Notorious hacker USDoD, known for his high-profile data leaks from major organisations including Airbus, the FBI’s InfraGard portal, the National Public Data, and TransUnion, has finally been unmasked. USDoD, also known as EquationCorp, is a 33-year-old man from Brazil named Luan Goncalves. Luan has been a hacktivist since at least 2017 but turned to more serious cybercrime activity starting in 2022.
CrowdStrike security researchers revealed the hacker’s identity and tracked him down due to his poor operational security (opsec) activities. He used the same email and phrases across various social media and forums, and his Facebook profile even had USDoD in the display name.
CrowdStrike researchers identified Luan by tracing his email, which was linked to personal accounts, GitHub requests, domain registrations, and social media platforms. Photos and emails linked to his other aliases have also been collected.
TecMundo reports that USDoD also fumbled the bag in a 2023 interview with DataBreaches.net, where he claimed to be around 30 years old, with Brazilian and Portuguese citizenships, and residing in Spain. However, his online activities, including emails, social media posts, and other IP address traces, were tracked to Brazil, further confirming his identity.
Researchers further tied him to the country via financial records and other digital footprints. These include tax registration, email addresses, registered domains, IP addresses, social media accounts, telephone numbers, and city.
CrowdStrike didn’t unveil more precise information to TecMundo to avoid completely exposing his identity as they believe “aspects of these individuals’ private lives—such as family members, personal photos, and other personal information—deserve to be protected unless they are relevant to the investigation.”
Meanwhile, CrowdStrike has reported his identity to Brazilian authorities. However, Luan is expected to continue his career in cybercrime for the foreseeable future, likely by denying or downplaying the allegations.
In the News: Durov arrest part of probe into CSAM, drug sales, and more on Telegram