Skip to content
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(Daily Dot)   In today's edition of "Conservatives are REALLY bad at cybersecurity," Anonymous claims they've breached far-right web host Epik's servers and obtained a decade's worth of customer data, emails, passwords, and private keys that they're going to release   (dailydot.com) divider line
    More: Fail, Republican Party, Domain name registrar, Centre-right, press release, collective Anonymous, Domain Name System, Data, Internet  
•       •       •

1663 clicks; posted to Politics » on 15 Sep 2021 at 11:09 AM (10 weeks ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook



72 Comments     (+0 »)
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | » | Newest | Show all

 
2021-09-15 9:19:24 AM  
To be fair, exactly the sites they compromised, might be more of a "...Russians are REALLY bad at cybersecurity..."
 
2021-09-15 9:22:48 AM  
The CEO is a Monster.
 
2021-09-15 9:27:13 AM  
Giggity
 
2021-09-15 10:47:17 AM  
How do you shame the shameless?
 
2021-09-15 10:53:41 AM  
Again?
 
2021-09-15 10:54:51 AM  
Fark user imageView Full Size
 
2021-09-15 10:57:26 AM  

I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?


Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?
 
2021-09-15 11:06:18 AM  

GreatGlavinsGhost: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?


Well.
Specify which daughter.
 
2021-09-15 11:11:58 AM  

Myrdinn: GreatGlavinsGhost: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?

Well.
Specify which daughter.


We know it ain't Tiffany.
 
2021-09-15 11:12:08 AM  
Oh wow! I am sure Epik is terrified as if they hadn't already sold off every piece of data they could sell to every buyer imaginable.

Why would they give a fark about cybersecurity when they already wrung the profit they wanted out of it?
 
2021-09-15 11:12:08 AM  

Myrdinn: To be fair, exactly the sites they compromised, might be more of a "...Russians are REALLY bad at cybersecurity..."


Just because you're good at breaking something doesn't make you great at ensuring it doesn't get broken in the first place.
 
2021-09-15 11:13:14 AM  
It's already been released. Not sure what the etiquette is on posting those kinds of links here.
 
2021-09-15 11:15:21 AM  
If they aren't going to release some teasers then I'm not getting my hopes up about the rest of it...
 
2021-09-15 11:15:32 AM  

Diamond Joe Biden: Myrdinn: GreatGlavinsGhost: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?

Well.
Specify which daughter.

We know it ain't Tiffany.


I'm sure he molested both, but he has/had a favorite.
 
2021-09-15 11:16:00 AM  
Anonymous isn't what it used to be, nor is it what had everybody "scared". Evidence first, then we'll talk.
 
2021-09-15 11:16:36 AM  
When did Anonymous decide to jump back into the right side of things? (I cringe every time I see a Guy Fawks mask worn by Reich-wing terrorists)

What will we see released?

Is there actually any incriminating evidence in any of this information?

If there is incriminating evidence, will anyone actually do anything?
 
2021-09-15 11:16:39 AM  

I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?


Publish their browser history
 
2021-09-15 11:18:16 AM  
Fark user imageView Full Size


D'oh!
 
2021-09-15 11:19:58 AM  

I'm no expert but...: [Fark user image image 850x170]

D'oh!


It's ok man, you're not an expert.  No harm no fowl.

/This is a bird-free zone
 
2021-09-15 11:20:01 AM  
https://malcontentment.com/breaking-e​p​ik-software-home-to-a-california-recal​l-vote-misinformation-website/

Apparently Epik was connected to that website which statistically "proved" fraud in California's recall election results the day before the votes were cast.
 
2021-09-15 11:21:34 AM  
It's where the Texas anti-abortionists and right-to-harass-groups, aka Friends of Abbott®, had to go when a class operation like GoDaddy dropped them from services for harvesting data.

That alone would merit an irony tag, but considering it's also nasty neo-Nazi, Ted Cruz, and who knows what other filth (maybe web-visible Capitol violent overthrow sites) is hosted.
 
2021-09-15 11:23:06 AM  

Diamond Joe Biden: Myrdinn: GreatGlavinsGhost: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?

Well.
Specify which daughter.

We know it ain't Tiffany.


NARRATOR: Yes, indeed, Donnie wants to fark his daughter.
 
2021-09-15 11:31:07 AM  
Don't warm that you're going to release the private keys, just release the private keys.

It's the difference between inconveniencing them and destroying them
 
2021-09-15 11:31:47 AM  

RogueWallEnthusiast: Myrdinn: To be fair, exactly the sites they compromised, might be more of a "...Russians are REALLY bad at cybersecurity..."

Just because you're good at breaking something doesn't make you great at ensuring it doesn't get broken in the first place.


Russians aren't especially good at breaking things, it's just that no one is any good at preventing it in the first place.
 
2021-09-15 11:31:53 AM  

Myrdinn: GreatGlavinsGhost: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Arrange a hooker who looks like his daughter to meet him in a Moscow hotel room, record the encounter and threaten to release the footage?

Well.
Specify which daughter.


Get her out of here, she looks like a trout on heroin!
 
2021-09-15 11:35:16 AM  

BitwiseShift: It's where the Texas anti-abortionists and right-to-harass-groups, aka Friends of Abbott®, had to go when a class operation like GoDaddy dropped them from services for harvesting data.

That alone would merit an irony tag, but considering it's also nasty neo-Nazi, Ted Cruz, and who knows what other filth (maybe web-visible Capitol violent overthrow sites) is hosted.


I mean, I kinda get it.  It makes sense to keep all these websites hosted to the same server so that insurrectionists don't have to create a new login to rat out their niece who was noticed boarding a plane for Colorado a couple of weeks after prom.
 
2021-09-15 11:37:10 AM  
Fark user imageView Full Size
 
2021-09-15 11:37:11 AM  
Conservatives are just like any business that cares more about money than doing anything correctly, IT security is just an unnecessary cost because everything's working fine, right?
 
2021-09-15 11:40:45 AM  
Again?
 
2021-09-15 11:40:51 AM  
oh no not the private keys!

what's a private key?
 
2021-09-15 11:42:46 AM  

Soup4Bonnie: oh no not the private keys!

what's a private key?


In short:

It's the part of encryption that allows you to decrypt.
 
2021-09-15 11:44:20 AM  
I wonder if I could get my "highly" "competent" coworkers to go work for them. They're gun nut, antivax and believe any conspiracy. They will fit right in.
 
2021-09-15 11:48:17 AM  
Competent IT department costs money and usually has low tolerance for BS.
 
2021-09-15 11:50:28 AM  
Plaintext passwords for their infrastructure? You bet.
Unsalted MD5 passwords for all their users? Yep!
Credit card numbers also stored as MD5? Sure, why not.

I've barely started digging in, and the incompetence is stunning.
 
2021-09-15 11:54:14 AM  

LrdPhoenix: [Fark user image 638x820]

"On September 13, 2021, a group of kids calling themselves "Anonymous", whom we've never heard of"


lol, ok.
 
2021-09-15 11:54:19 AM  

Myrdinn: To be fair, exactly the sites they compromised, might be more of a "...Russians are REALLY bad at cybersecurity..."


I said when Anonymous tweeted that they were out to demolish Texas republicans that there would be hell to pay and it wasn't just bluster.
 
2021-09-15 11:55:27 AM  

rudemix: Oh wow! I am sure Epik is terrified as if they hadn't already sold off every piece of data they could sell to every buyer imaginable.

Why would they give a fark about cybersecurity when they already wrung the profit they wanted out of it?


Selling it to a third party Corp is way different than all that data being released to the media, FBI, Putin, etc.
 
2021-09-15 11:57:21 AM  

Visual Howlaround Title Sequence: Myrdinn: To be fair, exactly the sites they compromised, might be more of a "...Russians are REALLY bad at cybersecurity..."

I said when Anonymous tweeted that they were out to demolish Texas republicans that there would be hell to pay and it wasn't just bluster.


It's still just bluster unless you can show a tangible impact of this hack.
 
2021-09-15 11:58:57 AM  

LrdPhoenix: [Fark user image 638x820]


encrypted-tbn0.gstatic.comView Full Size
 
2021-09-15 11:59:15 AM  

disaster bastard: I am Tom Joad's Complete Lack of Surprise: How do you shame the shameless?

Publish their browser history


They claim it's all fake, the smoothbrains accept, and nothing changes.
 
2021-09-15 12:04:12 PM  

RainDawg: It's still just bluster unless you can show a tangible impact of this hack.


Epik offered a whois privacy service, allowing people to register and host sites anonymously. All of those people are now unmasked. That's a tangible impact. There are already journalists digging into those records.
 
2021-09-15 12:09:47 PM  

IRestoreFurniture: Soup4Bonnie: oh no not the private keys!

what's a private key?

In short:

It's the part of encryption that allows you to decrypt.


Thank you but it kinda sounds like these were not-so private keys, then.
 
