for wiping off fingerprints at the scene of the crime, which would make it silly to credit the hack in that way, the same way it would be silly to assume that any illegal gun dealer who scratches off serial numbers must be part of the same syndicate.



And just as a little insight as someone who's helped on the "breach recovery" for numerous clients over the years, most "hacks" aren't even "hacks" like people think of them (some elite computer guy surrounded by 15 monitors in a darkened warehouse feverishly typing things for hours on end at a command line and then saying "I'm in!!!") For every instance where it was some tech savant exploiting a zero-day or finding a way to crack the security infrastructure of some multi-billion dollar entity or agency, there's 5 instances where it's something more like

"Former employee left on bad terms, and company forgot to deactivate his account and/or neglected to change passwords on service accounts"
...or...
"Malicious dev who wants to impress people online creates their own vulnerability in the code, and then checks the code back into the repo with the lines removed, and then posts it online claiming they "found" an exploit."

Or the even less technical:

"Disgruntled person who knew they were planning on leaving downloading a bunch of stuff to their own private drive before they turned in their notice, then simply giving it to someone else on a message board at a later date"