110,000 Affected by Epik Breach - Including Those Who Trusted Epik to Hide Their Identity (washingtonpost.com) 112
Epik's massive data breach is already affecting lives. Today the Washington Post describes a real estate agent in Pompano Beach who urged buyers on Facebook to move to "the most beautiful State." His name and personal details "were found on invoices suggesting he had once paid for websites with names such as racisminc.com, whitesencyclopedia.com, christiansagainstisrael.com and theholocaustisfake.com". The real estate brokerage where he worked then dropped him as an agent. The brokerage's owner told the Post they didn't "want to be involved with anyone with thoughts or motives like that."
"Some users appear to have relied on Epik to lead a double life," the Post reports, "with several revelations so far involving people with innocuous day jobs who were purportedly purveyors of hate online." (Alternate URL here.) Epik, based outside Seattle, said in a data-breach notice filed with Maine's attorney general this week that 110,000 people had been affected nationwide by having their financial account and credit card numbers, passwords and security codes exposed.... Heidi Beirich, a veteran researcher of hate and extremism, said she is used to spending weeks or months doing "the detective work" trying to decipher who is behind a single extremist domain. The Epik data set, she said, "is like somebody has just handed you all the detective work — the names, the people behind the accounts..."
Many website owners who trusted Epik to keep their identities hidden were exposed, but some who took additional precautions, such as paying in bitcoin and using fake names, remain anonymous....
Aubrey "Kirtaner" Cottle, a security researcher and co-founder of Anonymous, declined to share information about the hack's origins but said it was fueled by hackers' frustrations over Epik serving as a refuge for far-right extremists. "Everyone is tired of hate," Cottle said. "There hasn't been enough pushback, and these far-right players, they play dirty. Nothing is out of bounds for them. And now ... the tide is turning, and there's a swell moving back in their direction."
Earlier in the week, the Post reported: Since the hack, Epik's security protocols have been the target of ridicule among researchers, who've marveled at the site's apparent failure to take basic security precautions, such as routine encryption that could have protected data about its customers from becoming public... The hack even exposed the personal records from Anonymize, a privacy service Epik offered to customers wanting to conceal their identity.
"Some users appear to have relied on Epik to lead a double life," the Post reports, "with several revelations so far involving people with innocuous day jobs who were purportedly purveyors of hate online." (Alternate URL here.) Epik, based outside Seattle, said in a data-breach notice filed with Maine's attorney general this week that 110,000 people had been affected nationwide by having their financial account and credit card numbers, passwords and security codes exposed.... Heidi Beirich, a veteran researcher of hate and extremism, said she is used to spending weeks or months doing "the detective work" trying to decipher who is behind a single extremist domain. The Epik data set, she said, "is like somebody has just handed you all the detective work — the names, the people behind the accounts..."
Many website owners who trusted Epik to keep their identities hidden were exposed, but some who took additional precautions, such as paying in bitcoin and using fake names, remain anonymous....
Aubrey "Kirtaner" Cottle, a security researcher and co-founder of Anonymous, declined to share information about the hack's origins but said it was fueled by hackers' frustrations over Epik serving as a refuge for far-right extremists. "Everyone is tired of hate," Cottle said. "There hasn't been enough pushback, and these far-right players, they play dirty. Nothing is out of bounds for them. And now ... the tide is turning, and there's a swell moving back in their direction."
Earlier in the week, the Post reported: Since the hack, Epik's security protocols have been the target of ridicule among researchers, who've marveled at the site's apparent failure to take basic security precautions, such as routine encryption that could have protected data about its customers from becoming public... The hack even exposed the personal records from Anonymize, a privacy service Epik offered to customers wanting to conceal their identity.
I guess it doesn't matter any longer? (Score:4, Insightful)
What happened to that journalistic consensus that it was morally wrong to post hacked information because it would only encourage and signal boost hackers to invade people's privacy?
Now they're gleefully trawling through all the dirty laundry they dug up. You'd almost think they were in cahoots or something.
