Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label USDoD. Show all posts
USDoD
Data Breach InfraGard National Public Data US Citizen USDoD

Brazil's Federal Police Arrests ‘USDoD,’ Hacker in FBI Infragard Breach

 

Brazil's Polícia Federal arrested USDoD, an infamous hacker linked to the National Public Data and InfraGard breaches, as part of "Operation Data Breach". USDoD, dubbed EquationCorp, has a long history of high-profile data breaches in which he stole data and often posted it on hacking forums, mocking the victims. 

These breaches include those on the FBI's InfraGard, a threat intelligence sharing platform, and National Public Data, which exposed the private data and social security numbers of hundreds of millions of US citizens online. 

Things became worse for the threat actor when he targeted cybersecurity firm CrowdStrike and revealed the company's internal threat actor list. Soon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous CrowdStrike report that reportedly identified, or doxed, the threat actor, figuring out the perpetrator as a 33-year-old Brazilian called Luan BG. 

Interestingly, USDoD verified that CrowdStrike's information was accurate in an interview with HackRead and stated that he was currently living in Brazil. "So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack," USDoD told HackRead. 

Brazil's Polícia Federal (PF) confirmed his arrest in Belo Horizonte/MG earlier this week, most likely with the use of this intelligence. 

"The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions," according to a news release issued by the PF.

A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.

The prisoner boasted on websites that he had exposed sensitive data belonging to 80,000 members of InfraGard, a partnership between the Federal Bureau of Investigation (FBI) and private critical infrastructure companies in the United States of America. He claimed to be the mastermind of multiple cyber invasions that were carried out in multiple nations.

Ironically, the arrest was carried out as part of a law enforcement action known as "Operation Data Breach," which the police said was called after the threat actor's known cyber attacks.
Read more »
USDoD
CrowdStrike Cyber Security Hacking Security USDoD

Brazilian Hacker Behind Major Data Leaks



In a recent turn of events, cybersecurity firm CrowdStrike has identified the hacker known as USDoD, who has been linked to numerous data breaches, as a 33-year-old Brazilian man. This hacker, also known by the alias "EquationCorp," has been behind several high-profile cyber attacks targeting prominent organisations, including Airbus, the FBI's InfraGard portal, National Public Data, and TransUnion.

A report obtained by the Brazilian news site TecMundo, from an anonymous source within CrowdStrike, reveals that the individual behind USDoD is Luan BG, a resident of Minas Gerais, Brazil. The report states that CrowdStrike has shared this information with the authorities, which includes details such as his tax registration, email addresses, domains he registered, IP addresses, social media accounts, and his phone number. While personal information about Luan has been uncovered, specific details that could fully reveal his identity have been kept confidential by CrowdStrike, respecting privacy concerns despite his criminal activities.

According to the investigation, Luan BG has been involved in hacking activities since at least 2017, originally engaging in hacktivism. However, by 2022, his activities had escalated into more serious cybercrimes. His operational security mistakes played a crucial role in his identification. For instance, he repeatedly used the same email address and similar phrases across various social media platforms and forums, allowing investigators to track his activities. This email was also linked to personal accounts, domain registrations, GitHub contributions, and social media profiles, which collectively led to his identification. Additionally, early gaps in his technical abilities made it easier for investigators to compile a detailed profile of him, including photos and emails tied to his aliases.

Robert Baptiste, a well-known cybersecurity expert and CEO of Predicta Lab, has confirmed CrowdStrike's findings through an independent investigation. Baptiste’s work corroborates the evidence pointing to Luan BG as the individual behind the USDoD alias.

The report also highlights that Luan BG inadvertently exposed his identity during a 2023 interview with DataBreaches.net, where he falsely claimed to be around 30 years old with dual Brazilian and Portuguese citizenship, residing in Spain. However, further investigation into his online activities, including emails and social media posts, traced his location back to Brazil. Despite his attempts to mislead by claiming U.S. citizenship, CrowdStrike was able to connect him to Brazil using financial records and other digital traces.

Although authorities have been informed about Luan BG’s identity, there is concern that he may continue his cybercriminal activities. Despite the exposure, experts fear that Luan might deny the revelations or downplay them and persist in his illicit endeavours.

The exposure of USDoD’s identity by CrowdStrike is a crucial step in the ongoing battle against cybercrime. It highlights the complex challenges cybersecurity professionals face in tracking down and exposing individuals involved in high-level cyberattacks. As the case unfolds, the impact of this discovery on the broader cybercriminal community will be closely watched.


Read more »
USDoD
Data Breach Data Leak DOD Hackers Information Security Sensitive data Social Security Number USA USDoD

Massive Data Breach Exposes Social Security Numbers of 2.9 Billion People

 


A significant data breach has reportedly compromised the personal information of 2.9 billion people, potentially affecting the majority of Americans. A hacking group known as USDoD claims to have stolen this data, which includes highly sensitive information such as Social Security numbers, full names, addresses, dates of birth, and phone numbers. This development has raised alarm due to the vast scope of the breach and the critical nature of the information involved. The breach was first reported by the Los Angeles Times, which revealed that the hacker group is offering the stolen data for sale. 

The breach allegedly stems from National Public Data, a company that collects and stores personal information to facilitate background checks. The company has not formally confirmed the breach but did acknowledge purging its entire database. According to National Public Data, they have deleted all non-public information, although they stopped short of admitting that the data had been compromised. In April, the hacking group USDoD claimed responsibility for the breach, stating that it had obtained the personal information of billions of people. This led to a class-action lawsuit against National Public Data, as victims sought redress for the potential misuse of their sensitive information. 

