Friend
Professional
- Messages
- 2,653
- Reaction score
- 860
- Points
- 113
The world will have to find out if USDoD's remorse is genuine.
The USDoD hacker revealed his identity and claimed to be 33-year-old Luan G. from the state of Minas Gerais in Brazil. USDoD (EquationCorp) is known for leaking National Public Data (NPD) and publishing more than 3.2 billion Social Security numbers online.
During an interview with Hackread, the hacker confirmed that his identity was revealed by CrowdStrike. Recall that in July, USDoD announced the theft of the full internal list of threats from the CrowdStrike database. Less than a month later, CrowdStrike managed to dehumiliate the hacker.
USDoD was also involved in the hacking of the FBI's InfraGard security platform, which exposed the personal data of 87,000 users. In addition, the hacker was involved in other major data breaches and incidents.
USDoD itself announced its intention to change its life and end cybercrime in order to "do something positive for Brazil." The hacker admitted that it was time to take responsibility for his actions: "Congratulations to CrowdStrike for exposing me, even though intel421 Plus and several other companies had already done so before the InfraGard breach. I want to say thank you, it's time to admit that I lost and it's time to get out of the game. Yes, this is Luan. I will not run, I am in Brazil, in the same city where I was born. I'm a valuable object, and maybe I'll talk to those in charge soon, but everyone will know that there's an ordinary person behind the USDoD alias. I can't live a double life, and it's time to take responsibility for my actions, no matter how much it costs me."
Industry experts have expressed doubts about the sincerity of the hacker's intentions to end criminal activity. According to experts, if the hacker really wanted to start a new life, he could turn himself in at the nearest embassy, make a lucrative deal with justice, and become a respected information security specialist a few years later. It is also suggested that this interview may be part of a disinformation strategy aimed at diverting attention from recent attacks.
CrowdStrike spoke about its work in a report obtained by the TecMundo portal from an anonymous source. At the disposal of the specialists were Luan's tax documents, email addresses, registered domains, IP addresses, social media accounts, phone number and information about the city of residence. However, more accurate data is not disclosed in order to avoid a complete leak of the identity of the criminal.
Luan BG has a long history in the field of hacktivism, starting back in 2017, and later moving into the more serious stage of cybercrime. Investigators were able to identify Luan by using the same email address to register on different forums and social networks, which made it possible to track his activities from 2017 to 2022. The same address was used to create GitHub accounts and register domains related to cyber weapons projects. Based on the collected data, other profiles in social networks were found.
Luan's social media profile
Interestingly, Luan B.G. did not hide his identity and even gave an interview in 2023, where he stated that he had dual citizenship - Brazilian and Portuguese, and also mentioned that he lives in Spain. However, Luan later claimed that all data about his personality presented in the public domain is disinformation.
In addition, a leak on the BreachForums forum in July 2024, when users' IP addresses were exposed, helped reveal that Luan was using dynamic IPv4 and several IPv6s belonging to a Brazilian ISP in Minas Gerais.
Now all the collected data has been transferred to the relevant authorities. CrowdStrike continues to monitor USDoD activity as the group continues to engage in cyberespionage and blackmail, putting stolen data up for sale.
According to experts, the publication of information about Luan's personality is unlikely to affect his activities in the short term, as he is likely to deny his involvement or claim that he deliberately misled researchers. The researchers emphasize that Luan's desire for recognition in the hacktivist and cybercrime communities most likely means that he is not going to stop his activities anytime soon.
Revealing the identity of the USDoD hacker as a Brazilian citizen has significant implications, given his involvement in high-profile data breaches. Under the U.S.-Brazil extradition treaty, U.S. authorities can request extradition to prosecute him for cybercrimes. However, Brazil often does not extradite its citizens, which can complicate efforts to bring the hacker to court in the United States. If the extradition is refused, the hacker can still be punished under Brazilian cybercrime law.
Luão G.'s intention to change his life and make a positive contribution to Brazil's development may also influence the authorities approach to his case, perhaps focusing on rehabilitation rather than harsh punishment.