Re: (Score:2)
What happened to that journalistic consensus that it was morally wrong to post hacked information because it would only encourage and signal boost hackers to invade people's privacy?
Perhaps it's worth considering where the hack came from. State sponsored hacks to attack anonymity online and social credit scores seem to be a good way to keep populations in control.
Re: (Score:2)
How do we know which hacks are state sponsored or state sanctioned?
Maybe we could look for sudden ethical shifts related to the information disclosed in state-aligned media outfits?
Re: (Score:2)
Or to joe job a leak and make an innocent bystander look incompetent.
I still am not buying that the Guardian's leak of the wikileaks keys wasn't a spy job designed to sabotage a whistleblower's credibility
Re: (Score:3, Interesting)
> Now they're gleefully trawling through all the dirty laundry they dug up. You'd almost think they were in cahoots or something.
This is roughly equivalent to how there's little sympathy for when a criminal gets hurt in the course of their crime.
These are not innocent people; these are, by and large, some of the worst elements of modern society. Racists, bigots, actual pedophiles, even literal Nazis in some cases. They are corrosive to the social fabric and toxic to society's members. The hack and data b
Re: (Score:2)
Some of these people aren't actually criminals, though, and it seems slightly unfair to paint them all with the same brush. I'm not going to shed any tears for these assholes, because of the ol' lie down with dogs thing, but it's conceivable that some people who went there for less atrocious reasons are going to have PII exposed.
Re: (Score:3)
Stop being a sensible voice of reason, we don't cotton to that kind of thing 'round here.
But you're right- I got a Firefox message last week that my data had been found in a breach, and the message indicated that it was the Epik breach.
Somehow some of my info was held by Epik for some reason. I have no idea how or why it was in there to begin with- I've never had an account with Epik, and never used them for hosting or did any business with them at all as far as I know.
So there are some innocent bystanders
Re: (Score:2)
> This is roughly equivalent to how there's little sympathy for when a criminal gets hurt in the course of their crime.
Odd, I remember George Floyd getting quite a lot of sympathy and nobody denies that he committed a crime (passing counterfeit money & the drugs he was on at the time according to the toxicology report), they just say he shouldn't have died. A position I think very few people disagree with.
Re: (Score:2)
There's two factors.
First, his crimes weren't capital offenses so him getting killed over it was no better than a lynching. His death was a miscarriage of justice that trumps his ostensible rap sheet he would have gotten if he'd been booked like he was supposed to.
Second, and this is the aggravating factor, the murder was also a breach of professional standards of conduct committed by a POLICE OFFICER who was trusted to uphold the law and who not only took a life but betrayed his badge in the process.
Re: (Score:2)
Hate has no home here. (Score:2)
Unless, of course, a neighbor deserves to be hated.
Re: I guess it doesn't matter any longer? (Score:1)
That has never been the case (Score:3)
It is up to the journalists to make a decision about privacy based upon historical precedent. Since WHOIS information was always intended to be public and the Internet has always agreed that the information must be public in order for
Re: (Score:2)
> Someone clearly has not read The Guardian, The Intercept, Wikileaks, The Telegraph or The Independent. It is a journalistic norm to publish information obtained through surreptitious theft provided that the public interest argument outweighs any potential privacy violations.
It was, then last election there was a sudden shift in that morality among many such outlets. Glen Greenwald quit the Intercept over its rejection of that norm, actually, and now runs a Substack.
Re: (Score:2)
Re: (Score:2)
Thanks, guys (Score:1)
One link is paywalled and the alternate site is banned by my ISP for spreading misinformation.
Re: (Score:3)
If your ISP "bans" and blocks/filters the Seattle Times, maybe you should get a real ISP instead of using a right wing nutjob job?
Re: (Score:3)
One link is paywalled and the alternate site is banned by my ISP for spreading misinformation.
Your ISP blocks sites? You in China?
