Back

Anonymous Hacks Epik

379 points19 hours4chan.partyvan.epikfail.win
Lammy15 hours ago

>NOTORIOUS "HACKERS ON ESTRADIOL" PRESENT GRAND REVEAL

I love how this is a tongue-in-cheek reference to the "hackers on steroids" piece from 2007 https://www.youtube.com/watch?v=DNO6G4ApJQY

Redoubts5 hours ago

Surprised there’s no ascii art of programmer socks.

jtvjan4 hours ago

That's a 2016 meme. Much too recent.

markenqualitaet4 hours ago

I mean technically correct. I think cortisol would have been funnier tho.

EamonnMR6 hours ago

I love the old school memes (seven proxies, cowsay, nine thousand, the whole thing being a txt file.) Some early aughts charm right there.

hwers6 hours ago

Tells you something about the age of the hackers probably (over 30)

optimalsolver3 hours ago

The old boys ride again.

2OEH8eoCRo04 hours ago

Herd u liek mudkipz.

pnemonic4 hours ago

OMG I LOVE MUDKIPS (UNF UNF UNF)

jungleanimal10 hours ago

Anonymous strikes again, this time with a well known web registration company with a decade of data. This is a blatant example how poor security management leads to the hardship of thousands if not millions of regular people. Now their private details have a risk of being public and fully open to scrutiny. And its not just some simple data breach they allegedly stole domain purchases and transfers, account credentials of pretty much all their clients. Unacceptable. Embarrassing. They should be held accountable for all this if it comes out to be true.

qeternity9 hours ago

Epik’s lack of security is the least damning thing about Epik.

Google around for their very colorful history. These are bad hombres.

capableweb8 hours ago

Could you share something damning instead of referring people to search, as we probably will find different information.

As far as I can tell, Epik focused on hosting and DNS management for marginalized/excluded groups on the internet, so naturally they attract a lot of groups. Not sure why that'd be bad though.

Things like this also makes me actually like the company more:

> Pharmaceutical watchdog website LegitScript reported in 2018 that they had alerted Epik to the sale of illegal drugs and counterfeit medications on websites registered by Epik, and that Epik had refused to act upon the information without a court order

That's exactly how I want my hosting company to act, and any that don't are actively fragile.

From https://en.wikipedia.org/wiki/Epik_(company)

qeternity6 hours ago

I agree with you about Epik’s stance, although I believe they’re doing it for the wrong reasons.

Rob Monster for instance has expressed support for the KKK and claimed that the Christchurch shooting was a hoax.

I’ll defend with my life his right to say abhorrent things. But that also means I get to express myself and call him a bad dude.

+1
oefrha4 hours ago
lelandfe6 hours ago

Remember when a guy murdered 11 people in a Pittsburgh synagogue? When it was revealed the shooter had posted about it on Gab beforehand, every service powering the social network pulled the plug. Epik was who brought them back online.[0]

The hero of hate speech is not exactly a sterling reputation to have.

[0] https://www.wired.com/story/how-right-wing-social-media-site...

qeternity6 hours ago

I actually agree with the comment above: good speech doesn’t usually need defending…it’s almost always bad speech that does. But then again, I tend to side with free speech maximalists.

Rob Monster and crew are bad people because they actually believe this rhetoric, that’s why they defend it. They aren’t taking on a noble cause of defending free speech. They are defending speech with which they agree, and tends to be pretty shitty…that’s why they’re bad.

I don’t think they should be forced to stop, in fact I really hope the 1A is never diluted to that level. But the 1A cuts both ways: we get to sit back and talk about how awful Rob Monster is.

quantumwannabe4 hours ago

So you believe that Facebook should be shut down because the Christchurch shooter livestreamed his crime there?

megous3 hours ago

> Now their private details have a risk of being public

They are public. A simple torrent away.

hdhdheh6dhs3 hours ago

^ we found a nazi sympathizer here folks and or a guy who had nazi things hosted on epik who is now scared to be doxxed

robalfonso26 minutes ago

  Speaking to Gizmodo, Epik said they were unaware that they had been hacked, but would investigate.
What's interesting here is that if you are an ICANN accredited registrar there is a window in which you must report a breach to them, may be interesting to find if they have/have not reported said breach.
mcintyre199410 hours ago

Looks like they had access to their CDN at some point too: https://archive.is/traih

tcmart1410 hours ago

xD I love the PS down there in the bottom.

gfodor16 hours ago

Eventually the cloud is going to burst and everyone’s data will be public. The motive will be similar to this one, where a huge blast radius of collateral damage is accepted in the name of harming bad people. Seeing people eagerly download this data that surely includes countless amounts of personal info of non-Nazis shows this clearly.

peterthehacker12 hours ago

> Eventually the cloud is going to burst and everyone’s data will be public

Why? This was Epik being hacked not AWS or Azure. It’s just a domain registrar. And a shady one at that. Their lack of security is not indicative of the rest of the cloud.

southerntofu10 hours ago

Today on HN: https://news.ycombinator.com/item?id=28532531

Microsoft bundling a super-insecure root daemon in all their Linux VMs. They developed it, published it on Github, embedded it everywhere, but when it turned out to be a security nightmare blamed "open source supply chain".

heyitsguay16 hours ago

Fortunately, given the purported scope of the hack, it seems we'll be able to actually quantify that. How many of the websites weren't hosting violent or extremist content? If this is real, we should be able to get an exact percentage.

southerntofu10 hours ago

I would assume given any hosting provider, that most content would not be deemed "violent" or "extremist". But of course, it depends on your interpretation.

