Share this article on:
Brazil’s federal police force has arrested the infamous hacker USDoD, the same threat actor connected to the National Public Data data breaches.
Yesterday (16 October), Brazil’s Polícia Federal (PF) announced the arrest of Luan BG, better known online as USDoD, after it was suspected that he had breached PF systems.
“The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions,” said the PF.
“A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.”
The threat actor, also known as EquationCorp, has been connected to a number of high-profile data breaches, including on Airbus, a 70-million-record-strong US criminal database, and most recently, US background-checking firm National Public Data, which recently filed for bankruptcy.
However, it was USDoD’s claim that he breached US cyber security firm CrowdStrike that landed him in deep water.
In July, the threat actor boasted about leaking CrowdStrike’s “entire threat actor list” list on the popular threat forum BreachForums, with a link to the alleged list. However, no breach ever took place.
“There is no CrowdStrike breach," a CrowdStrike spokesperson told Cyber Daily.
"This threat intel data is available to tens of thousands of customers, partners, and prospects.”
Following the alleged breach, Brazilian publication TecMundo received an anonymous report revealing USDoD's identity as 33-year-old Brazilian man Luan BG.
Speaking with HackRead, USDoD confirmed that the information leaked about him was real and that he was, in fact, Luan BG and lived in Brazil.
“So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me …,” he told HackRead.
Likely with the assistance of this information, the PF arrested USDoD.
“The prisoner boasted of being responsible for several cyber invasions carried out in some countries, claiming, on websites, to have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the Federal Bureau Investigation – FBI and private critical infrastructure entities in the United States of America,” said the PF.
“The investigation will continue to identify any other cyber intrusions that were committed by the person under investigation.”
Discussion of USDoD’s arrest ignited on BreachForums, with fellow users shocked by the incident.
One user said that he had spoken to Luan BG the morning of the arrest and that, despite confirming his identity to media, the arrest caught him by surprise.
“He had been in touch with me this morning, and I can tell you that he had no idea this was even a possibility at this point based on what the Federal Police had told his lawyer a couple of months ago,” said BreachForums user DissentDoe.
UPDATED 17/10/24 to add further CrowdStrike commentary