Yesterday, DataBreaches.net reported on a hoax email sent from a government system by an individual who calls himself “Pompompurin” on Twitter (@Pompompur_in). Pompompurin had immediately claimed responsibility for the incident and gave out interviews left and right.
WhitePacket. Image: Provided by Christopher Meunier.
Despite Pompompurin taking responsibility for the hoax email, Vinny Troia of NightLion Security and ShadowByte immediately claimed that the hoax email (which included a false accusation about Troia) was the work of a Canadian man known on Twitter as “WhitePacket.” What followed next was a confusing set of statements from Troia about whether Pompompurin was actually WhitePacket or whether Pompompurin just worked with WhitePacket, or whether he was just a patsy for WhitePacket.
In a blog post published today by ShadowByte, Troia and his colleagues repeat a lot of Troia’s past (and still unproven) allegations about WhitePacket being responsible for a string of attacks by thedarkoverlord, so let me address that part of their post first:
Yes, thedarkoverlord committed many, if not all, of the attacks Troia claims they did in today’s blog post on ShadowByte. There are many other attacks TDO was responsible for, too, that are not listed in that post. But Troia has never provided any credible evidence that WhitePacket was thedarkoverlord (TDO). What he has provided is a mess of speculations, snippets of chats, and his beliefs that different individuals are all one person.
When challenged about his lack of hard evidence, Troia told this site that he was withholding evidence that he had given to law enforcement. Whatever he may have given them, it apparently was insufficient to support any charges or any arrest or any extradition request.
Today, Troia and ShadowByte also published a second blog post. The second one deals with attributing the FBI email hoax to Pompompurin. Well, there was no doubt that it was Pompompurin, but the more interesting part of the post is Troia’s claim that Pompompurin is WhitePacket (it seems he has reverted to saying they are the same).
Some of Troia’s evidence attempting to claim that Pompompurin is WhitePacket relates to the og.money domain that previously belonged to WhitePacket and that is now used by Pompompurin. Troia’s post erroneously claims that og.money was the official site for “Money Team.” That is false. So is any claim that the domain never changed hands.
A blackhat with knowledge of the domains responded to the ShadowByte claims about OG Money thusly:
og.money was never linked to 1.3.3.7/money.team
chippy did 1.3.3.7/money.team, not whitepacket… jesus christ
can he not google a single thing
Troia should not be so stupid and do some Research (oh).
Og.money is a random domain whereas money team literally owned “money.team” in 2015/2016, which was used for years pointing to 1.3.3.7 as A record and transfered to some random on 2021-09-12 (check Securitytrails, dumbass)
already mentioned by krebs, troia is just is too retarded to check a single thing he claims
DataBreaches.net is going to just leave that there and note that Pompompurin has also addressed this in his blog post today, where he also provides information on how he purchased the domain from a reseller.
The more interesting part of Troia’s attribution post (at least interesting to me) involved a partial and redacted chat snippet that would suggest that Pompompurin, who is supposedly new to the scene within the past year, knows people from the past who are not currently online or known to be active. Troia points to a screencap from a conversation in which Pompompurin reportedly told Troia that “Dion” — another Canadian who Troia claims was a childhood friend of WhitePacket’s — was currently studying to be a doctor in medical school:
“Only someone who personally knew Dennis would have understood who I referred to when I said “Dion”,” Troia writes. “More importantly, Pom provided an answer to a question that no one else could have known. How else could Pompompurin have known that Dion is in Medical school practicing to become a doctor?
And in telling me, he confirmed his identity and (once again) threw his childhood friend under the bus.”
Pompompurin addressed the above somewhat in his blog post today. He addressed it in more detail in a chat with DataBreaches.net. In that chat, and after securing this site’s agreement not to identify his source, Pompompurin named the identity of the person who he claims fed him information about “Dio” or “Dion” and who reportedly told him what to say to Troia to troll him (a copy of the unredacted chat, provided to DataBreaches.net, shows a multi-hour gap between the time Troia asked Pompompurin a question and Pompompurin responded by saying that “Dion” was going to medical school. There was plenty of time for another person to advise Pompompurin how to answer Troia.