For example, some people consider radical servers from the anarchist scene to be hosting violent/extremist material, while i personally consider governments and big corporations to be pretty violent and extremist themselves in how they ruthlessly dominate the world.

Actions and speech are not neutral. It's all a matter of (political) perspective.

qeternity9 hours ago

Epik is not just “any” hosting provider. In fact, there’s no reason to use them unless you fall into the “unhostable” category elsewhere.

Their infra, peering and prices are way worse than pretty much everyone else.

dreadlordbone15 hours ago

I sure hope people don't jump to conclusions re what is violent or extremist.

pletsch15 hours ago

People jump to conclusions? On the internet? No, I don't think that likely

+2
651012 hours ago
iammisc12 hours ago

Twitter hosts violent and extremist contents. Now please give me jack Dorseys address, phone number, and social security card so we can exact justice /s

That there are people on this forum advocating for vigilantism is frightening. We are quickly approaching the point of lawlessness as a society.

toofy5 hours ago

well, we do have u.s. state governments putting vigilantism into law, and making sure the victims of this vigilantism pay the legal bills of the vigilantes, so at this point, i’m not sure we can clutch our pearls over something which after all these years has become routine (i.e., leaks)

rvz9 hours ago

There you go. Vigilantism is OK only if it doesn’t affect them. But when it does, the outrage is everywhere. To them, it seems that unauthorised access and leaking personal information even if innocents are involved is suddenly OK then?

That activity seems very extreme doesn't it over just reporting directly to the authorities.

This is best left to the authorities to deal with such issues rather than resorting to such extreme and illegal activities, no matter the cost or innocents affected.

kadoban16 hours ago

How many just regular folks would actually pick Epik? Why?

Syonyk15 hours ago

I intend to for future domain registration.

- Register.com is an annoying cesspool of value-add upsells and is extremely expensive in the process, with added cost to not have your personal info attached directly to your domain whois.

- GoDaddy, other than the creepy ads, has shown plenty of willingness to remove domains hosting content that they don't like, even if it's legal.

- I think Google is a registrar, but I'm not at all comfortable with how easy it might be to move my domain out of their grasp if I care to host my content somewhere else. I'm sure it's possible, I'm sure it has weird issues, and I'm certain there's zero support to talk to.

- Epik has, at least as far as I can tell, a reputation for simply hosting domain registrations, not asking questions, and ignoring just about every request for information.

Of those options, I'm fine with the last. I tend pretty hard towards the "free speech" side of the spectrum, and a registrar that will ignore anything short of a legitimate legal request from the authorities of the nation(s) they operate in is perfectly fine with me. Even if they host domains I consider distasteful, I'd rather support that than someone who will bow to public outrage and go snooping around domains looking for reasons to remove their registration (GoDaddy and Arfcom come to mind here).

There are probably other options, but those are the ones I know of, and why I'm intending to register future domains with Epik. I don't particularly care if a founder of a service is a scumbag in their personal life, as long as they reliably do what they promise to do.

burkaman15 hours ago

Epik "ended its relationship" with The Daily Stormer because of content hosted on the site and the "entanglement" (meaning PR issues). If you're not ok with that, then I don't think Epik is what you're looking for. If you are ok with it, then you can accept service providers disassociating themselves with "distasteful" clients, it's just a matter of exactly how distasteful they have to be.

Source: https://www.npr.org/2021/02/08/965448572/meet-the-man-behind...

+1
Syonyk15 hours ago
voldacar11 hours ago

they dumped 8chan as well

Lammy14 hours ago

> Epik has, at least as far as I can tell, a reputation for simply hosting domain registrations, not asking questions, and ignoring just about every request for information.

Give https://www.nearlyfreespeech.net/services/domains a shot.

I'm not affiliated aside from being a happy customer for over a decade. You can read their abuse-handling terms here: https://www.nearlyfreespeech.net/help/abuse

sophacles2 hours ago

They also have a reputation for securing your important PII behind unsalted md5 password lookups. Im not sure about the rest of their security, but if they screw up something as basic as storing passwords it does not imply good things about the rest of their infosec.

If you are concerned about getting your name off google because their systems are wierd, why wouldn't you be concerned with someone just stealing your domain from the insecure site by (e.g.) just logging in as you and initiating the transfer?

jackson144215 hours ago

Not sure of either of their policies, but I usually buy my domains from Dynadot then transfer the eligible ones to CloudFlare after the first year. Both are cheap, and I'm pretty sure CloudFlare tends to not divulge much information.

All my ICANN addresses are fake though so that's never been a concern for me.

rjzzleep4 hours ago

Maybe take a look at Gandi. GoDaddy has always been a terrible registrar. People used to recommend Namecheap because of that, but I think namecheap has limits on the length of certain records (which may be annoying for dkim).

In general there are a dozen registrars that are better than GoDaddy or Google without having to choose a right wing nutjob with bad security.

jumelles12 hours ago

Gandi? Namecheap?

syysilma13 hours ago

I've heard https://njal.la is pretty good.

+1
Syonyk13 hours ago
h_anna_h9 hours ago

I on the other hand know 3 people who got stonewalled by their support and were unable to use their domains.

hellbannedguy14 hours ago

Google is safe, simple, and they never bother you. I'm cheap, but will pay $13 just for piece of mind.

+3
chias14 hours ago
+1
ta98814 hours ago
conradev12 hours ago

I’m not sure why this is being downvoted

I receive email on my domain, which means that it is the root of all of my security. If you steal my domain or tweak my DNS, you can get my email, and you can reset my passwords.

