Huge hack reveals embarrassing details of who’s behind Proud Boys and other far-right websites https://t.co/ev304uFSI3 #EpikFail
— Micah (@micahflee) September 21, 2021
I’m beginning to suspect the right-wing grifters have no respect for their marks, and therefore don’t even try to be professional. On the other hand, telling the marks & the grifters apart ain’t always easy:
Epik long has been the favorite Internet company of the far-right, providing domain services to QAnon theorists, Proud Boys and other instigators of the Jan. 6 attack on the U.S. Capitol — allowing them to broadcast hateful messages from behind a veil of anonymity.
But that veil abruptly vanished last week when a huge breach by the hacker group Anonymous dumped into public view more than 150 gigabytes of previously private data — including user names, passwords and other identifying information of Epik’s customers.
Extremism researchers and political opponents have treated the leak as a Rosetta Stone to the far-right, helping them to decode who has been doing what with whom over several years. Initial revelations have spilled out steadily across Twitter since news of the hack broke last week, often under the hashtag #epikfail, but those studying the material say they will need months and perhaps years to dig through all of it…
Epik, based in the Seattle suburb of Sammamish, has made its name in the Internet world by providing critical Web services to sites that have run afoul of other companies’ policies against hate speech, misinformation and advocating violence. Its client list is a roll-call of sites known for permitting extreme posts and that have been rejected by other companies for their failure to moderate what their users post.
Online records show those sites have included 8chan, which was dropped by its providers after hosting the manifesto of a gunman who killed 51 Muslims in Christchurch, New Zealand, in 2019; Gab, which was dropped for hosting the antisemitic rants of a gunman who killed 11 people in a Pittsburgh synagogue in 2018; and Parler, which was dropped due to lax moderation related to the Jan. 6 Capitol attack…
Epik founder Robert Monster’s willingness to provide technical support to online sanctuaries of the far-right have made him a regular target of anti-extremism advocates, who criticized him for using Epik’s tools to republish the Christchurch gunman’s manifesto and live-streamed video the killer had made of the slaughter.
Monster also used the moment as a marketing opportunity, saying the files were now “effectively uncensorable,” according to screenshots of his tweets and Gab posts from the time. Monster also urged Epik employees to watch the video, which he said would convince them it was faked, Bloomberg News reported.
Monster has defended his work as critical to keeping the Internet uncensored and free, aligning himself with conservative critics who argue that leading technology companies such as Facebook, Twitter, Amazon and YouTube have gone too far in policing content they deem inappropriate…
Since the hack, Epik’s security protocols have been the target of ridicule among researchers, who’ve marveled at the site’s apparent failure to take basic security precautions, such as routine encryption that could have protected data about its customers from becoming public.
The files include years of website purchase records, internal company emails and customer account credentials revealing who administers some of the biggest far-right websites. The data includes client names, home addresses, email addresses, phone numbers and passwords left in plain, readable text. The hack even exposed the personal records from Anonymize, a privacy service Epik offered to customers wanting to conceal their identity…
After the hackers’ announcement, Epik initially said it was “not aware of any breach.” But in a rambling, three-hour live-stream last week, Monster acknowledged there had been a “hijack of data that should not have been hijacked” and called on people not to use the data for “negative” purposes.
“If you have a negative intent to use that data, it’s not going to work out for you. I’m just telling you,” he said. “If the demon tells you to do it, the demon is not your friend.”…
Baud
I hope Balloon Juice has better security.
Chief Oshkosh
Ya hate ta see it…
WaterGirl
@Baud: That’s a pretty low bar.
Captain C
Whoever’s bank account is growing is the grifter. Like conservatism in Cleek’s Law, this needs to be updated daily.
He’s soooooooo close to getting it.
Kropacetic
Fool!
Chris Johnson
Like I said when news of this hit Hacker News…
Anonymous is not your personal army.
That even goes to Putin, or the alt-right, thinking Anonymous is their personal army just because /pol/ exists.
They are mistaken.