Re: Thanks, guys (Score:1)
Banned by your isp? Lol it works for me, and Iâ(TM)m in communist China.
Did you have a little too much to think?
Right on! (Score:2)
Let it be known the right is absolute fucking trash at IT, amongst other things....
Re: Right on! (Score:3)
Re: Right on! (Score:2)
Anonymity ultimately never works and is for amateurs. They could have made some effort by retraining for a career in racism. There is no lull in demand for academics in race-related fields or for diversity and inclusion consultants.
Having to flip your racism on its head is an adjustment worth making. No more hiding in the shadows. You can be as racist as you like while getting book deals, TV appearances, and being paid to teach children to be racist.
Although it may be too late for these people, I'd suggest
Re: (Score:3)
Let it be known the right is absolute fucking trash at IT, amongst other things....
I wouldn't use this breach as an anecdote towards that conclusion. From TFA:
A huge proportion of the 1.8 million domains shown in the breached data appear ordinary, with Web addresses for people interested in real estate, home improvement, vegan cooking, various types of spirituality — as well as the occasional domain devoted to pornography, gaming and cryptocurrency.
It sounds more like a typical registrar that is neutral towards whatever content their customers intend on hosting. That is inevitably going to make them popular for anybody who is intending on hosting content that is banned by other registrars.
Re: Right on! (Score:1)
Hitler ate bread. Therefore all bread eaters are nazis.
Although to be fair, he was a vegan too and well vegans are nazis
Re: Right on! (Score:2)
Let it be known the right is absolute fucking trash Enough said. Antifa will be visiting soon.
epik failure (Score:4, Funny)
Re: (Score:2)
Damn, beat me to it!
Co-founder of Anonymous? (Score:3)
Kirtaner's the founder of 420chan. He has fuck-all to do with "Anonymous"... unless you count the times posters to 420chan called up Hal Turner's racist radio show to harass him (which admittedly was hilarious if you were there). Of course, Kirtaner would know all about hatred since 420chan served as a haven for the Invasions forum that targeted other webforums for harassment, and of course also hosted its own loli forum (until his webhost made him take it down).
TL;DR People in glass houses shouldn't throw stones.
This keeps on happening. (Score:2)
Come on people, it's not that hard.
Use a security focussed sdlc framework.
Patch , patch and patch some more.
Encrypt everything.
Scan, scan and pentest some more.
Get your Identity and Access Model right.
Backup, backup and backup some more.
Get a good security awareness/training program in place.
Whitelist.
Get back to the basics and 90% of your problems go away.
Shit.
WHOIS data (Score:5, Insightful)
Re: WHOIS data (Score:2)
Re: (Score:1)
AC rightards aren't known for their grammar.
LOL, It's slashdot. Correct someone's grammar and you're a grammar nazi.
Re: (Score:2)
Can confirm. "Have I been Pwned" notified me that I was in the Epik breach, but I have not done any business with them. My email address is not in any whois data though.
Re: (Score:2)
Honest question here; If you've never done business with them, how is it your e-mail address is in their WHOIS data?
The only way I can figure is if Epik bought out some other registrar that you did do business with, or there was someone fraudulently using your e-mail for their domain registration.
=Smidge=
Re: (Score:2)
Or they had a whois crawler. Which they did.
They crawled all expiring domains for marketing purposes, and potentially to scoop them up for auction if they thought that it was a good domain.
Re: (Score:2)
This leak also contained e-mail addresses of people who have never done business with them, I know because I'm one of them. I stupidly downloaded the data because I was alerted by Firefox Monitor that my e-mail address was included in the breach. Upon inspection, it was WHOIS data from 2012 and 2014. So before people start going vigilante, know that there are personal details within the dump that have never done business with them. Until this point, I didn't know Epik existed.
Sorry, that's not how vigilantism works. You don't get to just turn it off.
If you ever ranted against "far right hate" (while denying that far left hate even existed), and if you ever want to just have the mob roll over people with no due process, well, there are some chickens at your door who are home to roost.