I have some domains at Namecheap still. I have a FIDO2 key set up for their website, which is good, but I’m not sure that I trust their security. I trust Google more.

Google Domains actually has support, too

desine16 hours ago

If you truly believe in freedom of speech, it makes sense to support companies who enable those ideals. I'm not familiar enough with the company/drama/story here, but if Epik does not do anything "problematic" other than allow "problematic" speech, then I would consider them. A certain quote often mis-attributed to Voltaire comes to mind [0]. It appears they do have some lines drawn in the sand for free speech, they cancelled service for 8chan.

[0] : https://en.wikipedia.org/wiki/Evelyn_Beatrice_Hall

jonathanstrange9 hours ago

I don't think anyone really supports unlimited freedom of speech other than as a strategic rhetorical lip service. It's a very unreasonable position. What people mean is that they draw the line at different places, usually while ignoring the law.

People disagree about the definitions of crimes involving publication. For example, almost everyone is against the freedom to disseminate child porn under the excuse of "free speech." Then, some people are against free dissemination of ISIS propaganda, especially when it contains concrete calls for violence. Then again, disseminating Neonazi propaganda with similar calls for violence is not more legal than ISIS propaganda in most countries. Revenge porn and sites dedicated to slander and libel are prohibited in most jurisdictions, too.

The US has lax application of laws against right-wing calls for violence but is well-known to enforce against free speech if other groups like Islamists are involved. In the past, communists and civil rights advocates were also not too welcome. Other countries apply laws more stringently. In various modern and democratic countries content hosted by Stormfront is simply illegal and various posters on their forums commit crimes. Their servers would be raided and shut down by the police if they were under the country's jurisdiction. The US was never governed or occupied by full-blown Nazis, so it is only natural that people tend to be more liberal about these matters there, but that's more of a historical coincidence than an argument.

tcmart148 hours ago

Yup. The same republicans proud of their party history saw no issue with dragging people in front of congress for interrogation because they might be a communist (thought crime).

(House Un-American Activities Committee).

ohashi10 hours ago

I wouldn't support this borderline nutjob. Making employees watching a video of christchurch shooting and saying it was fake? Yeah, no. He has a lot of ties to extremist right wing too.

https://en.wikipedia.org/wiki/Rob_Monster#Views

MileyCyrax15 hours ago

I bought a domain name from a domain squatter who used Epik and there's a 60 day waiting period before I'm allowed to transfer the domain away.

Their site is one of the buggiest I've ever used (no, really), so this hack doesn't surprise me at all. Now I'm trying to remember how much personal information I would have given them.

mtnGoat11 hours ago

A wait period is reasonably common. I’ve ran into it a well, really annoying. I think it’s a lame ploy to drum up business.

kadoban4 hours ago

It's an ICANN requirement, it's universal as far as I know.

ZoF7 hours ago

No comment on Epik but that 60 day wait is almost certainly ICANN lock because whois data was updated. They don't have a choice.

oefrha8 hours ago

Find me a service open to the public and I’ll find you “nazi” customers by someone’s definition. Hell, people were and probably still are “boycotting” GitHub (as in, they put feel-good slogans in their profile while still using it) a while ago for having U.S. Immigrations and Customs Enforcement as a customer. I’m sure if someone manages to completely hack GitHub, they will post everyone’s private repos and billing info, and it’s a just cause because GitHub hosts code for horrible people.

veeti3 hours ago

I registered an account with Epik in 2017 before any notoriety over Gab or whatever (though I did not ultimately end up using their services). Apparently this justifies doxxing and slandering me as a neo-nazi.

Considering that Epik have been in operation for almost a decade before a pivot to extremist hosting, I would assume that the vast majority of this """noble""" hack concerns innocent people.

ev12 hours ago

I had one domain there in 2017-2018 due to some generic domain forum promo codes making them the cheapest. Didn't know of reputation or it wasn't obvious then, predates Parler existence, etc.

bogwog14 hours ago

I almost picked them a while back because I searched for "domain registrars" and they came up. Nowhere on the website did it say anything about neo-nazis, fascism, conspiracy theories, etc. Just seemed like a simple registrar with no GoDaddy-esque sleaziness, and a neat, memorable domain name.

So so happy that I ended up not signing up. I just wanted a domain for my personal site and email, but I would've ended up on a public list next to nazis.

opheliate6 hours ago

Ugh, I did. I was unaware of Epik’s “reputation”, I’d just heard the brand name before so I thought it must be alright. I would have gone with someone else, but most registrars don’t offer the TLD I wanted, and Epik seemed to have the best price amongst the registrars that did. Obviously regretting that decision now.

donatj9 hours ago

I’ve ran a website non-stop for over twenty years. I intend to keep it up as long as the internet exists. It’s not really had any major changes since 2008, but it’s a major source of nostalgia in my life. Beyond that it hosts my email address.

I was curious about prepaying for years of my domain in advance, and stumbled upon Erik.

Epik offers a “forever registration” where you get a domain “forever” for something like $500. I was seriously considering it before I heard about all the negative shit associated with them.

I suspect they’ve sold that service to at least a few average Joe’s.

ryan2915 hours ago

Sometimes they have the cheapest renewal rate for some of the TLDs, so if you're deal hunting on sites like tld-list.com you could end up registering via Epik.

Before today the only thing I knew about them was that they were the registrar for a few controversial domains. I didn't realize they were soliciting that market.

crocodiletears12 hours ago

I was considering moving my domains over. I'm tired of tech censorship, I don't want to support companies that engage in it without legal requirement.

