Naming names: some comments on Hunting Cyber Criminals’ attributions and proof
For the past few months, I waited for Vinny Troia of Night Lion Security to publish a report he prepared that would contain proof to support his claims that certain named individuals were members of thedarkoverlord. In the last few weeks, Troia expanded his claims to assert that he had also identified members of GnosticPlayers and ShinyHunters — and that all three groups involved the same threat actors.
If you’re going to publicly accuse someone of being a criminal, I’d hope to hell you have solid proof or a good defamation insurance policy in the alternative.
I spent the weekend looking at Troia’s report. Because some arrests have been made concerning GnosticPlayers, his attributions there seem on more solid ground, although even there, he makes claims that he does not provide support for.
But mostly what I looked for and at was his claims about thedarkoverlord, a group that I have tracked and reported on for four years now.
I’ve uploaded an article with my responses or thoughts about the evidence Troia presented. Keep in mind that I am NOT a security professional. I just think I’m someone who is able to follow a presentation to see if the presenter builds a solid case to support their beliefs.
You can find out what I thought in:
THAT’S YOUR PROOF?? (pdf)