Source
The USDoD hacker revealed his identity and claimed to be 33-year-old Luan G. from the state of Minas Gerais in Brazil. USDoD (EquationCorp) is known for leaking National Public Data (NPD) and publishing more than 3.2 billion Social Security numbers online.
During an interview with Hackread, the hacker confirmed that his identity was revealed by CrowdStrike. Recall that in July, USDoD announced the theft of the full internal list of threats from the CrowdStrike database. Less than a month later, CrowdStrike managed to dehumiliate the hacker.
USDoD was also involved in the hacking of the FBI's InfraGard security platform, which exposed the personal data of 87,000 users. In addition, the hacker was involved in other major data breaches and incidents.
USDoD itself announced its intention to change its life and end cybercrime in order to "do something positive for Brazil." The hacker admitted that it was time to take responsibility for his actions: "Congratulations to CrowdStrike for exposing me, even though intel421 Plus and several other companies had already done so before the InfraGard breach. I want to say thank you, it's time to admit that I lost and it's time to get out of the game. Yes, this is Luan. I will not run, I am in Brazil, in the same city where I was born. I'm a valuable object, and maybe I'll talk to those in charge soon, but everyone will know that there's an ordinary person behind the USDoD alias. I can't live a double life, and it's time to take responsibility for my actions, no matter how much it costs me."
Industry experts have expressed doubts about the sincerity of the hacker's intentions to end criminal activity. According to experts, if the hacker really wanted to start a new life, he could turn himself in at the nearest embassy, make a lucrative deal with justice, and become a respected information security specialist a few years later. It is also suggested that this interview may be part of a disinformation strategy aimed at diverting attention from recent attacks.
CrowdStrike spoke about its work in a report obtained by the TecMundo portal from an anonymous source. At the disposal of the specialists were Luan's tax documents, email addresses, registered domains, IP addresses, social media accounts, phone number and information about the city of residence. However, more accurate data is not disclosed in order to avoid a complete leak of the identity of the criminal.
Luan BG has a long history in the field of hacktivism, starting back in 2017, and later moving into the more serious stage of cybercrime. Investigators were able to identify Luan by using the same email address to register on different forums and social networks, which made it possible to track his activities from 2017 to 2022. The same address was used to create GitHub accounts and register domains related to cyber weapons projects. Based on the collected data, other profiles in social networks were found.
Luan's social media profile
Interestingly, Luan B.G. did not hide his identity and even gave an interview in 2023, where he stated that he had dual citizenship - Brazilian and Portuguese, and also mentioned that he lives in Spain. However, Luan later claimed that all data about his personality presented in the public domain is disinformation.
In addition, a leak on the BreachForums forum in July 2024, when users' IP addresses were exposed, helped reveal that Luan was using dynamic IPv4 and several IPv6s belonging to a Brazilian ISP in Minas Gerais.
Now all the collected data has been transferred to the relevant authorities. CrowdStrike continues to monitor USDoD activity as the group continues to engage in cyberespionage and blackmail, putting stolen data up for sale.
According to experts, the publication of information about Luan's personality is unlikely to affect his activities in the short term, as he is likely to deny his involvement or claim that he deliberately misled researchers. The researchers emphasize that Luan's desire for recognition in the hacktivist and cybercrime communities most likely means that he is not going to stop his activities anytime soon.
Revealing the identity of the USDoD hacker as a Brazilian citizen has significant implications, given his involvement in high-profile data breaches. Under the U.S.-Brazil extradition treaty, U.S. authorities can request extradition to prosecute him for cybercrimes. However, Brazil often does not extradite its citizens, which can complicate efforts to bring the hacker to court in the United States. If the extradition is refused, the hacker can still be punished under Brazilian cybercrime law.
Luão G.'s intention to change his life and make a positive contribution to Brazil's development may also influence the authorities approach to his case, perhaps focusing on rehabilitation rather than harsh punishment.
Source
