USDoD Unmasked: The Face Behind the Largest SSN Leak
The hacker known as USDoD has revealed his identity, claiming to be 33-year-old Luan G. from the state of Minas Gerais, Brazil. USDoD, also known as EquationCorp, is infamous for the data breach of the National Public Data (NPD) and the online publication of more than 3.2 billion Social Security numbers.
In an interview with Hackread, the hacker confirmed that his identity was unmasked by CrowdStrike. It is worth noting that in July, USDoD announced the theft of the complete internal threat database from CrowdStrike. Less than a month later, CrowdStrike managed to de-anonymize the hacker.
USDoD was also implicated in the breach of the FBI’s InfraGard security platform, exposing the personal data of 87,000 users. In addition, the hacker has been involved in several other major data breaches and incidents.
USDoD stated his intention to change his life and abandon cybercrime to do something positive for Brazil. The hacker acknowledged that it is time to take responsibility for his actions: ”
“So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack. I want to say thank you, it is time to admit I got defeated and I will retire my Jersey. Yes, this is Luan speaking. I won’t run, I’m in Brazil, the same city where I was born. I am a huge valuable target and maybe I will talk soon to whoever is in charge but everyone will know that behind USDoD I’m a human like everyone else, to be honest, I wanted this to happen, I can’t live with multiple lives and it is time to take responsibility for every action of mine and pay the price doesn’t matter how much it may cost me. This is not my end. Thank you, see you around. Don’t worry Brazilian authorities, I’m coming to meet you, I’m not a threat, in fact, I can do much for my country.“
Industry experts have expressed skepticism about the hacker’s sincerity in abandoning criminal activities. Specialists suggest that if the hacker truly wanted to start anew, he could surrender at the nearest embassy, strike a favorable deal with justice, and in a few years become a respected cybersecurity specialist. It is also speculated that this interview could be part of a disinformation strategy aimed at diverting attention from recent attacks.
CrowdStrike detailed its work in a report obtained by TecMundo from an anonymous source. The experts had access to Luan’s tax documents, email addresses, registered domains, IP addresses, social media accounts, phone numbers, and information about his city of residence. However, more precise details are withheld to prevent a complete exposure of the criminal’s identity.
Luan B.G. has a long history of hacktivism, which began in 2017, and later escalated to more serious cybercriminal activities. Investigators were able to identify Luan due to his use of the same email address for registration on various forums and social media platforms, allowing them to track his activities from 2017 to 2022. The same address was used to create accounts on GitHub and register domains related to cyberweapon development projects. Based on the collected data, other social media profiles were also discovered.
Interestingly, Luan B.G. did not hide his identity and even gave an interview in 2023, where he claimed to hold dual citizenship—Brazilian and Portuguese—and mentioned that he resided in Spain. However, Luan later asserted that all publicly available information about his identity was disinformation.
Moreover, a leak on the BreachForums forum in July 2024, which exposed users’ IP addresses, helped reveal that Luan had used dynamic IPv4 and multiple IPv6 addresses belonging to a Brazilian internet service provider in Minas Gerais.
All collected data has now been handed over to the relevant authorities. CrowdStrike continues to monitor USDoD’s activities as the group remains involved in cyber espionage and extortion, offering stolen data for sale.
Experts believe that the publication of information about Luan’s identity is unlikely to impact his activities in the short term, as he will likely deny his involvement or claim that he deliberately misled researchers. Investigators emphasize that Luan’s desire for recognition in hacktivist and cybercriminal communities likely means he has no intention of ceasing his activities anytime soon.
The unmasking of the hacker USDoD as a Brazilian citizen has significant implications, given his involvement in high-profile data breaches. Under the extradition treaty between the U.S. and Brazil, American authorities could request his extradition to hold him accountable for cybercrimes. However, Brazil often refuses to extradite its citizens, which could complicate efforts to bring the hacker to justice in the U.S. If extradition is denied, the hacker could still face punishment under Brazil’s cybercrime laws.
Luan G.’s expressed intent to change his life and contribute positively to Brazil’s development may also influence how authorities approach his case, possibly focusing on rehabilitation rather than harsh punishment.
