News USDoD unmasked: Brazilian hacker behind $3B SSN leak comes clean

[d0ctrine]

USDoD unmasked: Brazilian hacker behind $3B SSN leak comes clean
​

The cybersecurity community has been jolted by the revelation that USDoD, the infamous hacker responsible for leaking over 3 billion Social Security numbers, is a 33-year-old Brazilian man named Luan Gonçalves Barbosa from Minas Gerais state.

In an unexpected turn of events, USDoD acknowledged being "doxed" by cybersecurity firm CrowdStrike, though he claimed other companies had already uncovered his identity previously.

"Yes, this is Luan speaking. I won't run, I'm in Brazil, the same city where I was born," USDoD stated. He expressed a desire to take responsibility for his actions and potentially work with Brazilian authorities, saying "I can do much for my country."

The unmasking of USDoD follows a series of high-profile cyberattacks attributed to him, including breaching the FBI's InfraGard platform and leaking 87,000 members' personal details. In July 2024, USDoD also leaked a 100,000-line indicator of compromise list from CrowdStrike, escalating tensions with the cybersecurity company.
Cybersecurity researcher Baptiste Robert (@fs0c131y) detailed on social media how USDoD's identity was uncovered through open-source intelligence (OSINT) techniques. The investigation, which took about 10 hours, revealed:

• USDoD's suspended Twitter account @equationcorp had a bio matching an Instagram profile under the handle zerodaycorp (previously barbosa.luan_)
• A SoundCloud profile where Luan described himself as a "Goa Trance producer from Brazil and CEO and Founder of LBGRecords"
• Luan's Medium account (natsec.medium.com), previously using the username luanbgs22
• Various online activities linked to his email address, including GitHub repositories and forum accounts on hacking websites
• The alias ElmagoLoko on Hack Forums, where Luan discussed his interest in reverse engineering and pentesting
• A Jabber email ([email protected]) associated with a user called CryptoSystem on another hacking forum, whose activities closely matched USDoD's known cyberattacks
  

The exposure of USDoD's identity raises questions about potential legal consequences. While Brazil has an extradition treaty with the US, the country has a history of not extraditing its own citizens. This could complicate efforts to bring USDoD to trial in the United States for his alleged cybercrimes.



As authorities in Brazil and the US determine next steps, the cybersecurity community continues to analyze the implications of this major revelation. The unmasking of USDoD serves as a reminder of the ongoing challenges in cybersecurity and the complex interplay between hackers and those working to protect digital systems and data.