A 33-year-old man suspected of being the notorious cybercriminal known as “USDoD” has been arrested by Brazilian authorities, according to reports. USDoD gained notoriety in 2022 after breaching the FBI’s InfraGard program and leaking contact information for 80,000 members. More recently, USDoD was behind a data breach at the consumer data broker National Public Data, leading to the leak of Social Security numbers and other personal information for a significant portion of the U.S. population.
The arrest of USDoD was first reported by Brazilian news outlet TV Globo, stating that the Federal Police arrested a 33-year-old man from Belo Horizonte. USDoD was known to use the hacker handles “Equation Corp” and “NetSec,” with the latter posting a thread on the now-defunct cybercrime community RaidForums offering the email address and password for 659 members of the Brazilian Federal Police.
While TV Globo did not name the arrested individual, Portuguese tech news outlet Tecmundo identified USDoD as 33-year-old Luan BG from Minas Gerais, Brazil. This information was reportedly obtained from a non-public report produced by the security firm CrowdStrike.
In August 2024, USDoD was linked to the selling of Social Security numbers and personal information stolen from National Public Data. The data broker had inadvertently published its own passwords on the internet, leading to multiple class-action lawsuits and eventual bankruptcy. USDoD admitted to stealing the NPD data but claimed not to be involved in leaking or selling it.
USDoD made headlines in December 2022 for infiltrating the FBI’s InfraGard program by using the identity of a major U.S. financial company’s CEO. The FBI declined to comment on USDoD’s arrest, and in a 2023 interview with databreaches.net, USDoD revealed being born in South America, holding dual citizenship in Brazil and Portugal, and expressed plans to launch a platform for acquiring military intelligence from the United States.
Despite claims of retirement, USDoD resurfaced on BreachForums shortly after, showcasing custom exploit code to attack vulnerable WordPress websites. The ongoing saga of USDoD’s cyber activities continues to captivate the cybersecurity community, as authorities work to bring this prolific cybercriminal to justice.