Re: (Score:2)
This leak also contained e-mail addresses of people who have never done business with them, I know because I'm one of them.
Same here.
Until this point, I didn't know Epik existed.
And again, same here. I've no idea why they had any of my info.
Honestly not sure how I feel (Score:5, Insightful)
I mean... on the one hand, I have little to no sympathy for racists, jingoists, chauvinists, and the other types of "characters" you tend to find on the fringes of the right. Many of them spend their time targeting and terrorizing other groups, so the tables being turned on them now is a kind of poetic justice. At the same time, however, I believe very strongly in a person's right to hold beliefs that I don't agree with. Just because I do not agree with something a person has to say doesn't mean they shouldn't have a right to say it.
A bunch of "good old boys" want to sit around, have a couple beers, and bitch about the government, fine. I'm sure they refuse to cash any social security checks, take their own trash to the dump, put their kids into private schools, don't drive on publicly funded roads, have their own portable generator that they use for all electricity, aren't connected to the city sewage, or any of the other "socialist" things government does all on principle. However, when they start targeting specific groups of people, that's where I draw the line personally.
I understand it's a slippery slope argument, but once you start saying this speech is acceptable and that speech isn't, it's the first step towards authoritarianism. You need to make damn sure you have thought things through before acting.
Re:Honestly not sure how I feel (Score:5, Interesting)
Just because I do not agree with something a person has to say doesn't mean they shouldn't have a right to say it.
The difference is needing to hide behind an anonymous account to be free from civilian accountability, these people did have a legal right to say what they did. More or less the first amendment provides protection from governmental retribution unless very specific well established conditions are met but the first amendment is a double edged sword - other people have it too and including those who run companies and can use that to do things like refuse to associate with them. Because we don’t force public association my government mandate they are free to not buy things or demand a company fire someone (within existing legal framework) or any number of things and companies just follow the bottom line of profit, it’s not personal. If you actually wanted freedom to speak your mind without being interfered with the only party that can is the government - it’s an argument for a socialized government backed social media alternative with constitutional rights baked in from the start.
Re: (Score:2)
> Because we don’t force public association my government mandate
That's not true actually. We force both companies and individuals to associate with those they may prefer not to by government mandate routinely.
Re: (Score:2)
> Because we don’t force public association my government mandate
That's not true actually. We force both companies and individuals to associate with those they may prefer not to by government mandate routinely.
This is only true for groups like protected classes and is based in equal rights not forced association and it’s only with some existing practices. For example if you run a business you cannot deny employment or patronage based on race due to equal rights, but the government does not force anyone to associate with any particular race - it is the act of being associated with a business that opens one up to not trampling over the constitutional rights of others based on historical discrimination. Some
Re: (Score:1)
Everything you said is in agreement with what I said so I'm not sure what you are arguing.
Re: (Score:2)
Re: (Score:1)
What the basis is has nothing to do with whether or not it is forced association. It is forced association. It may be for a good reason or have some benefit, but that doesn't change the fact that it is forced association.
Re: (Score:2)
Re: (Score:1)
Um, no, your example has nothing in common with the argument at hand. I'm sorry, you lack rationality and logic and so further argument is pointless.
Re: (Score:2)
Re: (Score:2)
Many of them have already committed crimes, so the data will be used to investigate prior activities. It's also very useful for identifying links between groups that claim to be unrelated. That kind of "terror cell" isolation is very common with the far right, so they can disavow each other's behaviour and switch between identities as they get banned from mainstream platforms.
It's also quite useful for identifying all the false flag ops and attempts to incite violence. Might help exonerate some people.
Re: (Score:1)
At the same time, however, I believe very strongly in a person's right to hold beliefs that I don't agree with.
If true, then I congratulate you. You are rare as hen's teeth these days.
Re: (Score:2)
It's not that difficult once you realize it doesn't mean you have to like what they say, or agree with it, just accept they have a right to say it. Otherwise, how can I ever expect anyone to support my right to say something that someone else may not like or agree with?