BeFlatXIII1 hour ago

What would be extremely funny is if a different group of fake hactivists did a similar hack elsewhere but deliberately added junk data as a way to discredit all hactivism.

ryan2918 hours ago

Did anyone download it and look? This is huge if it's true isn't it? I don't want to download it because I don't know what the laws are, but I'm really interested to know if it's true. Rob Monster is a really big domain investor, right?

This is really big news if it's true.

Edit: I looked it up. Rob started Epik [1]. I wonder if that's really his password. Lol.

Edit 2: I wasn't aware of Epik's reputation either. I just knew they're a big (ish) registrar.

1. https://en.wikipedia.org/wiki/Rob_Monster

Natsu18 hours ago

I heard about it yesterday but only the release on Twitter, I haven't seen the torrent.

It will be interesting to see which media outlets report on it after so many adopted a policy of not reporting on hacked info.

zavertnik17 hours ago

The torrent is on her website, a few people tweeted that they finally had seeders, but I'm unsure if they got the entire archive.

I'm currently trying to download it now, but the torrent file is so large that it's crashing most torrent software (pico, deluge, webtorrent) I throw at it, on 2 machines!

NavinF11 hours ago

How big is it? I had similar issues downloading danbooru2020 (3.4TB), but rtorrent did the job with only ~5G RSS. Every other client used 4x the memory and never completed the download.

TaylorAlexander10 hours ago

Another commenter mentions that the actual .torrent file is 32MB.

fybs4 hours ago

it's 180 GB. transmission works fine.

adriancr10 hours ago

transmission seems fine

r72118 hours ago

From Emma Best (DDoSecrets)'s tweets it looks like it's unavailable at the moment (6h ago):

>There don't seem to be any active seeds and just under 0.5% seems to be available ATM, so... we'll see what happens!

https://twitter.com/NatSecGeek/status/1437827363505573896

commoner15 hours ago

It's possible that the source sharded the torrent payload and then distributed the shards among multiple "seeds" that are brought online/offline on a rolling schedule, to avoid being identified as the lone seed. Since none of the "seeds" have the entire payload, they are identified as peers (specifically, leechers) in the torrent client.

nebula880414 hours ago

This 30+ MB torrent file is choking ruTorrent and Deluge clients on my seedbox. Not sure how to fix it. Do you know of some alternative way to process such a large file? I have never seen such a large torrent file like this before.

+1
commoner14 hours ago
+1
cheeze14 hours ago
iszomer14 hours ago

I downloaded the torrent file and casually browsed the index but didn't want to waste my time, bandwidth, and storage for a 150+ GB dump.

Thorrez14 hours ago

Lest anyone be confused, this is Epik the web hosting company[1], not Epic Games the videogame company[2], or Epic Systems the healthcare software company[3].

[1] https://en.wikipedia.org/wiki/Epik_(company)

[2] https://en.wikipedia.org/wiki/Epic_Games

[3] https://en.wikipedia.org/wiki/Epic_Systems

LewisVerstappen12 hours ago

Nor is it Epic! the digital reading platform for kids[1], not EPIC the Electronic Privacy Information Center[2], or EPIC Provisions the company behind high protein meat snacks[3].

[1] https://www.getepic.com/

[2] https://epic.org/

[3] https://epicprovisions.com/

chrischen10 hours ago

While I wasn't going to get it confused with any other Epics, I had no idea what Epik with a K was.

Hackbraten7 hours ago

Neither is it Epyx, Inc., the venerable videogame company [1].

[1]: https://en.wikipedia.org/wiki/Epyx

atlanta902105 hours ago

Epyx published Jumpman on the Commodore 64. Loved that game.

wyldfire5 hours ago

I had thought that was by Epic (Megagames back then). I was wrong. Maybe I got Jumpman mixed up with Jill of the Jungle.

trymas11 hours ago

> Epik was founded in 2009 by Rob Monster

The founder's name is like from The Onion article.

junon7 hours ago

The whole site looks like it's parody information ("epic" with a K, "Rob Monster", nazi stuff, etc) but it becomes weirder when you realize they aren't parodying anything and all of it is accurate.

Applejinx6 hours ago

Very interesting that Anonymous went after them. I guess it just goes to show you that Anonymous is nobody's puppet, however much any given cause would like to consider them its personal army.

Apparently NOT Epik's personal army: far from it.

post_break4 hours ago

Thanks, I thought it was Epic Systems and was worried about all the healthcare data flowing.

petecooper11 hours ago

The linked .torrent file is ~30MB, and appears to be ~180GB of data with ~190,000 files. It's split into ~689,000 pieces of ~256KB, hence the comparatively large .torrent file overall.

schleck810 hours ago

I'm sure this will become a running gag, someone commenting epic/epik after large leaks

was_a_dev5 hours ago

Now that was epik

kgeist13 hours ago

Just a few days ago a Russian web host was hacked as well, with a similar statement. I guess they're all exploiting some recently discovered bug in web hosting software.

schleck811 hours ago

Not infrastructure related, but on monday the german anonymous collective managed to get a former IT admin of one of the largest covid conspiracy theorists to hand over his credentials, transferred all domains (he had ~ 10 aliases) and deleted his telegram channels

he still hasn't regained control -> https://www.attilahildmann.de/

southerntofu10 hours ago

Operation Tinfoil. Thanks for the link, love that!

banana_giraffe17 hours ago

Looks like the seeder is gone, but they were online just barely briefly enough to get the torrent metadata.

For those that are curious what's in there:

https://gist.github.com/Q726kbXuN/57f3825493d04867c3d192fd93...

wp3816409 hours ago

Wordpress with a bunch of plugins and a theme from themeforest. Figures.

