Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking.[3][4] Troia is also known for disclosing the Shanghai police database leak in 2022.[5][6]

Vinny Troia
EducationPhD[citation needed]
Alma materCapella University, Western Governors University[citation needed]
OccupationCybersecurity researcher[1][2]
Websitewww.vinnytroia.com

Career

edit

Troia serves as owner and CEO of Night Lion Security, a cyber-security firm based in the US[7] and founded a threat intelligence firm named Shadowbyte.[1]

In 2018, Troia found a data leak of nearly 340 million detailed records about individual people available on a publicly accessible server of Exactis.[8][9]

In 2019, he found a data breach in People Data Labs where records of personal data, including email addresses, employers, locations, job titles, names, phone numbers and social media profiles of 1.2 billion people were exposed.[10][11]

In 2020, Troia identified and wrote a report on an entire underground cybercrime economy built on the stealing of reselling of video game passwords.[12] The white paper, published by Troia and Night Lion Security, outlines the process by which hackers make money by stealing and reselling Fortnite video game cosmetics, some making nearly a million dollars per year.[13] After the hackers gain access to a victim's account, most often by using common or reused passwords, the account's contents are stolen and resold on an underground black market valued at nearly 1 billion dollars annually.[14]

In 2020, one of Troia's own websites, Data Viper, was hacked by a threat actor.[15][16]

In November 2021, it was reported that the founder of BreachForums, pompompurin, also known as Conor Brian Fitzpatrick, publicly harassed Troia by hacking an FBI email server and sending out a mass alert to 100,000 individuals accusing Troia of being part of The Dark Overlord, a cybercriminal group that he has investigated. Fitzpatrick also allegedly "DDoSed" one of Troia's websites, hacked the National Center for Missing & Exploited Children's blog to create a fake blog post accusing Troia of being a sexual predator, as well as hacking his Twitter account and accusing him of criminal activity.[17][18][19]

in 2024, Troia sparked controversy, has been accused of engaging in unethical and potentially illegal activities. His work to expose cybercriminals has been called into question by leaked messages[20] revealing Troia acting as a go-between for cybercriminals like Judische, ShinyHunters and companies targeted for extortion. These messages show Troia offering to help structure stolen data for resale, discussing potential payouts with Judische's associates, and suggesting accessing servers in Turkey potentially containing stolen AT&T data. While Troia denies any wrongdoing, claiming he uses provocative language to maintain source contact and doesn't engage in illegal activities, his contradictory statements regarding fees and willingness to facilitate data transactions raise serious concerns about his ethical boundaries and potential criminal involvement. [21]

Publications

edit

Troia is the author of the book "Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques" (Wiley Books), which illustrates various investigative tools and techniques used to track down and investigate cybercriminals using Open Source Intelligence (OSINT) gathering tools and techniques.[22] The book provides a detailed account of Troia's investigation into cyber criminal hacking group The Dark Overlord.[23]

Troia's book provides evidence and analysis to support claims that the masterminds behind The Dark Overlord cybercrime group are two teenagers living in Calgary, Canada. Evidence provided in the book, as well as a subsequent report published by Troia and Night Lion Security, link the members of The Dark Overlord hacking group to other "database focused" hacking groups such as ShinyHunters and GnosticPlayers, along with people such as Conor Brian Fitzpatrick, also known as pompompurin, who owned BreachForums.[24]

References

edit
  1. ^ a b "FBI Email Hoaxer ID'ed by the Guy He Allegedly Loves to Torment". threatpost.com. 16 November 2021.
  2. ^ "NightLion Worm Takes Revenge on Night Lion Security | Cyware Hacker News". Cyware Labs.
  3. ^ "FBI system hacked to email 'urgent' warning about fake cyberattacks". www.bleepingcomputer.com.
  4. ^ "Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny?". www.thedailybeast.com.
  5. ^ "China Police Database Was Left Open Online for Over a Year, Enabling Leak". www.wsj.com.
  6. ^ Gan, Yong Xiong,Hannah Ritchie,Nectar (5 July 2022). "Nearly one billion people in China had their personal data leaked, and it's been online for more than a year". CNN.{{cite news}}: CS1 maint: multiple names: authors list (link)
  7. ^ "Hacker breaches security firm in act of revenge". ZDNet.
  8. ^ "Exactis said to have exposed 340 million records in massive leak". CNET.
  9. ^ "A New Data Leak Reportedly Exposed 230 Million Americans' Personal Information". fortune.com.
  10. ^ Reichert, Corinne. "1.2 billion records exposed in unsecured database". www.cnet.com.
  11. ^ Newman, Lily Hay. "1.2 Billion Records Found Exposed Online in a Single Server". Wired.com.
  12. ^ Winder, Davey. "Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins". Forbes.
  13. ^ "Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins". Forbes. Retrieved 21 April 2023.
  14. ^ "Fortnite 'black-market' part of billion-dollar hacker economy, report claims". Fox News. 27 August 2020. Retrieved 21 April 2023.
  15. ^ "Breached Data Indexer 'Data Viper' Hacked – Krebs on Security". 2020-07-13. Retrieved 2024-07-25.
  16. ^ "Breach database company DataViper allegedly hacked with billions of records offered for sale". SiliconANGLE. 2020-07-13. Retrieved 2024-07-25.
  17. ^ "FBI Email Hoaxer ID'ed by the Guy He Allegedly Loves to Torment". threatpost.com. 2021-11-16. Retrieved 2024-07-25.
  18. ^ Vavra, Shannon (2021-11-17). "Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny?". The Daily Beast. Retrieved 2024-07-25.
  19. ^ Roth, Emma (2021-11-14). "The FBI's email system was hacked to send out fake cybersecurity warnings". The Verge. Retrieved 2024-07-25.
  20. ^ "The Walls Are Closing in on the Snowflake Hacker". 404media.co. 2024-09-20. Retrieved 2024-09-24.
  21. ^ "The Walls Are Closing in on the Snowflake Hacker". 404media.co. 2024-09-20. Retrieved 2024-09-24.
  22. ^ "Book Review of "Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques"". www.rsaconference.com.
  23. ^ Troia, Vinny (January 2020). Hunting Cyber Criminals. Wiley. pp. 440–443. ISBN 978-1-119-54099-1. Retrieved 23 December 2020.
  24. ^ "The Dark Overlord report: An Investigation Into A Cyber Terrorist Hacking Group". Night Lion Security. Night Lion Security. Retrieved 17 July 2023.