Omnes Omnibus
@Captain C: The demon said it was my friend. But the demon was Baud.
Urza
Living in Sammamish, when they came out as the host for all these sites I went looking for their address. They have a house here, and a PO Box. And I doubt anyone’s working out of the house at this point. Not sure why they would incorporate in Washington vs some other state or country. As the QAnon documentaries showed the owners, and pretty much only known workers have been living in the Phillipines for awhile.
FridayNext
A question for academics.
Is it ethical for researchers to use this material that was gained illegally? Would it pass an IRB hearing? (I know it probably would not need to, but hypothetically)
It seems problematic to me.
WaterGirl
@FridayNext: What is an IRB hearing?
Baud
@Omnes Omnibus:
My full name is Beelzebaud. But my friends call me Baud.
Omnes Omnibus
@WaterGirl: Picture the Spanish Inquisition….
NotMax
@FridayNext
Silver platter doctrine would hold, methinks.
(FTR, I am not a professional academic nor do I play one on the
TVintertubes.)zhena gogolia
@WaterGirl: Institutional Review Board.
Deleted my initial erroneous response
Barbara
@FridayNext: It probably depends on the nature of the research. Informed consent could be problematic for certain types of research protocols. Journalists on the other hand . . .
Scamp Dog
@WaterGirl: Institutional Review Board. Universities and other research institutions have them to review research proposals for ethics problems.
Omnes Omnibus
@zhena gogolia: Hey, did you see this?
Baud
@Scamp Dog:
BJ needs an IRB.
zhena gogolia
@Omnes Omnibus: I was alerted to it at 7:15 this morning by a classmate (“NYT puzzle, 42 down”), but wasn’t able to do the puzzle until just a few minutes ago. I think that’s a first!
Captain C
@Omnes Omnibus: There are worse demons to befriend, to be sure.
Omnes Omnibus
@zhena gogolia: Did you get it right?
Omnes Omnibus
@Captain C:
Are there? Are there really?
toine
As depressing and dis-heartening as the fight against these @-holes can be sometimes (mostly due to it being non-stop), it cheers me to no end to be reminded that they are mostly just a bunch of incompetent know-nothing stupid douchebags…
FridayNext
@Omnes Omnibus:
But with a lot more paperwork.
Institutional Review Boards.
Originally they were called Human Subject Review Boards and applied almost exclusively to bio-medical research. But now they apply to almost any research that uses human subjects including oral historians and, in my case, museum visitor surveys and studies. I can, for example, do some simple surveying in my galleries, but if I want to publish, the whole thing has to be approved by our IRB.
Since this is post facto, I doubt it would need review, but IRB’s are notorious at expanding their remit into any gray area. I do know that many social science journals and professional societies might have ethical concerns about using stolen material as the basis for research.
It’s seems questionable to me and I am not sure where I stand.
Searcher
His name is Monster?
Lazy writers.
craigie
Robert Monster?
Was his birth name Robert Asshole?
zhena gogolia
@Omnes Omnibus: After some thought . . .
mvr
@FridayNext:
I think those are different questions, since the former seems to be about ethics and IRB has to do with a codification of rules meant (hopefully) to protect people. I don’t do empirical work, but I also don’t think we should have all that much compunction against using illegally obtained information in the public domain so long as its publicity and reuse doesn’t actually hurt the innocent or perhaps the guilty but nondangerous.
So if, for example, Donald Trump were running a hate group site (I said “if” – I know he doesn’t know much about computers) and that showed up in the data I personally would have no worries using data was obtained in this way. What an IRB would say I don’t know.
Chetan Murthy
@Baud: If I sign over my soul, what do I get?
Dorothy A. Winsor
@Scamp Dog: I was on my university’s IRB. It was a lot of work but at least it was interesting.
Captain C
@Omnes Omnibus: Well, one or two at least. Probably. I haven’t met them.
Omnes Omnibus
@zhena gogolia: Ha!