The person who reportedly fed Pompompurin information to feed to Troia is known to DataBreaches.net as a long-time detractor of Troia’s who had knowledge of the DataViper hack, ezine, and Troia’s book. He also had reason to hold a grudge against Troia.
DataBreaches.net also contacted “Dion” to get his response to Troia’s claims. None of what Troia reported was true, he told this site. He does not know Pompompurin, he is not a childhood friend or any friend of WhitePacket’s and he has not gone to medical school, he told DataBreaches.net, adding, “Vinny is a idiot believes anything ppl say” (sic). This is not the first time this person has firmly denied ever being a childhood friend — or any friend at all — of WhitePacket’s.
So Troia may have been trolled by Pompompurin who was fed information by someone with a grudge against Troia. And Troia believing it all and then using it as “proof” to support attributions.
The last section of ShadowByte’s post is titled, “Will The FBI Finally Close This Case?”
Until now, for reasons unknown to me, the FBI has (apparently) been unable to extradite Meunier. The cyber laws in Canada are very different, and Chris is somehow protected in his perch in Calgary. Perhaps now that the FBI has been victimized and publicly embarrassed by this incident they will have the motivation and urgency to finally take him down.
I am sure the FBI is motivated to find Pompompurin. And unless his opsec is perfect, it just may be a matter of time before they get him. But let’s not equate him with WhitePacket just because Troia believes they are the same person. Indeed, is there any evidence at all that Pompompurin is even in Canada?
And is it possible — or even likely — that the FBI is perfectly capable of seeking WhitePacket’s extradition but they don’t believe he’s TDO?
Enter a Naive Congressman
Troia and ShadowByte have seemingly convinced a California congressman that things are as they claim, and this Congressman has jumped in to repeat questionable claims. ShadowByte’s first blog post contains a statement from Congressman Correa:
“Friday’s breach of the DHS/FBI LEEP email server is the latest in a long string of data breaches which evidence indicates can be attributed to one individual operating in Calgary, Canada. Unfortunately, Canadian cyber security and privacy law have made it difficult to arrest this individual, and extradite him once apprehended,” said Rep. Correa.
Has Congressman Correa sought or obtained any other evidence or opinions on ShadowByte’s and Troia’s allegations? It doesn’t sound like he has:
“Since July of this year, I have been receiving research and intelligence from the leadership team at Shadowbyte, a Threat Intelligence Company investigating the hacker,” he added. “In reviewing the details of their investigation and evidence, it is clear that we (US) must do better in our coordination with other countries for extradition of cyber crime suspects. While recent efforts at curbing international Ransomware organizations have focused on extradition, this has been limited to Russia and China. Meanwhile, cyber criminals in other parts of the world, much closer to our own borders, seem to have carte Blanche while they hide behind their country’s laws. My office will continue to push the importance of this on The Hill and to the White House.”
Hook, line, and sinker.
WhitePacket Responds
In the past, I have redacted WhitePacket’s real name. With his consent, I am no longer redacting it. The following is Christopher Meunier’s statement to this site in response to Troia’s allegations and the ShadowByte blog posts.
