Conversation with a “Nam3L3ss” Watchdog: Preface

Posted on by Dissent

This is a multi-part interview with the individual known as “Nam3L3ss,” who leaked more than 100 databases on a popular hacking forum and will soon be leaking many more. In Part 1, he answers some questions about his background and what motivated him to do what he does. In Part 2, we talk a bit about his methods for finding exposed data. In Part 3, we discuss some ethical concerns and the future.

Preface

Christmas came early to database collectors this year, although for the millions of people whose personal nformation was leaked on a hacking forum, there is probably nothing merry about it. But before anyone gets angry at the self-described watchdog who leaked all the data, consider this: all of the data he leaked had already been leaked before and was already in the hands of countless businesses, entities, and criminals. If you are not finding much consolation in that thought, you are not alone.

In November, a relatively unknown forum user started leaking datasets on a hacking forum. Some of the databases were from well-known businesses. Others were from medical or healthcare entities. In a period of about one month, he leaked approximately 100 databases. The databases were neatly organized and provided a summary of who the ultimate victim was, who had hacked the data if it was hacked, and what company or entity had been responsible for the data protection at the time of the hack or leak.

It quickly became clear that the leaks were related to Clop’s 2023 exploitation of vulnerabilities in MOVEit file transfer software. The attack impacted more than 2,500 companies and was one of the biggest breaches of 2023. Although Clop leaked the data on their darkweb leak site if victims did not pay their extortion demands, trying to download the leaks was a painfully slow and frustrating process. The leaks were in dozens of parts that required assembly before they could be extracted and there was a lot extraneous or generally uninteresting files as well.

Then along came “Nam3L3ss,” who cleaned up the datasets and made them freely available and all neatly labeled as to source and circumstances.

Listing on hacking forum for Amazon employees claims the dataset from May 2023 has 2,861,111 Lines. It identifies the ransom group as Clop, and the source as the MOVEit breach at Jones Lang Lasalle. The listing also shows all the database fields and provies a sample of the data. Image redacted by DataBreaches.net.
Forum listing for Amazon employee data from the 2023 MOVEit breach by Clop. Image redaction: DataBreaches.net.

Looking a gift horse squarely in the mouth, some forum users leapt to erroneous hypotheses about what was happening, leading Nam3L3ss to post a “manifesto” and to claim loudly to one and all:

I am NOT a hacker!
If something requires a username or password even a Default password I will NOT try and use it!
I am NOT affiliated with any Ransom Group or Hacker group!
I do NOT SELL DATA
I do NOT BUY DATA

The denial seemed pretty cclear to DataBreaches, but there were still a lot of questions that needed answers. Over the past week or two, DataBreaches and Nam3L3ss chatted and then agreed to organize our conversation in an interview-type format. Readers can now continue to:

  • Part 1, where we talk about who Nam3L3ss is and why he is doing what he is doing;
  • Part 2, where we talk a bit about his methods for finding data; or
  • Part 3, where we talk about some ethical considerations and the future.
Category: Breach Incidents

Leave a Reply

Your email address will not be published. Required fields are marked *