Tag Archives: Epik

Security News for the Week Ending October 15, 2021

Microsoft Investigating Multiple Windows 11 Issues

While some of the issues are not fatal, others like a memory leak in File Manager that can only be recovered from by rebooting are more of a problem. I recommend waiting for a month or two in order for other users to detect more bugs. Credit: Bleeping Computer

Feds Arrest Nuke Navy Engineer for Selling Nuke Secrets to Foreign Power

A Navy nuclear engineer stole restricted data for a Virginia class nuclear submarine and tried to sell it to a foreign power. For whatever reason, the person that he contacted in the unnamed country shared his letter with the FBI. They strung him along for a while as he made several dead drops of data and they paid him cryptocurrency until they arrested him last week. He was able to smuggle the documents out past security, which just shows how hard it is to actually secure against a determined adversary. Credit: The Register

An unintended Consequence of Covid Vaccine Passports

The UK is one place where vaccine passports are required. The app that runs on people’s phones is managed by the National Health Service or NHS. The app has a barcode that security at the airport can use to check a passenger’s vaccine status. No proof of vaccine or negative Covid test and you can’t get on that plane. Which is great until the app’s backend database crashes like it did today. For about 4 hours. Heathrow came to a standstill. One journalist reported that she was offered a later flight for a 250 Pound fee. Oh, yeah, and she would need to take and pay for a rapid Covid test for another 119 Pounds. She opted not to fly. Another passenger tried using his paper vaccine card, but security would not accept it. The app has an offline mode or you could screenshot the barcode, but those only work if the app is running. Unintended consequences. Credit: BBC

Treasury Links $5 Billion in Bitcoin to Ransomware

The U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN) has done some trolling on the Bitcoin blockchain. Anyone who thinks that bitcoin is anonymous does not understand how that works. They identified Bitcoin wallet addresses after analyzing suspicious activity reports (SARs) that banks send in. This has nothing to do with actually recovering any money. If they put those wallets on the banned list then the hackers will create new wallets (which they should be doing anyway to make things harder to track). It is probably a good thing for them to do because a lot of crooks are stupid and those are the ones that they might catch out of this. Credit: Bleeping Computer

Fallout From the Epik Hack

Epik, as I reported earlier, is a domain registrar that is kind of a last resort for people who can’t get another registrar to manage their domain – along with many vanilla domains. Epik supports a number of conspiracy theory and alt-right domains because they say that they are neutral in the battle. As a result of being hacked, a lot of data which people would like to remain private became public. As a result of that, people are being fired and businesses are losing customers. One person, who’s information was disclosed, continued the conspiracy theory tactic and said that the data was easily falsiable (who did this – Epik or the hackers – and why?), that he was the possible victim of extortion and the newspaper that reported the information was “fake news”. Possible, but that is likely not going to help some people who get outed. Credit: The Washington Post

Domain Registrar Epik Hacked

Domain registrar Epik is known for hosting certain types of domains. They call themselves the Swiss Bank of Domains – neutral in the political fights. They host the domains for right wing sites like Parler and Gab and political sites like Texas Right to Life and the Texas GOP, among many others.

The company confirmed that hackers breached their security AND downloaded customer account information.

The hackers may be affiliated with the non-group Anonymous, the loose collective of hackers that go after folks that they don’t like. They said, in a press release, that the hack was in retaliation for Epik’s habit of hosting questionable alt-right websites (their words).

“This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet,” the group said. “Time to find out who in your family secretly ran an Ivermectin horse porn fetish site, disinfo publishing outfit or yet another QAnon hellhole.”

Epik Confirms Hack, Gigabytes of Data on Offer | Threatpost

It also appears that non-customers were also swept up in hack as well and some of their data was stolen too.

Size-wise, the hackers stole 180 gigabytes of data, they say, including names, phone numbers, physical addresses, purchases and passwords.

Also apparently much of the data was not encrypted and some of it was only lightly salted (meaning that reversing it was trivial for the hackers).

It seems that the hackers are GIVING the data away for FREE. Here is what you get for free:

  • domain purchases and transfers in and out, all whois history unredacted, all DNS changes, all email forwards, payment history (without credit cards), account credentials for customers, hosting, VPN, etc., Epik’s internal servers and systems, Epik’s GoDaddy logins and more.

The hackers said “yep, these Russian developers they hired are actually just that bad.” referring to the lack of encryption and weak hashing.

They also hacked the Texas GOP web site for fun.

What does this mean to you?

First of all – vendor cyber risk management. Are your vendors secure?

Second, if you used Epik, change all affected passwords and encryption keys

Third, assume an attack like this could happen; plan for it. Then do what you can to mitigate the damage from it.

Credit: Ars Technica