If you’re plotting something and want to recruit a horde of fellow conspiracy theorists to join you, the go-to company you call to provide “confidential” web services is Epik.
Epik, based in the Seattle suburb of Sammamish, has made its name in the Internet world by providing critical Web services to sites that have run afoul of other companies’ policies against hate speech, misinformation and advocating violence. Its client list is a roll-call of sites known for permitting extreme posts and that have been rejected by other companies for their failure to moderate what their users post.
Online records show those sites have included 8chan, which was dropped by its providers after hosting the manifesto of a gunman who killed 51 Muslims in Christchurch, New Zealand, in 2019; Gab, which was dropped for hosting the antisemitic rants of a gunman who killed 11 people in a Pittsburgh synagogue in 2018; and Parler, which was dropped due to lax moderation related to the Jan. 6 Capitol attack.
They also host anti-abortion groups, including that prolifewhistleblower page (which has since been removed). You’d think someone would realize that if your group requires support from an organization that also supports Nazis and Proud Boys and kooks and violent militias, maybe you should question the company you’re keeping.
It’s a notorious den of villainy, as you can tell. But maybe not anymore…would you trust your evil plan to a company after this?
But that veil abruptly vanished last week when a huge breach by the hacker group Anonymous dumped into public view more than 150 gigabytes of previously private data — including user names, passwords and other identifying information of Epik’s customers.
Extremism researchers and political opponents have treated the leak as a Rosetta Stone to the far-right, helping them to decode who has been doing what with whom over several years. Initial revelations have spilled out steadily across Twitter since news of the hack broke last week, often under the hashtag #epikfail, but those studying the material say they will need months and perhaps years to dig through all of it.
“It’s massive. It may be the biggest domain-style leak I’ve seen and, as an extremism researcher, it’s certainly the most interesting,” said Megan Squire, a computer science professor at Elon University who studies right-wing extremism. “It’s an embarrassment of riches — stress on the embarrassment.”
The founder of Epik, Robert Monster (surely one of the most appropriate names ever) is busy denying that any leak happened and is pretending that it’s all business as usual. Everyone else, however, is laughing at their incompetence, except maybe the far-right individuals who trusted them. They’re probably too busy trying to hide their trail.
Since the hack, Epik’s security protocols have been the target of ridicule among researchers, who’ve marveled at the site’s apparent failure to take basic security precautions, such as routine encryption that could have protected data about its customers from becoming public.
The files include years of website purchase records, internal company emails and customer account credentials revealing who administers some of the biggest far-right websites. The data includes client names, home addresses, email addresses, phone numbers and passwords left in plain, readable text. The hack even exposed the personal records from Anonymize, a privacy service Epik offered to customers wanting to conceal their identity.
This is going to be so entertaining. Probably also disappointing as the bodies are unearthed, and the American justice system does nothing.
I’ll just say that the only individuals who have ever been trusted with my Grand Elaborate Scheme to Rule the World are the spiders I whisper to, and they’ll never crack. It’s going to be such a surprise!