I wouldn't be poking any bears had I been running that setup.

sieabahlpark17 hours ago

Looks like just a pretty standard WP frontend. Not really much of value.

1vuio0pswjnm716 hours ago

Thats because that page doesnt show the full list. Try this instead

https://gist.github.com/Q726kbXuN/57f3825493d04867c3d192fd93...

banana_giraffe16 hours ago

Or just click on "view the full file" to see the full list.

jungleanimal10 hours ago

All these recent hacks. Cant any of these companies use proper security experts? I mean they have the funds, why skip this and avoid all the backlash that comes with this. Its expensive but not as much as letting everyone know you messed up hard

southerntofu10 hours ago

Implementing security guidelines is not as easy as paying a security expert. You then have to follow their advice, which means security practice for all employees. It can be costly and cumbersome.

Of course, it would have reduced damaged, such as pointing out that unhashed or unsalted MD5 passwords in a database is... what we've stopped doing 20 years ago for good reasons? :)

But well, if you're a big hosting provider tailoring to white supremacist content, you usually don't need so much security, since apart from anonymous-adjacent antifascists pretty much everyone is licking your boots, including law enforcement. The biggest neonazi forums have been around for decades, and their biggest proponents are well hidden behind the walls of our police stations, banks and parliaments.

Love the reference to Woody Guthrie, too https://en.wikipedia.org/wiki/This_machine_kills_fascists

vmoore3 hours ago

> It can be costly and cumbersome

That's the opportunity cost of defending. It's like walking through treacle at times, but you have to visualize the worst case scenario in your head and act as if you're gonna get breached. You need to essentially enact the situation in your head so that it gives you the momentum you need to keep defending.

tcmart1410 hours ago

Yup. Security is a lot of time an after-thought and a burden to quiet a few companies since security is something that is not of immediate value. Last spring we had a speaker from northrup-grunman who talked about the need to push for a DevSecOps strategy.

southerntofu10 hours ago

> security is something that is not of immediate value

Yeah exactly. It's a huge cost upfront and zero immediate benefits. The investment is worth it to prevent losing value due to a breach, but unfortunately it seems pretty OK for for-profit companies to "loose" data from millions of their customers without facing any sort of consequences.

I'm not exactly saying it should be entirely okay for non-profits, but these generally don't have the resources/budget to ensure any form of security so i don't have the same standards. In my book, a for-profit business leaking user data due to preventable mistakes should be dissolved instantly by law for endangering uselessly their customers.

> we had a speaker from northrup-grunman

Uh. Sorry for you. These military industrial complex people have the best security advice, but they're the worst kind of humans.

tcmart149 hours ago

For the northrup-grunman, his advise made sense, but as vet I agree with you on the characterization.

As for the for-profit companies. For some reason there is not enough value placed on security in the eyes of the public. Sony is still a major player in the gaming industry, even though the massive hack years ago. Not saying Sony should not be in business, but I don't think it made any major impact on their ability to sell consoles. Security compromises don't seem to have nearly the same impact as other kinds of compromises.

bigbaguette10 hours ago

Have a look at the response headers (!)

milt7 hours ago

Thank you, those were a treat.

tomc198510 hours ago

Loving all the 2000s era meme references. What cultured taste.

vermilingua13 hours ago

> OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters)

I find it ironic that this is the first line of a “press release” from a group that was always defined by its nebulous nature.

southerntofu10 hours ago

I may be uninformed on this topic, but i believe this line to be tongue-in-cheek (like much of the announcement). How best to announce something for a very informal/anonymous collective?

Doctor_Fegg10 hours ago

It's very "People's Front of Judaea".

vermilingua8 hours ago

Reading it in that light makes a lot more sense.

Cthulhu_8 hours ago

Hello, I am an OFFICIAL representative of Anonymous and neither OFFICIAL ANONYMOUS and Anonymous Officials are not official Anonymous representative. Officially. I think.

¯\_(ツ)_/¯

boomboomsubban7 hours ago

It's a meme/reference to something, I just can't remember where it came from right now. Basically everything that isn't about the hack is a meme.

AllegedAlec10 hours ago

Yeah. For a group claiming to be Anonymous, they care a whole fucking lot about 'lmao muh politics' rather than doing shit for the lulz.

southerntofu10 hours ago

Why can't politics be fun? Also, do you remember a time when Anonymous wasn't about politics? I clearly remember some strong political positions against the Church of Scientology, against the surveillance apparatus, etc..

gurkendoktor9 hours ago

I don't disagree with what you wrote, but as far as 4chan has developed a style/brand, the tone of the page felt surprisingly non-edgy to me. Anons usually aren't known for unironically repeating media slogans, are they? ("Abortion is a human right!")

The mudkipz catchphrase was also very forced. Reminded me of the "hello fellow young people" meme. Of course, it might all be intentional.

tcmart148 hours ago

I believe Anonymous claimed to do a DOS on the DOJ website because of the arrest of Kevin Dotcom (2012). Operation Ferguson (2014). Operation Saudi (2013). Operation KKK (2015). Operation Avenge Asange (2011).

Quiet a few operations under the name of anonymous have had some sort of political or social motivation.

vmoore4 hours ago

Are they currently writing up a blogpost about this? Their blog has nothing: https://www.epik.com/blog/

And this is a megadump of a hack.

