Breach Notification , Cybercrime , Fraud Management & Cybercrime

Anonymous Leaks Data from Texas GOP

This Is the 3rd Attack Involving the US Web Hosting Service Epik
Anonymous Leaks Data from Texas GOP
A "press release" by Anonymous (Source: Steven Monacelli’s tweet)

Hacktivist collective Anonymous has for the third time carried out an attack involving Washington-based domain name registrar and web hosting service Epik, according to independent Texas journalist Steven Monacelli, who also broke the news on the past two instances (see: Anonymous Leaks Epik Data - Again).

See Also: Gartner Insights: Uncover, Investigate, and Respond to Endpoint Threats with EPPs

This time around, the group has leaked data belonging to one of Epik's customers, the Republican Party of Texas - aka the Texas GOP, according to Monacelli. The leaked data set, he says, citing a post from Anonymous, contains sensitive information from the GOP's data backup servers, including private documents, database, and draft articles that were never published, among other things.

Titled "You Lost The Game," the latest set of data leaks, according to the tweet, was published on Monday in a forum. In the post, Anonymous claims that the Texas GOP set is the second batch of bootable disk images from Epik's servers - after the one on Sept. 27 - and includes data from the GOP's backup server.

A Texas GOP spokesperson tells Information Security Media Group that the incident has been reported to the FBI and is currently under investigation. "The reported leak of information stems from a Sept. 13, 2021, attack on Epik, the website hosting provider, that was being used by numerous organizations including the Republican Party of Texas," the spokesperson says.

Security researchers WhiskeyNeon and INIT_3, who verified the previous leaks, were not immediately available for comment.

Website Defaced

According to Monacelli, the Texas GOP website was also compromised by Anonymous on Sept. 11. The hacktivist group, he says, defaced the entire website, including its sign-up, donation and contact pages, posting derogatory messages about the Republican Party and its ideology.

The defacement of the Texas GOP website is linked to the controversial new Texas abortion law, known as Senate Bill 8, aka the Heartbeat Act. The law, which came into effect on Sept. 1, prohibits abortion after six weeks of pregnancy and also gives state residents the ability to sue anyone who violates or helps others to violate this law.

Anonymous, at the time, said the law is "far-right," and the group has thus targeted Epik, which hosts other far-right sites, such as Parler, 8chan, Gab and BitChute. “This dataset is all that’s needed to trace actual ownership and management of the fascist side of the internet that has eluded researchers, activists, and, well, just about everybody,” the hacktivists say.


Roger Grimes, a data-driven defense evangelist at KnowBe4, tells ISMG that while there appears to be a flare-up in hacktivist activity lately, Anonymous and other groups have been actively releasing private content for over two decades.

"Anonymous is not even the same hackers. ... They are different people who choose to organize under the same well-known banner. You cannot stop it any more than you can stop all cybercrime and malware. Figure out how to stop Anonymous from doing hacktivist activities and you solve all internet crime," he says.

Can law enforcement agencies help? Not more than they can against any cybercriminal or group, Grimes says.

"Law enforcement does arrest cybercriminals from time to time. Heck, they once arrested the major leaders of Anonymous, turned one of its leaders into a mole and snitch, and took down the entire group for years. But I am assuming the new group is smarter, more anonymous to each other, and less likely to turn on each other," he says.

"It is just my guess that even if the police care enough to go after Anonymous, prosecuting them would be difficult. Putting a hacker into jail is a rare event. We do not identify, charge, arrest and put in jail 1 in 1,000. Internet crime is one of the lowest-risk, highest-gain crimes a criminal can do; that is why it is so pervasive."

Because it is likely that Operation Epik Fail has affected other Epik customers too, Grimes recommends that every person and organization fight social engineering, patch software, use multifactor authentication, educate people, and use unique passwords on every website and service.

Previous Data Dumps

On Sept. 13, Monacelli first posted a release from Anonymous, detailing the attackers' motivations for hitting Epik, as part of its "#OperationJane" efforts (see: Web Hoster Epik's Breach Exposes 15 Million Email Addresses).

The first data dump consisted of over 180GB of data, including 15 million email addresses and corresponding personal details of not just Epik's own customers and systems, but also details of millions of other individuals and organizations who had their information scraped via "Whois" queries from domain name registrars, the free breach notification service Have I Been Pwned confirmed.

Although Epik initially claimed to be "unaware of the breach," its CEO, Rob Monster, later clarified in a long Q&A session conducted virtually that the data likely had been sourced from a backup that was “intercepted.”

The second set of leaked data, which Anonymous calls The/b/Sides, is "larger than the first" and contains 300GB of information, Monacelli says, citing an unidentified security researcher who vetted the data set (see: Anonymous Leaks Epik Data - Again).

As proof of their claims, Anonymous attached "several bootable disk images of assorted systems" in the form of a 70GB torrent file with the press release. Security researchers WhiskeyNeon and INIT_3 used the contents of this file to confirm their claims about leaked data.

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.