In a recent turn of events, cybersecurity firm CrowdStrike has identified the hacker known as USDoD, who has been linked to numerous data breaches, as a 33-year-old Brazilian man. This hacker, also known by the alias "EquationCorp," has been behind several high-profile cyber attacks targeting prominent organisations, including Airbus, the FBI's InfraGard portal, National Public Data, and TransUnion.
A report obtained by the Brazilian news site TecMundo, from an anonymous source within CrowdStrike, reveals that the individual behind USDoD is Luan BG, a resident of Minas Gerais, Brazil. The report states that CrowdStrike has shared this information with the authorities, which includes details such as his tax registration, email addresses, domains he registered, IP addresses, social media accounts, and his phone number. While personal information about Luan has been uncovered, specific details that could fully reveal his identity have been kept confidential by CrowdStrike, respecting privacy concerns despite his criminal activities.
According to the investigation, Luan BG has been involved in hacking activities since at least 2017, originally engaging in hacktivism. However, by 2022, his activities had escalated into more serious cybercrimes. His operational security mistakes played a crucial role in his identification. For instance, he repeatedly used the same email address and similar phrases across various social media platforms and forums, allowing investigators to track his activities. This email was also linked to personal accounts, domain registrations, GitHub contributions, and social media profiles, which collectively led to his identification. Additionally, early gaps in his technical abilities made it easier for investigators to compile a detailed profile of him, including photos and emails tied to his aliases.
Robert Baptiste, a well-known cybersecurity expert and CEO of Predicta Lab, has confirmed CrowdStrike's findings through an independent investigation. Baptiste’s work corroborates the evidence pointing to Luan BG as the individual behind the USDoD alias.
The report also highlights that Luan BG inadvertently exposed his identity during a 2023 interview with DataBreaches.net, where he falsely claimed to be around 30 years old with dual Brazilian and Portuguese citizenship, residing in Spain. However, further investigation into his online activities, including emails and social media posts, traced his location back to Brazil. Despite his attempts to mislead by claiming U.S. citizenship, CrowdStrike was able to connect him to Brazil using financial records and other digital traces.
Although authorities have been informed about Luan BG’s identity, there is concern that he may continue his cybercriminal activities. Despite the exposure, experts fear that Luan might deny the revelations or downplay them and persist in his illicit endeavours.
The exposure of USDoD’s identity by CrowdStrike is a crucial step in the ongoing battle against cybercrime. It highlights the complex challenges cybersecurity professionals face in tracking down and exposing individuals involved in high-level cyberattacks. As the case unfolds, the impact of this discovery on the broader cybercriminal community will be closely watched.