“I have not been charged with a crime in Canada or the United States and I’m not a suspect in any criminal investigations in the United States or Canada confirmed to me by the Calgary Police and FBI. I could however be considered a witness in 1 investigation within the USA. Me and other ethical security researchers online have tried to convince Vinny Troia to stop publishing unproven claims as facts and wasting law enforcement’s time. He clearly needs help with his obsession with me and other young men online. I already spoke to my lawyers and unfortunately in Missouri it’s really hard to prosecute defamation cases unless there’s proof someone was lying which isn’t possible for an ongoing investigation. It would also be a waste of my time to try to come after him for the criminal harassment issues which have gone back to when I was 17. There are allegations he is involved in nefarious activities involving online forums which could include hacking into computer systems and selling their databases. It’s not currently confirmed whether or not Vinny Troia is suffering from mental illness, has a criminal background, or is a pedophile but if he’s willing to get checked for those then I’m willing to transparently publish a criminal background check that shows I’m not in any trouble with law enforcement. I’ve also never been to jail. If he had hard evidence he would’ve shown it 6 years ago when he started criminally harassing me. The FBI has asked for my help with their investigation and have told me to my face they know I’m not TDO. I provided them with information as a potential witness but I declined to testify in court against suspects in their investigation. People have been pulling online pranks on him for a little while because he eggs them on and it’s him that’s destroying his own reputation by being spiteful and posting unproven claims as facts. This is in fact libel and very irresponsible for an old man who runs a business to be doing.”
Christopher Meunier. Image: Provided.
Additionally congressman Correa should be ashamed of himself for attributing a serious crime to “an individual in Calgary” without hard evidence or facts. This just goes to show anyone can publish anything they want about someone online or in books and get away with predatory behavior involving children and it needs to change. People like Vinny Troia need to get help through either therapy or the criminal justice system. They should not be allowed to freely victimize “young boys” (quoting Vinny Troia here, where he publicly references myself).
I don’t know why he’s talking about me getting indicted and blaming Canada for not sending me to the USA when I’m a Canadian citizen, I have no warrants in America, and I’m not the subject of any criminal investigation at all. He shouldn’t baselessly attack me or my city every time something he doesn’t like happens. It’s not healthy and it doesn’t show the maturity a man in his 40s or 50s should have. I would be surprised if anyone does business with him considering his childish actions and slanderous claims.
Perhaps all the homophic comments and cute pictures he posts of me have something to do with his own sexuality and mental state. What he writes about me shows almost nothing about me and everything you need to know about him. These stories he writes aren’t even about me. They’re a story about an obsessed stalker that will do everything he can to keep in contact with me even if it violates the law and hurts other people in the process.
So okay, Troia will claim that the statement above is just more of the same by Meunier, but Meunier could say the same — that all Troia does is accuse him and obsess over him and try to link everyone and everything to him. A couple of points to emphasize:
Meunier, whose age is usually misreported by Troia, was questioned by the FBI a few years ago, as Meunier states and as I was told at the time. As is normal when they seek to question a non-American outside of the U.S., local law enforcement was present during that interview. In this case, Calgary Police are the closest police to where Meunier lives (Meunier does not actually live in Calgary. He provided this site with a redacted screencap of his driver’s license that showed his age and city in Canada).
Troia/ShadowByte now claim that Calgary Police told them that they couldn’t charge Meunier without a “smoking gun,” i.e., evidence that he committed a crime from his home in Calgary. I do not know whether they actually said that that way, but why would they charge him at all if he’s not in Calgary? For these types of cases, the RCMP would be more likely to be involved, wouldn’t they? And as we have seen in the news, the RCMP does charge people with cybercrimes. So why has Troia focused on Calgary Police and not RCMP?
And what happened to that grand jury that Troia claimed would be meeting around the time of Troia’s SecureWorld keynote speech? Did they ever meet? What happened?
There is no Calgary investigation. The FBI reached out to Calgary police to meet me because that’s the closest police department to me and the RCMP probably wouldn’t bother — Christopher Meunier
So now it’s years later. Troia continues to publicly name and accuse people who have never been arrested or charged, and he tries to explain that away by claiming the extradition laws are weak or that Meunier was being protected because of his age?
There are a lot of people who despise Troia. Some may despise him for the reasons he claims. Others may despise him because he trades data with them or seeks to buy data (they claim) or tries to market data on his sites while calling them criminals. Others may despise them because he has falsely accused them, if he has.
DataBreaches.net does not want to see the thedarkoverlord escape prosecution or justice for what they did — and what they did included attacking a lot of medical entities and schools. But this blogger wants to see the actual criminals prosecuted and not people who are being accused without any meaningful evidence at all.
