Security researcher Bob Diachenko reported a disturbing finding yesterday: someone was wiping out public-facing elastic searches and leaving “NightlionSecurity.com” in their place:
Looks like malicious actors now using @vinnytroia‘s company name in another wave of Elasticsearch automated attacks in an attempt to compromise him. https://t.co/6msI0aKLfa pic.twitter.com/Y1DQ1iCzBG
— Bob Diachenko (@MayhemDayOne) March 25, 2020
By this morning, there were almost 2,300 such instances:
Vinny Troia, the owner of Night Lion Security, suspects that someone he has accused of being thedarkoverlord, is behind the attack:
So far, 157 elasticsearch servers have been wiped and replaced with https://t.co/3MakdjbjFz. This can only be retaliation for my book. I guess #TheDarkOverlord is getting restless while he sits around waiting for the RCMP to arrest him. https://t.co/RXYHrrdSXn
— Vinny Troia (@vinnytroia) March 25, 2020
and
the “NightLion” worm has apparently nulled over 300 elasticsearch servers so far, leaving mine/@nightlionsec info as a greeting card. Someone is apparently upset enough with me to have created a worm in my honor. The seems to use a PHP-Unit CVE from 2017. More soon.
— Vinny Troia (@vinnytroia) March 25, 2020
DataBreaches.net reached out to the Canadian youth Troia’s tweet refers to to ask for his response to Troia’s accusation. There was no immediate response, but it is early morning there. This post will be updated if a response is received.
It’s important to note that although Troia has repeatedly claimed that this youth became the leader of thedarkoverlord and is going to be arrested by the RCMP, there has been no publicly provided proof of either and DataBreaches.net is not suggesting that Troia is right in his attribution that the youth is TDO or that the youth is responsible for the wiping out of the elastic search data. What is clear from my past chats with the youth, however, is that he felt harassed by Troia and was angry at him. Could he be taking revenge now? It’s possible, but he is not the only person who has felt harassed by Troia and who might seek revenge.
Update: DataBreaches.net received a reply from the individual Troia alluded to as being responsible. The individual wrote that he respectfully declines to answer any questions from journalists, but added:
If this individual is aware of a crime being committed, then I recommend he reports it to the relevant authorities.Thanks for bringing my attention to this.
Please note that DataBreaches.net is not naming the individual even though his identity is known to this site. I am not naming him precisely because he has not been arrested nor charged with anything by law enforcement as far as I know, and all we have are Troia’s published allegations that have not been backed up with any hard evidence.
My official report will be out on April 21 following Wyatt’s plea hearing (assuming it is still set for that date, given that courts are currently closed). The report will contain all the evidence you need. I would also suggest reaching out to the RCMP or even the Canadian attorneys (?) responsible for this case and see if you can get a comment on why they have been holding back. You might find that very interesting.
There is no plea hearing on the docket for Wyatt. April 21 is the court-ordered deadline for pretrial motions. You can check the publicly available docket to confirm that for yourself. What makes you think it would be a plea hearing? And what Canadian attorneys are you referring to — specifically? RCMP never really answers questions of that nature. If you are claiming that RCMP have told YOU something, post it. Otherwise you still have posted no proof.
And by the way, for someone who objected to being doxxed or outed by Krebs, and claimed it was dangerous, I saw that you used my name in a tweet/thread that I had nothing to do with. You really are a hypocrite.
Vinny once again you proven to have no understanding about legal proceedings. First if anything you said was true Canada would not be handling this investigation it would be the FBI. You should ask your Americans why they haven’t extradited anyone else other than Wyatt. Second why so scared? Release your “report” that you have given to every LE already. Oh you won’t cause they laugh at you and have nothing. You wait and wait for something to happen in court to give you some hope but guess what it will never happen. It’s ok vinny go back to your sad little life and move on.
You are correct and I apologize for that. I deleted the tweet already though. Please confirm. I was told it was a plea hearing.
As for the Canadian attorneys, the person not mentioned in this story has an open indictment. There are attorneys listed on the front page. Maybe a prosecutor is a better word. It was listed in French though so hard to make out. RCMP has not told me anything.
come on post the “indictment” faggot
Also, regarding the “harassment”. I spoke to him about that. At the time, he accused me of calling him and his father repeatedly at his work and home. I never did any such thing. I have not spoken to him since, but I am sure that he now realizes, in light of other events that have happened since then, that I was not the person (or organization) making those phone calls.