But you can buy a .MONSTER TLD For $1.49: https://www.epik.com/promos/monster

schleck83 hours ago

rob.monster is still available apparently

vmoore3 hours ago

Looks registered to me, but seems like it's parked:

https://whois.domaintools.com/rob.monster

    Domain Name: ROB.MONSTER
    Registry Domain ID: D98633729-CNIC
    Registrar WHOIS Server: whois.psi-usa.info
    Registrar URL: https://www.internetx.com/
    Updated Date: 2021-06-05T01:19:43.0Z
    Creation Date: 2019-04-01T14:00:01.0Z
    Registry Expiry Date: 2022-04-01T23:59:59.0Z
    Registrar: InternetX GmbH    
    Registrar IANA ID: 151
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Registrant Organization:
    Registrant State/Province: nrw
    Registrant Country: DE
    Registrant Email: Please query the RDDS service of the Registrar of Record identified in this 
    output for information on how to contact the Registrant, Admin, or Tech contact of the queried 
    domain name.
    Admin Email: Please query the RDDS service of the Registrar of Record identified in this 
    output for information on how to contact the Registrant, Admin, or Tech contact of the queried 
    domain name.
    Tech Email: Please query the RDDS service of the Registrar of Record identified in this output 
    for information on how to contact the Registrant, Admin, or Tech contact of the queried domain 
    name.
    Name Server: NS1.WESELLTHISDOMAIN.COM
    Name Server: NS2.WESELLTHISDOMAIN.COM
    Name Server: NS3.WESELLTHISDOMAIN.COM
    DNSSEC: unsigned
    Billing Email: Please query the RDDS service of the Registrar of Record identified in this 
    output for information on how to contact the Registrant, Admin, or Tech contact of the queried 
    domain name.
    Registrar Abuse Contact Email: 
    Registrar Abuse Contact Phone:
    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
ollybee4 hours ago

Not a great day for this HostBill to be announcing their new Epik integration.. https://twitter.com/hostbillappcom/status/143811349497348915...

r72118 hours ago
Threeve3032 hours ago

For every action, there must be an equal but opposite reaction.

throwawepik16 hours ago

There is a .swp file in the torrent:

> strings .whois.sql.swp

b0nano 5.4

anonymous

datahound

whois.sql

I tested on my machine and nano swap files contain the nano version (5.4), the username (anonymous), the hostname (datahound) and the filename (whois.sql).

southerntofu10 hours ago

Nice catch! I downvoted though, because helping to deanonymize antifascist hackers is against my ethics.

rijoja8 hours ago

The ethical thing to do when you find a security breach is to report it to them. If you support people who are willing to commit crime to get into power then I really hope that you take some time to think about your political convictions.

createunderrate2 hours ago

Quietly reporting a security breach to the company you breached will not make other companies think twice about mishandling the data of their users.

nextlevelwizard8 hours ago

So you are saying that this Epik company was run by fascists?

greyface-18 hours ago
CallMeJim14 hours ago

This has been updated to include a spiel about Kent Dahlgren.

I'm not aware of the story there — is there some sort of feud between the two parties?

user7647438 hours ago

just some drama between treehouses within anon, just like old times.

Beaver11714 hours ago

I don't get it, didn't anonymous start on 4chan? Why are they attacking this company which is hosting similar content? I thought anonymous used to only attack megacorps

southerntofu10 hours ago

Parts of the anonymous trend started on 4chan. However not everyone involved with anonymous is/was involved with 4chan, and it was also at a time when 4chan was more of an anonymous meme board and less of a pedo/nazi aggregator.

Anonymous doesn't only attack megacorps. First because anonymous is not a group so there's no central leadership to decide who to attack. Second because they're overall involved with fighting injustices of all kinds. It's not the first nazi-friendly site to get hacked by anonymous, but to my knowledge the first nazi-friendly webhost.

Also, depending on your understanding of what a megacorp is, Epik may very well qualify.

h_anna_h8 hours ago

> and it was also at a time when 4chan was more of an anonymous meme board and less of a pedo/nazi aggregator.

I will have to disagree here. The amount of illegal pedo content has dramatically decreased over the years. You would see people spamming it all the time around ~2008-2013 in /b/, while nowadays it is much more likely that you will see such content while browsing facebook.

As for nazi content, there are a lot more things that are considered nazi these days that were common back (such as calling people slurs as a generic insult), although since around the time of gamergate the amount of unironic actual nazis skyrocketed (as part of a wider social radicalization) and they stopped being shamed as much when posting in unrelated boards.

> Also, depending on your understanding of what a megacorp is, Epik may very well qualify.

I think that this is stretching the definition. I believe that most people would consider something of the size and reach of cokecola and mcdonalds as megacorps.

spywaregorilla5 hours ago

> nowadays it is much more likely that you will see such content while browsing facebook.

That sounds... unlikely? Unless you have a very specific set of friends?

drdeca13 hours ago

Anonymous isn’t really a single thing, is my impression. Anyone can write “-anonymous” at the end of a message.

SilverRed12 hours ago

It's also what shows up in the "username" section of posts for everyone except admins (maybe other cases)

woodruffw8 hours ago

One of the saddest and most effective media coups of the last decade has been the far right convincing the public that 4chan was always theirs. It started as an anonymous image board, one that an incredible number of people left when it became apparent that neo-Nazis had Poe’s Lawed themselves into the dominant user base.

> I thought anonymous used to only attack megacorps

Various individuals or groups labeling themselves “Anonymous” have operated during the Arab Spring, and after the murders of Tamir Rice and Michael Brown.

Applejinx6 hours ago

Very much this. I'm a bit surprised it took this long to see a backlash. Since /pol/, 4chan and Anonymous have spent far too much time as someone's personal army, despite that being always the disclaimer.

