A hacker, hiding under the pseudonym NightLion, claims to have hacked a service for monitoring and arresting leaks Dataviperbelonging to the information security company Night Lion Security. Specialists often scan hacker forums, paste-sites and other sources in search of data stolen from various companies. Such information is usually stored in a private backend, and access to it is provided only to aggregator clients (so that, for example, they can track when the credentials of employees enter the network and the companies themselves suffer from attacks).
An attacker has already sold 8225 databases for sale on Empire’s Darknet trading platform, where he claims to contain personal data of 15 billion users. NightLion also sent dozens of media outlets a link to their website on the darknet, where it published samples of stolen data, and also explained in detail why and how DataViper attacked.
Apparently, the whole point is that Night Lion Security and DataViper are owned by an American information security expert named Vinny Troia. No wonder the hacker took the pseudonym NightLion, which coincides with the name of the Troy company, and he openly declares that he wants to damage the reputation of the researcher and bring him to clean water.
In his ezine, the hacker tells in detail that he spent three months on the DataViper servers, stealing the databases that the service indexed for its leak monitoring service. The cracker writes that Troy’s service is no better than WeLeakInfo and LeakedSource aggregators closed by law enforcement agencies. According to the hacker, the expert provides access to the collected data not only to companies and law enforcement agencies, but also to attackers with whom he allegedly collaborates (including members of the GnosticPlayers group).
On his site, the hacker published a complete list of 8225 databases that were collected by DataViper, a list of 482 downloadable JSON files containing samples of stolen data, and evidence of he really had access to the DataViper backend.
Most databases from the NightLion list relate to old leaks that occurred many years ago, they were well known, and the data leaked to the network long ago and can be found in many different sources. However, a number of companies listed on the hacker list have never reported security issues or data leaks. NightLion writes that he’s not even sure that Troy informed these companies about hacks, and they had the opportunity to deal with the problem and notify their users.
Vincent Troy told reporters Zdnetthat the hacker really got access to one of the DataViper servers, however it was only a test server.
According to the expert, the hacker is selling his own databases, and not some information stolen from DataViper. He assures that this data has been publicly available for many years, and in some cases, Troy really received information from the same hacker communities, which include an attacker. In particular, the researcher believes that the attacker is associated with several hacker groups, including TheDarkOverlord, ShinyHunters and GnosticPlayers.
Troya explains that he described the activities of these groups in his book, published this spring, and now hackers are trying to damage his reputation. He also believes that this action was timed to coincide with his speech at the SecureWorld conference, due to take place in the middle of this week. In his speech, the expert plans to touch on the topic of these hackers and their real personalities.
“When people think that they are illegal, they become careless. So much so that they forget to look at their own historical mistakes. I described this whole scenario in detail in my book when I let them access my web server to find out their IP addresses. But they don't learn anything. All they got access to is just a development environment. It is very similar to hacking Microsoft, for which they recently claimed responsibility. All that they had (then) was some kind of source code, which turned out to be a dummy, but they still untwisted it, hoping to attract attention. All this is the actions of frightened boys who have been pressed against the wall and are facing a loss of freedom, ”Troy comments.