FridayNext
@Chetan Murthy:
Steak Knives
raven
@Dorothy A. Winsor: I found the process to be helpful when I did my dissertation.
WaterGirl
@Scamp Dog: Thank you!
Lapassionara
@Baud: I laughed out loud. Thank you, I needed a good laugh.
Roger Moore
@Baud:
The best security against this kind of thing is never collecting data in the first place. This is part of the reason Cole has been steadfast in resisting any system that would require people to get accounts: it would mean collecting data about people.
Kropacetic
@Omnes Omnibus: I never suspected…
steppy
@Omnes Omnibus: The walrus was Baud.
Omnes Omnibus
@Kropacetic: Fear, surprise, fanatical devotion to the pope, etc.
raven
We finished Burn’s Muhammed Ali. Really well done.
steppy
@Omnes Omnibus: I am sitting in a comfy chair at the moment. Is that OK?
steppy
@raven: We have watched episodes somewhat hit and miss. It is a great history of Ali.
West of the Rockies
So has anyone been exposed yet? Have boycotts and public shaming begun? That’s what I’m waiting for.
Omnes Omnibus
@steppy: I am not on an IRB; don’t ask me.
Dan B
The Sammamish site bothered me. I had a big client there and my partner worked for them for a decade+. Costco’s headquarters are next door (Issaquah) and some other relatively ethical corporations. Good to read they’re actually operating out of the Phillipines.
Kropacetic
@Omnes Omnibus: Powerful weapons, those.
Another Scott
Epik failure is excellent. KrebsOnSecurity.com covers stuff like this very well. I don’t see anything today on it, though.
In other news, Keir Starmer released a big essay recently.
It’s bad. Really bad.
E.g.
The UK needs a competent leader in the opposition to BoJo. Starmer still seems to have no idea how to be that person. Nor how to hire someone to write a manifesto that inspires rather than disillusions the reader.
(sigh)
(via dsquareddigest)
Cheers,
Scott.
Barbara
@mvr: Right. They are supposed to protect human subjects from research projects that could harm their individual interests. It is not always clear how that is supposed to operate in the social sciences. While informed consent is a big part of the process it isn’t always required if other protections are in place. It’s not my specialty but it comes up from time to time so I’m familiar with how it’s supposed to work.
Dorothy A. Winsor
@mvr: As I recall, IRB standards apply only to research, not, say, to journalism. Research was defined as work intended for dispersal and the increase of general knowledge. So, for instance, teaching evaluations don’t count even though they’re surveys.
I’m sure there are ethical standards that apply in other situations, but the IRB is pretty specific.
Just Chuck
The Monster is telling me not to listen to the Demon.
Is Rob Monster related to Rob Zombie?
The demon is not my friend: I am the demon.
El Cruzado
? It’s the circle of griiiiiiift ?
Ksmiami
@toine: garbage humans covers it…
piratedan
Well…. considering the actions that we’ve seen with the doxxing done and harassment performed, that a reciprocal response doesn’t bother me.
In short, fuck those guys… here’s some light.
Cameron
Why would an IRB get involved? I thought that was for research on humans. Are there any humans on Epik?
topclimber
@Baud: We must hope for the coming of the Anti-Baud.
Jay
@Chetan Murthy:
a secret decoder ring,…….
Cameron
…and for a domestic terrorist to bring it out in the open, https://www.rawstory.com/florida-abortion-law/
Guess Florida couldn’t let Texas show it up.
prostratedragon
@craigie: I have a relative whose initials are ASS. I have it that the middle S does not stand for anything. There is a tendency to rather wicked humor in a couple of branches of the family.
Captain C
@Another Scott:
That’s practically a novella.
phdesmond
@raven:
indeed it is!
i haven’t been so moved since his funeral, five years ago.
lurker
@Baud: Is you or is you isn’t a relation of Beelzebubba?
BigJimSlade
@Baud: Beelzebaud 2024!
Anoniminous
@FridayNext:
It is now existing data so IRB doesn’t apply.