Cybersecurity is a broad term that encompasses a variety of computer security mechanisms, including ethical hacking. Since around 1200 B.C., the term “hacking” has been used to describe “cutting someone’s privacy roughly and violently,” and it had no association with technology until the mid-twentieth century.
The term “hacking” was first used in reference to the use of technological know-how in 1955 ina meeting of the Technical Model Railroad Club. It was used in the meeting minutes to describe how members have modified the functions of their high-tech systems. Throughout the 1960s, the term expanded to include the growing legions of computer enthusiasts. The Jargon File defined a hacker as “a malicious meddler who tries to discover sensitive information by poking around” in 1975. As a result, the term was associated with cybercrime for the first time.
With time and the evolution of technology, the meaning of the term has diversified a lot. Nowadays, the term “hacker” can refer to any skilled computer programmer, though it is most commonly associated with a “security hacker.” A security hacker uses technical knowledge of bugs or vulnerabilities to exploit weaknesses in computer systems in order to access data that they would not otherwise have access to. Security hacking is typically illegal and can result in large fines or even sentences to prison.
On the contrary, ethical hacking is a type of cyber security that is defined as the process of testing the system against all possible security breaches and repairing any vulnerabilities before a malicious attack occurs. Hacking is illegal, but ethical hacking is the legal practice of circumventing system security in order to identify any potential data threat. Ethical hackers attempt to examine systems to identify weak points that malicious hackers can exploit. These types of hackers are also known as white-hat hackers because their work is similar to that of black-hat hackers, but ethical hackers do not intend to harm anyone with their actions and instead, only protect their systems. Similar is an individual named Vinny Troia.
Vincenzo Troia, also known as Vinny Troia, is a white hat computer security professional, hacking forensic investigator, and cybersecurity author. Troia is the owner and operator of Night Lion Security, a specialized cybersecurity services company, and the founder of Shadowbyte, a threat intelligence firm. He graduated from Empire State College in New York with a bachelor’s degree in Information Systems and a master’s degree in Information Assurance and Security from Western Governor’s University. He also holds a Ph.D. in Information Security and Assurance from Capella University, where he researched the perceived effectiveness of the National Institute of Standards and Technology (NIST) Cybersecurity Framework among information security leaders.
In 2014, Troia founded Night Lion Security, an ethical hacking and digital investigation firm. He has provided cybersecurity analysis to media outlets such as Fox News, NBC, and CNBC through his firm on topics such as the target data breach, NSA spying on mobile phone users, identity theft, and tax return fraud. At Scott Air Force Base, he has also worked with various Departments of Defense and Military projects.
Portraying his advanced expertise, Troia credited himself with discovering several major data breaches, including those at Exactis and People Data Labs. Exactis, a marketing firm, inadvertently leaked 340 million personal data records to the public in June 2018. The leak contained multiple terabytes of personal information spread across hundreds of separate fields, including addresses, phone numbers, family structures, and extensive profiling data, according to security researcher, Troia.
Apollo, a sales engagement startup, left a database containing billions of data points publicly exposed without a password in July 2018. Troia, discovered the data and later sent a subset of it containing 126 million unique email addresses to ‘Have I Been Pwned’? The data Apollo left exposed was used in their “revenue acceleration platform,” and it included personal information like names and email addresses, as well as professional information like places of employment, roles people held, and their residence.
Later, Vinny Troia and Bob Diachenko aided in email address validation service Verifications.io during a data breach in February 2019. The breach occurred as a result of data being stored in a MongoDB instance that was left publicly accessible without a password, exposing 763 million unique email addresses. Many of the records in the data contained additional personal information such as names, phone numbers, IP addresses, dates of birth, and genders.
Taking part in the Shanghai National Police Database leak incident, Troia discovered an Elasticsearch server containing the Shanghai National Police Database and information on over a billion Chinese citizens in 2022. The analysis of the data samples revealed that the personal information in the database came from people all over China, not just from Shanghai.
With an intent to educate people on cybersecurity, Troia wrote a book Hunting Cyber Criminals: A Hacker’s Guide to Online Intelligence Gathering Tools and Techniques, which includes scenarios from his investigation into The Dark Overlord hacking group, as well as methods for investigating cybercriminals using Open-Source Intelligence (OSINT) gathering tools and techniques. Exploring cybersecurity and hacking technologies, Troia has used his expertise in the best possible way.