Hunting for cybercriminals can be risky business.
Security researcher and pentester Vinny Troia learned that over the weekend. Again.
Troia recently published a book called "Hunting Cybercriminals: A Hacker's Guide to Online Intelligence Gathering Tools and Techniques." The book reveals secrets of The Dark Overlord and other hacking groups which Troia communicated with through various Dark Web aliases.
And hackers have been trying to exact virtual revenge ever since.
Troia runs Night Lion Security and a related service called Data Viper.
Hackers recently contacted a number of news outlets to announce they had gained access to one of the Data Viper servers and allegedly stolen a number of databases from previous cyber incidents. Firms often catalog this kind of information to help their clients with threat intelligence.
The hacker's post links to stolen databases and includes a meme about the revenge hacking.
"I'm about to end this man's whole career," says the meme, which ZDNet obtained.
Troia tells SecureWorld that the databases the hackers published came from a test environment of his and that most are already available on the Dark Web.
And furthermore, he claims the hackers made a classic mistake of ignoring their own operational security, because they are so sure of themselves:
"When people think they are above the law, they get sloppy. So much so they forget to look at their own historical mistakes. I literally detailed an entire scenario in my book where I allowed them to gain access to my web server in order to get their IPs. They haven't learned.
All they had access to was a dev environment. Much like the grey Microsoft hack which they recently took credit for, all they had was some source code that turned out to be nothing special, but they hyped it anyway hoping to get people's attention. These are the actions of scared little boys pushed up against a wall facing the loss of their freedom."
Police recently arrested a leader in The Dark Overlord hacking group, and Troia played a part in that investigation. You can read the story here.
This is the second major act of revenge against Troia after the publication of his book.
In the spring of 2020, Troia realized hackers had created a new worm that was wiping thousands of Elasticsearch servers. The criminals behind that one called it the Night Lion worm, naming it to make his security company look bad. The worm finished the attack by leaving a message with Troia's contact information on the server.
This led to some irate calls and messages until he explained it was an act of revenge to get back at him for spilling the secrets of criminal hackers.
Vinny Troia is the opening keynote at the SecureWorld Boston virtual conference on July 15th. We can't wait to hear more about this story and what he learned during his long nights communicating with hackers through an alias.
In the meantime, Troia says the revenge hacking efforts will not stop what he loves to do.
"One afternoon, I drafted an email to the CEO and CISO of a major airline company. The title read, 'URGENT – Data breach in your network.' During our phone conversation later that evening, I proceeded to tell the security admin that I received word from a Dark Web contact that sensitive data from their network was about to go on sale later that week.
Working in tandem with my Dark Web contacts and the company's security team, we were able to identify the hacker's position within their network, turned off their access, and closed the vulnerabilities that allowed them to gain access. This is the kind of thing I do day in and day out, and I love my job."
He views an important part of his job as spending a lot of time on the Dark Web.