Scorpion and Pepe story… except strangely reversed. This would be the frog dumping the scorpion, after having been stung and used ruthlessly to serve the scorpion's selfish purposes for years. Very 4chan-like, to be able to survive a scorpion sting, but you can't poison poison, or meaningfully piss in an ocean of piss :)

nextlevelwizard8 hours ago

They aren't that far off. 4chan was always about counter culture.

woodruffw7 hours ago

Sure. But the site took a distinctly reactionary turn around 2010, and the community that’s on there now bears little resemblance to the one that occupied it from 2003 to 2013[1].

Put another way: it’s always been a cesspit, but it was a cesspit of a community. What passes for conversation on 4chan in 2021 appears to be neo-Nazis riling each other up.

[1]: On the bigger boards. The smaller ones are basically what they’ve always been, which lends further evidence to the point about the overwhelming majority of hate content coming from opportunistic reactionaries.

nextlevelwizard7 hours ago

As I said 4chan has always been about being counter culture. During early days 4chan was more liberal and Left leaning, then when government changed it switched. Had the Right held the office for longer 4chan would have again shifted more towards Left.

As for hacking and doxxing people you don't politically agree with just because of that, that sure wasn't the original "hacker known as 4chan" mentality. That was called "moralfagging" back in the day.

hsbauauvhabzb14 hours ago

Anonymous is a collective with different motives. even if it wasn’t, anonymous was never much more than opportunistic hacks painted to look political.

Cthulhu_8 hours ago

Just because they're on 4chan doesn't mean they agree with it.

agnesobel9 hours ago

Did anyone download this and confirm? Quite some news if this is all real

staticelf7 hours ago

While I think people should have good security and hash the passwords I honestly think the guys behind this are real scumbags.

Probably not going to happen, but it would be interesting with an arrest.

TheTester10 hours ago

"The Internet Hate Machine hates fascists."

Patently a certain lie. I would definitively not be that surprised if it turns out this is just some intelligence agency, posing as anonymous.

hplovecraftscat7 hours ago

Actually looks like fun to work for the CIA/Mossad... Getting to larp as hacktivists and do useless things like this that have zero impact on the elites/mic/zog but still have normies soy facing. Glows lel

mikedilger16 hours ago

Epik pushed back against the mob, particularly against Chad Loder who some consider (according to Andy Ngo) to be an Antifa extremist. No doubt this was retaliation. https://t.co/LUvexnk0fk

Jotra716 hours ago

Andy Ngo is a grifter.

BoHerfIVJrEsq12 hours ago

By what tortured definition of grifter? Normally what Ngo does is called journalism.

mikedilger16 hours ago

I'm being downed for reporting on the information that I have about this? Fine. Downvote me a thousands times I will not hold my tongue. ADD: I pointed out the info was from Andy Ngo so that people could take that into account according to their own view of him. EDIT2: Ok, I got the order of events backwards.

mikedilger15 hours ago

This is my final comment.

This account has been abandoned. Mike Dilger has lost faith in the Hacker News community. Mike Dilger would rather engage with retorts and argumentation than downvotes which just amount to an anonymous slap in the face, convey large amounts of emotion but zero information, and are frequently used punitively. BAD DESIGN. Goodbye. Since I can't delete my account I will scramble my password.

meepmorp5 hours ago

I downvoted you because of the hissy fit.

tasty_freeze13 hours ago

I'll give you feedback. Any time I come across a martyr saying "Go ahead and downvote me" I do so whether or not I agree with their position.

fidesomnes14 hours ago

looks like you are breaking with the consensus protocol. very not cool. unless all tech workers look the same, talk the same, and think the same, we will never achieve social justice. this is your final warning to comply.

smoldesu14 hours ago

It's also a shame that I can't read your comments to see if they were worthy of being at the bottom of the page. Bad design indeed.

pvg14 hours ago

Go to your profile and turn on showdead

BoHerfIVJrEsq14 hours ago

HN has evolved features for simultaneously doing wrong and hiding the evidence of that wrongdoing. When there's no evidence, who's to say HN isn't really a wonderful place where openminded and curious people have freewheeling discussions?

Edit: aaand I'm shadowbanned.

chairmanwow112 hours ago

uTorrent Web doesn't seem to understand this torrent file ¯\_(ツ)_/¯

vmception16 hours ago

> OFFICIAL ANONYMOUS (not to be confused with 'Anonymous Official' grifters)

They should sign an ethereum address to reduce ambiguity

(Any crypto asset address is fine, even PGP is good enough for this but PGP had 25 years to make that user friendly and common but failed, and cryptocurrencies made signing software more prevalent and uniform wayyyyy faster)

southerntofu10 hours ago

"PGP" is an algorithm, not an organization or movement, so you can't really say it failed. The algorithm is pretty good, though some implementations are really bad, and most programs who embed it have bad UX.

However, there's still some very good programs with good UX making use of PGP (for example delta.chat), and to this day no cryptomoney scam wallet has ever been as useful as PGP has over the years.

woodruffw8 hours ago

I’ve never heard PGP described as an algorithm before. I think it’s more accurate to describe it as a signing and encryption envelope standard, which internally supports a whole bunch of common encryption standards.

More generally, there’s broad consensus in the cryptographic community that PGP’s intended uses and design are fundamentally flawed/mismatched against modern actual uses.