The lawsuit has intensified scrutiny on the company’s data security practices, particularly given the critical nature of the information it manages. The potential consequences of this breach are severe. The stolen data, which includes Social Security numbers, could be used for a variety of malicious activities, including identity theft, fraud, and other forms of cybercrime. The scale of the breach also highlights the ongoing challenges in safeguarding personal information, particularly when it is collected and stored by third-party companies. As investigations continue, the breach underscores the urgent need for stronger data protection measures. 

Companies that handle sensitive information must ensure that they have robust security protocols in place to prevent such incidents. The breach also raises questions about the transparency and responsibility of organizations when dealing with personal data. In the meantime, consumers and businesses are on high alert, awaiting further developments and the potential fallout from one of the largest data breaches in history. The incident serves as a stark reminder of the risks associated with data storage and the critical importance of cybersecurity.
Read more »
USDoD
Cybersecurity industry Data Breach Data Leak data security Email Account Compromise Email address USDoD

Massive Email Address Exposure: SOCRadar.io Data Scraping Incident

 

A significant security concern has arisen following the exposure of an estimated 332 million email addresses online, allegedly scraped from the security intelligence platform SOCRadar.io. The massive data dump was reportedly posted on a cybercrime forum by a threat actor known as Dominatrix. According to Hackread, the data was initially scraped by another actor, “USDoD,” who has a history of involvement in previous data breaches. The leaked data was extracted from what are described as “stealer logs and combolists,” suggesting that malware infections played a crucial role in the initial data collection. 

This indicates a broader issue involving malware distribution and the exploitation of compromised systems. The data scraping incident reportedly took place in July 2024. Hackread notes that an announcement on the underground hacker forum Breach Forums revealed that a 14GB CSV file containing only email addresses, aggregated from various data breaches, was obtained. The forum user known as USDoD initially attempted to sell the scraped data for $7,000 on July 28, 2024. 

However, Dominatrix, who is alleged to have purchased the data, made it public on August 3, 2024, stating, “Hello BreachForums Community, Today I have uploaded a SocRadar database for you to download, thanks for reading and enjoy! In July 2024, @USDoD scraped socradar.io extracting 332 million emails parsed from stealer logs and combolists. I have purchased the data to share with you all today.” 

Although the incident does not involve passwords, the exposure of email addresses poses several risks. Cybercriminals could use the email list to conduct large-scale phishing campaigns, attempt unauthorized access through brute-force attacks, or perform credential stuffing by comparing the emails with previously leaked data containing passwords. SOCRadar’s Chief Security Officer, Ensar Seker, has disputed the claims that the data was sourced from their platform. According to Seker, there is no evidence proving that the data was collected from SOCRadar. 

Instead, he suggests that the data was likely harvested from Telegram channels and misrepresented as being from SOCRadar. Seker emphasizes that threat actors had impersonated legitimate companies to gather the information. SOCRadar is pursuing legal avenues and cooperating with law enforcement agencies to address the issue. This incident underscores the critical need for strong cybersecurity practices. 

Users are advised to employ unique passwords for different accounts, enable multi-factor authentication (MFA) to add an extra layer of security, and remain vigilant against unsolicited emails, avoiding suspicious links and attachments to mitigate potential threats.
Read more »
USDoD
Data Breach Data Leak Database Breach Linkedin LinkedIn Users Personal Data US Government USDoD

Hackers Leaks Scraped LinkedIn Data of 35 Million Users


Threat actors have recently leaked personal information of over 35 million online users, by illicitly accessing a LinkedIn database. Apparently, the hackers are operating under the name ‘USDOD.’

The database, on the other hand, has been released in a popular cybercrime forum, Breach Forums. 

It is significant to note that USDoD is the same hacker who compromised the FBI's InfraGard security platform last year, revealing 87,000 members' personal information.

In a post on Breach Forums, the hacker verified that web scraping was used to access the most recent LinkedIn information. Web scraping is a software-driven, automated process that extracts data from websites, usually with the purpose of obtaining certain information from web pages.

As revealed by Hackread, the leaked data included publicly available information regarding the victims’ LinkedIn profiles, such as full names and profile bios. While this data also contains millions of email addresses, the hackers could not get hold of the passwords.

Email addresses from senior US government officials and organizations are exposed in the leak. Email addresses from other international government agencies have also been found.

Legitimacy of LinkedIn Data: Is it Authentic?

After analyzing more than 5 million accounts in the database, Troy Hunt of HaveIBeenPwned came to the conclusion that the data was a combination of information from other sources, including fraudulent email addresses and public LinkedIn profiles. Troy notes that the individuals, businesses, domain names, and a large number of email addresses are real, even though some of the information may be anecdotal or largely made up.

"Because the conclusion is that there’s a significant component of legitimate data in this corpus, I’ve loaded it into HIBP[…]But because there are also a significant number of fabricated email addresses in there, I’ve flagged it as a spam list which means the addresses won’t impact the scale of anyone’s paid subscription if they’re monitoring domains," Hunt explained.

This however was not the first time when the LinkedIn information was being leaked online by threat actors. A similar case happened back in April 2021, where 2 scrapped LinkedIn databases went on sale with 500 million and 827 million records. Also, in June 2021, a hacker sold a LinkedIn database that contained information about around 700 million users.  

Read more »
Subscribe to: Posts (Atom)