2021-09-15 12:10:53 PM  

fiddlehead: LrdPhoenix: [Fark user image 638x820]

"On September 13, 2021, a group of kids calling themselves "Anonymous", whom we've never heard of"

lol, ok.


Did you not read to the end?
 
2021-09-15 12:23:37 PM  

OhioUGrad: Is there actually any incriminating evidence in any of this information?


Remember that bad-at-security morons tend to use the same password for everything.
 
2021-09-15 12:34:03 PM  

LrdPhoenix: fiddlehead: LrdPhoenix: [Fark user image 638x820]

"On September 13, 2021, a group of kids calling themselves "Anonymous", whom we've never heard of"

lol, ok.

Did you not read to the end?


I'm mocking the idea that IT guys, particularly those that associate with alt-right shiatholes, have no idea who Anonymous is.
 
2021-09-15 12:37:38 PM  

BitwiseShift: It's where the Texas anti-abortionists and right-to-harass-groups, aka Friends of Abbott®, had to go when a class operation like GoDaddy dropped them from services for harvesting data.

That alone would merit an irony tag, but considering it's also nasty neo-Nazi, Ted Cruz, and who knows what other filth (maybe web-visible Capitol violent overthrow sites) is hosted.


It wouldn't surprise me if it hosted tor onion servers filled with the worst filth imaginable.

/think "cheese pizza"
 
2021-09-15 12:48:37 PM  

fiddlehead: LrdPhoenix: [Fark user image 638x820]

"On September 13, 2021, a group of kids calling themselves "Anonymous", whom we've never heard of"

lol, ok.


Fark user imageView Full Size
 
2021-09-15 12:53:01 PM  

germ78: It wouldn't surprise me if it hosted tor onion servers filled with the worst filth imaginable.

/think "cheese pizza"


One of the domains I spotted in one of the SOA databases had references to 10 year olds, and another mentioned young boys. I haven't investigated those any further than that, for obvious reasons...
 
2021-09-15 12:54:58 PM  

Soup4Bonnie: oh no not the private keys!

what's a private key?


Since I already went in depth on hashes yesterday on the previous thread, I'll give a short description.

Public/Private Key Cryptography involves making 2 encryption keys, should be obvious what they are called, and the way it's set up is that anything encrypted by the Public key can only be decrypted by the Private Key, and anything encrypted by the Private Key can only be decrypted by the Public Key.  That's called asymmetric encryption, as opposed to symmetric where you can encrypt something and then decrypt it using the same key.

So, you make the 2 keys, you make one of them publicly available.  If someone wants to talk to you securely, they can use your public key to encrypt it and then you can decrypt it with the private key.  That means they know that, so long as your private key stays private, only you can read it.  Not only that, if they have a private/public key themselves, then you can verify that the message could only come from them, since if they encrypt it with your public key and then encrypt that encrypted message with their private key, then only their public key can open the outer envelope of encryption.  So you have verification of the identity of both sender and receiver, so long as the private keys stay private.  This is called a Digital Signature.

It's used in a lot of things on the internet, like website certificates to validate that the website you're on is actually what it says it is.  For instance, here's part of the public key assigned to Fark by Let's Encrypt, a certificate authority run by the Internet Security Research Group, so HTTPS will work right.
Fark user imageView Full Size

And here's part of the public key assigned to AMD for their drivers by Symantec to make sure Windows can warn you if something tries to install unverified drivers:
Fark user imageView Full Size
 
2021-09-15 1:11:06 PM  

LrdPhoenix: It's used in a lot of things on the internet, like website certificates to validate that the website you're on is actually what it says it is.  For instance, here's part of the public key assigned to Fark by Let's Encrypt, a certificate authority run by the Internet Security Research Group, so HTTPS will work right.


I guess I should mention a bit about how that works.
When you connect to Fark, it hands you its public key (if you don't already know it), your browser then checks known authorities to figure out whether that public key is actually Fark's public key and not someone trying to fool you, and then Fark sends you stuff encrypted with its private key.  So you have a public key, you've verified that it belongs to who it says it does, and now you have stuff coming in that can only come from that source because it can only be decrypted by the verified public key.

Little more complex than that because you've also automatically handed Fark your own public key, so now you can do 2 way encrypted communication.  It's also a little more complex than that because Public/Private key encryption is a little slow, so you actually use that established 2 way communication to securely exchange a new symmetric encryption key that can then be used for doing further encrypted messages faster.
 
Displayed 50 of 72 comments


Oldest | « | 1 | 2 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking




On Twitter


  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.