Don’t get me wrong! Cryptocurrency is filled with shysters and I don’t use any of them. But we should probably be encouraging users to stop treating PGP over email as if it does anything and instead encourage them to switch to E2EE systems (since that’s what the majority actually want.)

vmception4 hours ago

"cryptomoney scam wallets" have likely secured many more deals with offline verification signatures over the past 5 years than PGP has over 25 years. no need to conflate that with transactions and value transfer. its just public and private key cryptography and inherits everything that PGP offers.

this algorithm has failed to proliferate outside of thin security conscious niches for an entire generation of internet users, and has been leapfrogged.

h_anna_h8 hours ago

> The algorithm is pretty good

It really isn't. It uses CFB and does not have a MAC, while the format is overly complicated for no reason.

iszomer14 hours ago

Signing in this context would be debatable, in that it may call into question of how much one would (personally) be willing to risk ownership claims of a crypto asset or content.

Remember when satellite.earth "pioneered" this idea for their platform? (not ragging on them but some of the content posted on there were insightful and unique)

vmception11 hours ago

I dont remember and I have no idea what you are alluding to

You can literally generate any public key / address hash that conforms with a blockchain and sign it and anyone can verify that you therefore control it

This has zero crypto assets involved and has no trail of assets so what are you talking about? If anyone sends funds to the address hash the owners can just tornado.cash it and withdraw it somewhere else with an instruction sent over the relay with no prior link to the funds or address. Its perfect right now. But what do you perceive?

smoldesu14 hours ago

Trust me, nobody wants to make crypto any easier to use either. What kind of company has interests in maintaining a zero-profit moneypit?

vmception14 hours ago

GPG Suite tried to charge for their email plugin, what a disaster that was

Cryptocurrency address signing and wallets inherit the whole feature set so might as well run with that

AllegedAlec10 hours ago

> Time to find out who in your family secretly ran an Ivermectin horse porn fetish site, disinfo publishing outfit, or yet another QAnon hellhole.

> Decloak origin IPs of nazi websites for further investigation, poking, prodding!

> Map out a decade of online fash with a level of clarity nobody has been able to UNTIL NOW!

> Support your starving hacktivists, and they will bless you in turn.

> So long, for now! Support #OperationJane and mess with Texas today!

> Abortion is a human right!

Yeah... This is not Anonymous. This is a bunch of people larping as them.

twistslider10 hours ago

Anyone can claim to be part of Anonymous, that's kind of the point. It's not an official group with representatives or any kind of official viewpoints. All you need to do is say you're part of Anonymous and that's it, no 'larping' required.

cbg010 hours ago

I think the larping is actually mandatory if you want to pose as Anonymous.

mekkkkkk6 hours ago

Anonymous is a meme in itself. Claiming "these are not the real Anonymous" is playing into the meme.

hnsaidstuff5 hours ago

100% correct. This has been the case since sometime around Occupy Wall Street when various accounts related to Operation Clambake/Scientology anons were given away to a completely cringey set of pro-globalist ideologues who want to pretend they're the same group of people for the supposed clout. Anyone actually familiar just finds it embarrassing.

Cthulhu_7 hours ago

There is no one Anonymous, just like there is no one "antifa" or one "black lives matter"; it's a movement, a conviction, not an organized entity.

I mean who is the leader of anonymous? Who is the leader of "antifa"? BLM?

TL;DR you don't really get internet trolls / anarchists / unorganized entities operating under a shared name.

Applejinx6 hours ago

So you're saying Anonymous IS someone's personal army, and that this contradicts the rules of that personal army's conduct?

Big if true.

duemti9 hours ago

yep

mam215 hours ago

Anyone thinks its a apple employee who did the hack ?

pjerem12 hours ago

Not Epic Games but Epik.

But nevertheless, in the real world, Apple employees don’t care much about Epic Games. A lot of them probably have a personal account on Epic Games Store to get their free games. Like the random people they are.

Pay attention to not mix up the marketing bullshit drama of those companies around this trial with the humans working for theses companies. I doubt anyone working in there is bothered with this trial (appart from legal departments).

Thorrez13 hours ago

This wasn't Epic Games, which is in a lawsuit with Apple. This was Epik, a webhosting company.

genr88 hours ago

One step closer to anarcho-tyranny. Anonymous has become the Antifa of the Internet. Basically a far-left strike force, cloaked but public, with enough plausible deniability that the 3 letter agencies allow to exist because they can do things beyond the law - as long as they dont go after the gov... One has to wonder why they are so focused on [Combating far right extremism and misinformation] when it's clearly designed to benefit the overall establishment system status-quo. Even _if_ this whole Operation Jane anti anti-abortion-law texas hacktivism politics made sense to someone, it now has a much larger effect on the internet as a whole. Epik - one of the last hosting providers on the internet in favor of absolute free speech (within the law) that still exists. The risk/reward equation doesnt add up. More innocent rights are being violated with this hack alone compared to saving womens abortion rights.

lizkm7 hours ago

>One has to wonder why they are so focused on [Combating far right extremism and misinformation] when it's clearly designed to benefit the overall establishment system status-quo

Far right extremism is a threat to the status quo of open and tolerant liberal democracy, yes, you are correct.

Cthulhu_8 hours ago

Is being anti-fascist a bad thing now? Wasn't there a bloody war fought over that?

I thought the default was to be against fascism? It's the kind of thing where you approve of it if you're not explicitly against it.

Also, are you implying Epik is fascist? I mean you're not wrong.

chroem-7 hours ago

What's the difference between an anti-fascist and a fascist if they use the same tactics? Two weeks ago "anti-fascists" opened fire into a crowd of peaceful demonstrators in my state's capitol.

nextlevelwizard8 hours ago

Quite a LARP you have going on there.

Applejinx6 hours ago

Probably also anon, but more /pol/ of recent years.

kitd8 hours ago

Well, if they've nothing to hide, they've nothing to fear. That's what me & my innocent rights have been told all this time.