Vinny Troia Explained

Vincenzo "Vinny" Troia is an American cybersecurity researcher who is known for reporting on and identifying members of The Dark Overlord hacker group as well as hacker pompompurin, who was the owner-operator of the website BreachForums and was involved in the 2021 FBI email hacking.^{[3] [4]} Troia is also known for disclosing the Shanghai police database leak in 2022.^{[5] [6]}

Career

Troia serves as owner and CEO of Night Lion Security, a cyber-security firm based in the US^[7] and founded a threat intelligence firm named Shadowbyte.

In 2018, Troia found a data leak of nearly 340 million detailed records about individual people available on a publicly accessible server of Exactis.^{[8] [9]}

In 2019, he found a data breach in People Data Labs where records of personal data, including email addresses, employers, locations, job titles, names, phone numbers and social media profiles of 1.2 billion people were exposed.^{[10] [11]}

In 2020, Troia identified and wrote a report on an entire underground cybercrime economy built on the stealing of reselling of video game passwords.^[12] The white paper, published by Troia and Night Lion Security, outlines the process by which hackers make money by stealing and reselling Fortnite video game cosmetics, some making nearly a million dollars per year.^[13] After the hackers gain access to a victim's account, most often by using common or reused passwords, the account's contents are stolen and resold on an underground black market valued at nearly 1 billion dollars annually.^[14]

In 2020, one of Troia's own websites, Data Viper, was hacked by a threat actor.^{[15] [16]}

In November 2021, it was reported that the founder of BreachForums, pompompurin, also known as Conor Brian Fitzpatrick, publicly harassed Troia by hacking an FBI email server and sending out a mass alert to 100,000 individuals accusing Troia of being part of The Dark Overlord, a cybercriminal group that he has investigated. Fitzpatrick also allegedly "DDoSed" one of Troia's websites, hacked the National Center for Missing & Exploited Children's blog to create a fake blog post accusing Troia of being a sexual predator, as well as hacking his Twitter account and accusing him of criminal activity.^{[17] [18] [19]}

Publications

Troia is the author of the book "Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques" (Wiley Books), which illustrates various investigative tools and techniques used to track down and investigate cybercriminals using Open Source Intelligence (OSINT) gathering tools and techniques.^[20] The book provides a detailed account of Troia's investigation into cyber criminal hacking group The Dark Overlord.^[21]

Troia's book provides evidence and analysis to support claims that the masterminds behind The Dark Overlord cybercrime group are two teenagers living in Calgary, Canada. Evidence provided in the book, as well as a subsequent report published by Troia and Night Lion Security, link the members of The Dark Overlord hacking group to other "database focused" hacking groups such as ShinyHunters and GnosticPlayers, along with people such as Conor Brian Fitzpatrick, also known as pompompurin, who owned BreachForums.^[22]

Notes and References

1. News: FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment . threatpost.com . 16 November 2021 . en.
2. Web site: NightLion Worm Takes Revenge on Night Lion Security Cyware Hacker News . Cyware Labs . en.
3. News: FBI system hacked to email 'urgent' warning about fake cyberattacks . www.bleepingcomputer.com.
4. News: Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny? . www.thedailybeast.com.
5. News: China Police Database Was Left Open Online for Over a Year, Enabling Leak . www.wsj.com.
6. News: Gan . Yong Xiong,Hannah Ritchie,Nectar . Nearly one billion people in China had their personal data leaked, and it's been online for more than a year . CNN . 5 July 2022 . en.
7. News: Hacker breaches security firm in act of revenge . ZDNet.
8. News: Exactis said to have exposed 340 million records in massive leak . CNET . en.
9. News: A New Data Leak Reportedly Exposed 230 Million Americans’ Personal Information . fortune.com.
10. News: Reichert . Corinne . 1.2 billion records exposed in unsecured database . www.cnet.com.
11. News: Newman . Lily Hay . 1.2 Billion Records Found Exposed Online in a Single Server . Wired.com.
12. Web site: Winder . Davey . Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins . . en.
13. Web site: Fortnite Hackers Earn $1 Million A Year—Stealing Your Skins . Forbes . 21 April 2023.
14. Web site: Fortnite 'black-market' part of billion-dollar hacker economy, report claims . Fox News . 27 August 2020 . 21 April 2023.
15. Web site: 2020-07-13 . Breached Data Indexer ‘Data Viper’ Hacked – Krebs on Security . 2024-07-25 . en-US.
16. Web site: 2020-07-13 . Breach database company DataViper allegedly hacked with billions of records offered for sale . 2024-07-25 . SiliconANGLE . en-US.
17. Web site: 2021-11-16 . FBI Email Hoaxer ID’ed by the Guy He Allegedly Loves to Torment . 2024-07-25 . threatpost.com . en.
18. News: Vavra . Shannon . 2021-11-17 . Wait—The FBI Got Hacked Over a Beef With a Guy Named Vinny? . 2024-07-25 . The Daily Beast . en.
19. Web site: Roth . Emma . 2021-11-14 . The FBI’s email system was hacked to send out fake cybersecurity warnings . 2024-07-25 . The Verge . en.
20. Web site: Book Review of "Hunting Cyber Criminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques" . www.rsaconference.com.
21. Book: Troia . Vinny . Hunting Cyber Criminals . January 2020 . Wiley . 978-1-119-54099-1 . 440–443 . 23 December 2020.
22. Web site: The Dark Overlord report: An Investigation Into A Cyber Terrorist Hacking Group . Night Lion Security . Night Lion Security . 17 July 2023.