Brazil Arrests ‘USDoD,’ Hacker in FBI Infragard Breach – Krebs on Security

Brazilian authorities have reportedly arrested a 33-year-old man on suspicion of “USDoD,” a hacker who rose to infamy in 2022 after entering The FBI’s InfraGard The program and information flow for 80,000 members. Recently, the USDoD has been after a retailer breached consumer data National Public Data which led to the leaking of Social Security numbers and other personal information on a large portion of the US population.

USDoD’s InfraGard Sales Wire Breached.

Brazilian news source TV Globo first reported the news of the USDoD arrest, saying that State Police arrested a 33-year-old man from Belo Horizonte. According to TV Globo, the USDoD is wanted domestically in connection with the theft of data from the Brazilian Federal Police.

The USDoD is known for using the hacker handles “Company Equation Corp” and “NetSec,” and according to the cyber intelligence forum Intel 471 NetSec posted a series on the defunct cyber crime community RaidForums on Feb. 22, 2022, where they provided the email address and password of 659 members of the Brazilian Federal Police.

TV Globo did not name the arrested man, but the Portuguese technology news agency did Tecmundo published a report in August 2024 that named the USDoD as a 33-year-old Luan BG from Minas Gerais, Brazil. Techmundo said it discovered the true identity of the hacker after being given a draft of a detailed, non-public report produced by a security firm. CrowdStrike.

CrowdStrike did not respond to a request for comment. But a week after the episode Techmundo, a technology news publication hackread.com published a story in which the USDoD reportedly acknowledged that CrowdStrike was accurate in its identification. Hackread said the USDoD shared a statement, which was then addressed to CrowdStrike:

The USDoD’s latest statement, after it was successfully arrested by CrowdStrike and other security companies. Image: Hackread.com.

In August 2024, a hacker began selling Social Security numbers and other personal information stolen from National Public Data, a private data broker in Florida that collected and sold SSNs and contact data for a significant portion of the American population.

A further report revealed that National Public Data had unknowingly published its passwords online. The company is now the target of multiple class action lawsuits, and recently announced bankruptcy. In an interview with KrebsOnSecurity, the USDoD admitted to stealing NPD data earlier this year, but said it was not involved in leaking or selling it.

In December 2022, KrebsOnSecurity released news that the USDoD had established a pathway to the FBI’s InfraGard program, an FBI initiative designed to build informal information-sharing partnerships with vetted experts in the private sector about cyber and physical threats to US national infrastructure. important.

The USDoD applied for InfraGard membership using the identity of the CEO of a major US financial institution. Even though the USDoD listed the CEO’s real cell phone number, the FBI apparently never reached out to the CEO to verify its request, because the request was approved a few weeks later. After that, the USDoD said it implemented a simple system to collect all contact information shared by more than 80,000 members of InfraGard.

The FBI declined to comment on reports about the USDoD arrest.

In the long discussion of September 2023 no databreaches.netthe USDoD told the publication that he was a man in his mid-30s who was born in South America and has dual citizenship in Brazil and Portugal. Towards the end of that interview, the USDoD said they plan to launch a platform to access military intelligence in the United States.

Databreaches.net told KrebsOnSecurity the USDoD has been a regular reporter since that 2023 interview, and that after the leak the USDoD made inquiries with local attorneys to see if there were any open investigations or charges against them.

“According to what the lawyer found out from the state police, they had no pending charges or charges against them at the time,” said Databreaches.net. “From his correspondence and the conversations we had, my sense is that he had absolutely no idea that he was in danger of being arrested.”

When KrebsOnSecurity last contacted the USDoD via Telegram on August 15, 2024, they said they “plan to retire and get on with this,” referring to multiple media reports that accused the USDoD of leaking nearly three billion consumer records from National Public Data.

However, less than four days later, the USDoD was back to normal BreachForumsposting custom exploit code he says he wrote to attack a newly patched vulnerability in a popular theme designed for WordPress websites.


Source link