Re: (Score:2)
Slippery slope is a heavily misunderstood fallacy. You can take any number of steps towards "authoritarianism" and not automatically get there; each step is an argument of it's own. The fallacy is over simplifying and equating many steps to a few big steps or a SLOPE where a tiny step just slides automatically into the extreme distant position.
1st step implies a progression but it can be the only step. Protection by extreme position doesn't work as people historically can move extreme distances in their p
Re: Honestly not sure how I feel (Score:1)
Reprehensible (Score:1, Troll)
There really ought to be some laws making it criminal with recoverable backpay and forced-rehire for an employer to rely upon information released as a result of an illegal act by someone else to make a decision such as this (Dismissing an employee after reading illegally-obtained information that contain something you think is negative, which you assume
says something about their personal beliefs)..:
The real estate brokerage where he worked then dropped him as an agent. The brokerage's owner told
You know what would really help that? (Score:3, Insightful)
Re: You know what would really help that? (Score:3, Informative)
Yeah. They'll cancel you while collecting a chunk of your paycheck and telling you they're standing up for you as they kick your ass to the curb, should the union leadership discover you hold opinions they don't like. Monopolies can do that. The duopoly of big labor and big business isn't much better.
Re: (Score:1)
Unions should be seen as a stopgap, we ought to be able to do better. Government should be making sure that all workers have reasonable rights in their workplace, not just ones that join a club and pay dues, and we need to demand representatives that will address that need.
Re: You know what would really help that? (Score:3)
The right to collective bargaining and freedom of association in the workplace, as Platonic ideals, should be able to ensure the desired result in an adversarial system like ours. The problem inevitably occurs when the laws are structured to favor or require a monopoly on labor representation by a single (big and politically connected) organization calling itself a "labor union."
Ideally, union monopolies would be broken up and the union shop would be prohibited. But that diminishes the rent-seeking behavior
Re: (Score:3)
> Government should be making sure that all workers have reasonable rights in their workplace,
Expecting government to do that is optimistic. Workers don't usually employ lobbyists.
It really grinds my gears (Score:2)
I mean I guess it's possible you come from old money....
Re: It really grinds my gears (Score:2)
No, I come from a line of middle middle class white collar types going back as many generations as we collectively remember. Most of that was in the Soviet Union where the policies put in place to elevate the working man elevated nearly everyone to an equal level of poverty and the last few decades of it were here. In all cases, affiliation with a labor union has been involuntary wherever it has occurred.
Re: (Score:2)
Re: (Score:2)
Isn't this, in a way, a form of "social safety net"? Wouldn't that, then, be a form of socialism?
No.. just a rejection of employers exploiting lawbreaking conduct.
I thought the sort of people who said hateful, bigoted things under cover of anonymity typically hated socialism.
There's no specific ideology for people who said something bigoted.
There's also really nothing proving the registrant of the domains espouses to hate or bigotry -- there are people who just publish websites with a purpose of driving tra
Re: (Score:2)
It's time we stop giving our real name and data (Score:2)
Re: (Score:2)
And you think anonymity will foster a better overall dialog, an improved society, less hatemongering, less weaponized misinformation?
Re: (Score:2)
Anonymity through blockchain-recorded transactions is about the stupidest stupid you can find.
Shave your neckbeard. Read a white paper for once in your life.
Cluster analysis on the data. (Score:2)
Who cares what websites you own? (Score:2)
Can't believe nobody already mentioned it (Score:2)
This is epic!
I was one of them (Score:2)
I got a Firefox message last week that my data had been found in a breach, and the message indicated that it was the Epik breach.
The thing is, I have no idea how or why it was in there to begin with- I've never had an account with Epik, and never used them for hosting or did any business with them at all as far as I know.
