TV Globo reports (machine translation) that a 33-year-old Brazilian hacker suspected of invading the systems of the Brazilian federal police and other international institutions has been arrested.
The hacker, known as “USDoD” was arrested this morning in Belo Horizonte (MG), less than two months after he was doxed by Crowdstrike. The public doxing of him led him to announce he would be retiring from hacking.
Luan B.G. (his real name) is probably best known for his hacks of Infragard in 2022 and National Public Data in 2024, but he had a number of attacks that made headlines over the past several years. He often bragged about his ability to gain access to his targets’ systems by impersonating members or people who would be members.
USDoD was also known as EquationCorp and had previously been known as NetSec. DataBreaches interviewed him in 2023 when he wanted to publicly respond to accusations that he was pro-Russia.
Because Ransomware Diaries, Volume 4 reported that USDoD had worked with RansomedVC, DataBreaches contacted kmeta[.]vc on Telegram to ask about the relationship. According to kmeta, USDoD was with RansomedVC from the very first day of RansomedVC, which was August 15, 2023 [RansomedVC subsequently became known as kmeta[.]vc]. USDoD had reportedly sought a position with them and received a salary of about $2,000.00 per month*.
Kmeta declined to answer any questions about what USDoD specifically did as part of his work or to name any targets USDoD was involved with, but he was reportedly still employed with them as of this morning when he was arrested. “But it’s nothing special,” Kmeta added, writing, “If an agent is reading this, gladly you didn’t do anything, you just save me a few bills per month.”
“I told him [USDod], it will happen,” Kmeta wrote. “He thought he was the ‘Unshootable Angle’ but as we all saw, he got shot down. I hope Brazil can afford a first class ticket to the US for him.”
DataBreaches last heard from USDoD this morning. He seemed to have no idea that he might be in imminent danger of arrest, and was alluding to future plans that he claimed would be big news.
This is a developing story….
Update: In his interactions with Jon DiMaggio for Ransomware Diaries, Volume 4, USDoD made statements that conflict with what Kmeta told DataBreaches for this post. Specifically, USDoD claimed that RansomedVC paid him less than what he was promised for work and that by the time DiMaggio interviewed him, he was no longer working with RansomedVC and had blocked him on Telegram. From more recent interactions, DataBreaches was aware that USDoD and Kmeta were still in contact and had some kind of working relationship, so if USDoD had stopped working with Kmeta at some point, he seemed to have resumed.
rip bozo lmfao