Infamous Brazilian Hacker’s Campaign of Data Breaches Ends in Arrest

by | Oct 28, 2024

A Brazilian hacker who has been a general menace for at least several years now, and involved with the massive National Public Data breach among others, is in the custody of the country’s federal police after a somewhat unusual series of events. Hacker “USDoD” was arrested for two older data breaches involving that same police force, but it would appear his direct undoing was a heist on security firm Crowdstrike.

The hacker also goes by “EquationCorp,” but his real name appears to be Luan BG. Authorities came into possession of this information by way of a leaked internal Crowdstrike report that identified the attacker, who had previously stolen their internal threat actor list. Surprisingly, though this was an unofficial report, the hacker confessed to his data breaches and said he would wait in his hometown for authorities to pick him up.

Data breaches were some of the biggest as of late

It is unclear if Crowdstrike intended to formally identify USDoD in public, but one of its internal reports on him “somehow” made its way to Brazil’s tech magazine Techmundo. After the magazine went public, USDoD inexplicably surfaced to confirm his identity and participation in numerous data breaches. He then said he planned to retire and would accept capture by his government.

There are no really good reasons for why he would surrender so easily, only inferences from his posts. But the hacker’s high-profile data breaches definitely made him a high priority to international law enforcement, particularly after the National Public Data attack made the nightly news across the US. USDoD maintains that he merely stole that data, which contained huge amounts of Social Security numbers among other sensitive information, and did not leak or attempt to sell it.

Another one of the data breaches that likely put international law enforcement onto him was the attack on the FBI’s InfraGard program, which draws together US critical infrastructure companies to participate in a threat intelligence sharing network. That ended with the hacker stealing the contact information of about 80,000 of the program’s members, but was also an embarrassment for the FBI as he somehow socially engineered his way through a background check by posing as a financial firm’s CEO.

Over at least half a decade USDoD regularly appeared on BreachForums and similar hacking forums to sell stolen data of this sort. But it appears that two older data breaches on Brazil’s federal police were the ones that came back to haunt him the most.

Older federal police breaches cost hacker his freedom

USDoD will likely face further legal action for his assorted data breaches, but the immediate ones prompting his arrest were two smaller incidents involving Brazil’s federal police that date back to 2020 and 2022. In the 2022 edition, he offered the login credentials of over 600 members of the organization for sale on a forum.

His story about not trying to sell the National Public hoard will likely not stand up, as he publicly offered it for $3.5 million on a forum at one point. That should attract the attention of US, UK and Canadian authorities eager to extradite.

Recent Posts

How can we help?

10 + 1 =

× How can I help you?