@TecmundoDigita The article is full of info, more or less partial, without any sources. We don't have access to the initial report. I don't like that. So, at @PredictaLabOff we decided to find the truth by ourselves
@TecmundoDigita @PredictaLabOff Let's go for the full deep dive.
Before his suspension last month, USDoD used the Twitter account @equationcorp. The bio of the account was "I protect the hive. When the system is out of balance, I correct it"
@TecmundoDigita @PredictaLabOff @EquationCorp zerodaycorp on Instagram, previously barbosa.luan_, has the same phrase on his profile.
This is a small link, maybe a coincidence, but it's worth digging
@TecmundoDigita @PredictaLabOff @EquationCorp This instagram account has been mentioned by a tattoo artist. Not my style but why not?
@TecmundoDigita @PredictaLabOff @EquationCorp This Instagram account has been mentioned in this SoundCloud profile:
Luan describes himself as "Goa Trance producer from Brazil and CEO and Founder of LBGRecords."
It gives us also an old Twitter account and a Facebook account soundcloud.com/lbg91
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks to Tineye, with a reverse image search, I was able to find the Medium account of Luan: natsec.medium.com
@TecmundoDigita @PredictaLabOff @EquationCorp One of his article, mentioned an AlienVault pulse. Same name as the Insta account. See the medium link? His old Medium username was luanbgs22
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks to the awesome WhatsMyName, from luanbgs22 we can find a Gravatar account. Same face, this is our guy.
Do you know? You can get an email from a Gravatar profile. Thanks to hashtray for example, we found the email luanbgs22@gmail.com
@TecmundoDigita @PredictaLabOff @EquationCorp Now the fun is coming!
Thanks to , we found a lot of info linked to this email: Github, Gravatar, TV Time, leaked data and registered domains by this email predictasearch.com
In the RaidForums data breach, a hacking forum, we can see that this email is linked to the username LLTV
Moreover, the email has been used to register , , .
@TecmundoDigita @PredictaLabOff @EquationCorp Remember with we found his Github account:
The bio is "Linux User/Gray Hat/Pet's lover/Future Ruby Programmer/Os-Dev." and by looking at his repo Luan like reverse engineering. predictasearch.com github.com/Labs22
@TecmundoDigita @PredictaLabOff @EquationCorp Luan worked hard on BlackSUSE a Linux distribution based on OpenSUSE.
By searching BlackSUSE on search engines we found this post about BlackSUSE from the user ElmagoLoko on the forum Hack Forums hackforums.net/showthread.php…
@TecmundoDigita @PredictaLabOff @EquationCorp On another post on the same forum, ElmagoLoko posted a link to his Github profile which is... the one we found earlier.
Luan is Elmagoko, he loves reverse engineering and pentesting.
@TecmundoDigita @PredictaLabOff @EquationCorp CryptoSystem was active on Guiado Hacker in 2020 - 2021 and posted multiple data leaks: BlackWater, Chinese Communist Party, Cayman National Bank
@TecmundoDigita @PredictaLabOff @EquationCorp Time to sumup:
1. USDoD has the same bio than the Instagram account of Luan Gonçalves Barbosa 2. He is a music producer based in Brasil 3. Based on his digital footprint he loves hacking and reverse engineering 4. He has accounts on multiple hacking forums and posted data leaks
@TecmundoDigita @PredictaLabOff @EquationCorp Is Luan USDoD?
Yep he confirmed it to a statement to HackRead 2 hours ago
@TecmundoDigita @PredictaLabOff @EquationCorp Good luck to all the people involved to this case.
All this investigation, tweets included, has been done in 10 hours by the 2 best #OSINT analysts at @PredictaLabOff and myself. Also, without and it wouldn't be possible. beta.predictagraph.com predictasearch.com
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks for reading and don't forget #OPSEC is hard!
@TecmundoDigita @PredictaLabOff @EquationCorp Bro come on… Someone try to login to my unused Patreon account
@TecmundoDigita @PredictaLabOff @EquationCorp Update: USDoD say goodbye to his friends on TG
- Yes, we have identified the correct individual, and he is aware of it. He has attempted to delete evidence since the publication of the tweet.
- Again, it’s not a one-man job. We have also identified the other members of the team.
- They are aware of it. They sent 500 million requests to predictasearch.com over the last three days.
- Trust the process. A report has been sent to the concerned authorities, and they will do their excellent work as usual.
They created a new Telegram channel. The last post they forwarded is from a channel called "Russian Partisan." This is not surprising according to our initial findings.
I've identified the people responsible for the DDoS attack on X yesterday. I'm currently in Washington and will be at the Eisenhower Building tomorrow (for another matter). Would you be interested in meeting?
In the meantime, let me explain
It's OSINT time!
@elonmusk Yesterday, a group called "Dark Storm Team" claimed responsibility for a DDoS attack on Twitter.
Their leader, MRHELL112 on Telegram, has previously used usernames like Darkcrr, GLITCHAT1, and GLITCHcracker.
@elonmusk In a Telegram channel about "DDoS Attack Services," DrSinaway is mentioned alongside Darkcrr.
DrSinaway’s TG bio also references a group called CyberSorcerers.
Après avoir dit que le texte est trop large un tweet plus haut on parle “des services” ? Il n’y avait pas un mot plus large dans le dictionnaire de la French Tech ?
Non il n’y a pas de backdoor qui respecte les libertés et la vie privée. C’est un MENSONGE.