So I have no idea how my data or identity could have been involved. But there it is, apparently.
whitesencyclopedia.com (Score:2)
I'm sorry, but I just can't be the only one. Doesn't anyone else think the idea of a "Whites' Encyclopedia" could actually be an absolutely hilarious comedic idea?
e.g. Could I look up dancing on it?
Re:Christiansagainstisrael.com? (Score:4, Funny)
Maybe it was AOC and her buddies. She seems to hate Israel.
So your theory is that AOC, as someone who "seems to hate Israel", outed someone who hates Israel and Jewish persons?
Did you spend even a nanosecond thinking that through? (rhetorical question, obviously)
TROLL ALERT (Score:2)
That isn't the real "rsillvergun", this is a troll who is spoofing his name with an extra "l", as "rsilllvergun".
Re: (Score:2)
The US pays for a lot of people's defense other than its own. Why is Israel so important to single out? Why not balk about NATO spending for example?
Re: (Score:3)
Why not balk about NATO spending for example?
She did.
AOC supports American membership in NATO but opposes America's current level of spending on NATO. She believes America should reduce military spending to about what Europe spends.
Here is her voting record on defence [votesmart.org].
Look, AOC supports a lot of stupid stuff. If you want to criticize her, there are plenty of real issues. You don't need to make stuff up.
Re:Christiansagainstisrael.com? (Score:4, Funny)
Look, AOC supports a lot of stupid stuff. If you want to criticize her, there are plenty of real issues. You don't need to make stuff up.
Why not? It worked with Trump.
Re: (Score:2)
I do not think this was singling out Israel. She can only vote on the bills in front of her and this just happened to be the bill. I am sure she has voted against plenty of other defense spending bills.
Re: Christiansagainstisrael.com? (Score:2)
Most congressmen don't cry when some random bill is passed.
Re: (Score:2)
NATO isn't a protection racket. Those treaties hold up the U.S. economy with stable trading partners.
Re: (Score:2)
NATO isn't a protection racket. Those treaties hold up the U.S. economy with stable trading partners.
Of course NATO's a protection racket. Don't you read history? Here's a very old (1935) & brief introduction to the concept by a highly decorated retired Major General of the US Marine Corps for you: https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: Christiansagainstisrael.com? (Score:1)
Libya was going to institute a gold backed African Euro. This was a direct threat to Franceâ(TM)s interference in African banking.
First thing the new regime did was install a central bank.
Re: (Score:2)
And the US pays for Europes defense so I guess she has no problem with that.
She is in favor of greatly reducing all military spending.
Re: (Score:2)
How is NATO funded? In case anyone's wondering, from the Wales Declaration (2014): https://web.archive.org/web/20... [archive.org]
5. We recognise that these steps will take the necessary effort and funding. In light of this, we agree to reverse the trend of declining defence budgets and aim to increase defence expenditure in real terms as GDP grows; we will direct our defence budgets as efficiently and effectively as possible; we will aim to move towards the existing NATO guideline of spending 2% of GDP on defence within a decade, with a view to fulfilling NATO capability priorities. We will display the political will to provide required capabilities and deploy forces when they are needed.
One could see NATO as a mechanism to prop up the defence industries of certain countries who supply the large, sophisticated weapons systems that NATO says it requires. 2% of GPD is a hefty tax but then running empires has never been cheap.
Re: Christiansagainstisrael.com? (Score:5, Insightful)
If she wants to be antisemetic she should just vote that way.
You seem to have a really naive idea as to what antisemitism actually is.
Being critical of Israel per se is not being antisemitic. However hating someone because they are Jewish is.
Re: (Score:2)
You're feeding a troll, but the most annoying part is probably your unthinking propagation of the troll's Subject. Quite possibly the troll's actual "reward" motivator.
Re: Christiansagainstisrael.com? (Score:1, Flamebait)
However hating someone because they are Jewish is.
Hating them because they are Sephardic - i.e. semitic Jewish is.
The Ashkenazim who make up the vast majority of Zionistsare of Turkic descent and not the least bit semitic.
Palestinians, however, are.
Re: (Score:2)