CrowdStrike researchers have identified the infamous hacker known as USDoD, also referred to as EquationCorp, who is responsible for several significant data leaks. According to an investigation by CrowdStrike, USDoD is a 33-year-old man named Luan BG residing in Minas Gerais, Brazil. The findings were initially reported by the Brazilian website TecMundo, which obtained a detailed CrowdStrike report through an anonymous source. Luan has been linked to the theft of vast amounts of sensitive information from notable organizations, including Airbus, the FBI’s InfraGard portal, the National Public Data, and TransUnion.
CrowdStrike’s investigation reveals that Luan BG’s hacking activities began as early as 2017 when he engaged in hacktivism. However, by 2022, he transitioned into more sophisticated cybercriminal endeavors. The link between his early hacktivist activities and later cybercrime was established due to his poor operational security practices, which included using the same email address and phrases across various social media platforms and forums. This lack of caution allowed investigators to trace his online presence back to personal accounts, GitHub edits, domain registrations, and social media profiles, ultimately leading to his identification.
The report emphasizes the risks involved in exposing the identities of individuals involved in cybercrime, even those who engage in malicious activities. Despite Luan BG’s role in serious cybercrimes, CrowdStrike acknowledges the need to protect aspects of his personal life that are not relevant to the investigation. Personal information, such as family members and private photos, remains sensitive and should be handled with care. CrowdStrike aims to balance the public interest in exposing cybercriminals with the ethical considerations of individual privacy.
The investigation further reveals that Luan BG inadvertently disclosed his identity in a 2023 interview with DataBreaches.net, where he claimed dual Brazilian and Portuguese citizenship and stated that he resided in Spain. However, his digital footprint, including email accounts, social media activity, and IP addresses, pointed back to Brazil. Despite his attempts to obscure his identity by claiming U.S. citizenship, CrowdStrike was able to confirm his true location through financial records and other data. Although authorities have received this information, they suspect that Luan will continue his cybercriminal activities, likely dismissing the findings as untrue or exaggerated.
Reference:
