Brazilian authorities have apprehended a 33-year-old man believed to be connected to “USDoD,” a notorious cybercriminal known for significant data breaches. USDoD gained notoriety in 2022 after executing an infiltration of the FBI’s InfraGard program, resulting in the unauthorized release of personal information pertaining to 80,000 members. More recently, the individual was implicated in a breach of National Public Data, a consumer data broker in Florida, which resulted in the exposure of Social Security numbers and sensitive personal information for a considerable segment of the U.S. population.
The Brazilian news outlet TV Globo was among the first to report on the arrest, revealing that the Federal Police detained the suspect in Belo Horizonte, Brazil, and indicated that he is wanted for data theft involving Brazilian Federal Police officers. While TV Globo did not disclose the man’s identity, Portuguese technology news source Tecmundo identified him as Luan BG, citing a detailed non-public report by security firm CrowdStrike.
USDoD operated under hacker aliases such as “Equation Corp” and “NetSec.” According to findings from cyber intelligence platform Intel 471, NetSec had previously shared sensitive information about 659 Brazilian Federal Police members on a now-defunct cybercrime forum called RaidForums. The implications of these actions illustrate a troubling breach of trust and security within law enforcement’s digital communication systems.
As the investigation unfolds, it appears that USDoD was involved in selling Social Security numbers and personal data stolen from National Public Data, a company that had inadvertently published its own passwords online. This breach has led to numerous class-action lawsuits and, most recently, the company declared bankruptcy. In a previous interview, USDoD claimed responsibility for extracting the data but denied any involvement in its subsequent exploitation or sale.
In December 2022, USDoD gained unauthorized access to the FBI’s InfraGard program—a critical initiative designed to facilitate secure information sharing with vetted professionals in the private sector about threats to U.S. infrastructure. By assuming the identity of a CEO from a significant financial institution, he managed to obtain membership and compiled the contact information of InfraGard members using automated tools.
The FBI has not commented on USDoD’s arrest, which has raised questions about the integrity of law enforcement cybersecurity protocols. In a September 2023 interview, USDoD described himself as a dual citizen of Brazil and Portugal, without awareness of any potential legal repercussions he faced until the arrest occurred.
This breach of cybersecurity underscores the need for robust defenses against adversary tactics, specifically those seen in the MITRE ATT&CK Matrix, which detail methods such as initial access through social engineering and tactics for privilege escalation. Given the scale and severity of the breaches attributed to USDoD, it is imperative for organizations, particularly those in sensitive sectors, to reassess their security measures and response strategies to better protect against such cyber threats.
Notably, just days before his arrest, USDoD was reportedly active on cybercrime forums, sharing exploit code for recently patched vulnerabilities in popular WordPress themes, indicating persistent engagement in malicious activities despite the looming legal troubles. This revelation serves as a reminder of the fast-evolving landscape of cybersecurity threats and the importance of maintaining vigilance and preparedness in the face of increasing cybercriminal activity.
