Today, the famous hacker USDoD has been doxed by CrowdStrike.
You want to know how?
It's #OSINT time!
You want to know how?
It's #OSINT time!
First the recap. This morning @TecmundoDigita published an article based on a report from CrowdStrike received from an anonymous source.
"The likely leader of the USDoD group is a 33-year-old man named Luan BG who lives in Minas Gerais, Brazil"
tecmundo.com.br/seguranca/2885…
"The likely leader of the USDoD group is a 33-year-old man named Luan BG who lives in Minas Gerais, Brazil"
tecmundo.com.br/seguranca/2885…
@TecmundoDigita The article is full of info, more or less partial, without any sources. We don't have access to the initial report. I don't like that. So, at @PredictaLabOff we decided to find the truth by ourselves
Thanks to and the job is done! predictasearch.com
beta.predictagraph.com
Thanks to and the job is done! predictasearch.com
beta.predictagraph.com
@TecmundoDigita @PredictaLabOff Let's go for the full deep dive.
Before his suspension last month, USDoD used the Twitter account @equationcorp. The bio of the account was "I protect the hive. When the system is out of balance, I correct it"
Before his suspension last month, USDoD used the Twitter account @equationcorp. The bio of the account was "I protect the hive. When the system is out of balance, I correct it"
@TecmundoDigita @PredictaLabOff @EquationCorp zerodaycorp on Instagram, previously barbosa.luan_, has the same phrase on his profile.
This is a small link, maybe a coincidence, but it's worth digging
This is a small link, maybe a coincidence, but it's worth digging
@TecmundoDigita @PredictaLabOff @EquationCorp This instagram account has been mentioned by a tattoo artist. Not my style but why not?
instagram.com/wilkertattoo93…
instagram.com/wilkertattoo93…
@TecmundoDigita @PredictaLabOff @EquationCorp This Instagram account has been mentioned in this SoundCloud profile:
Luan describes himself as "Goa Trance producer from Brazil and CEO and Founder of LBGRecords."
It gives us also an old Twitter account and a Facebook account soundcloud.com/lbg91
Luan describes himself as "Goa Trance producer from Brazil and CEO and Founder of LBGRecords."
It gives us also an old Twitter account and a Facebook account soundcloud.com/lbg91
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks to Tineye, with a reverse image search, I was able to find the Medium account of Luan: natsec.medium.com
@TecmundoDigita @PredictaLabOff @EquationCorp One of his article, mentioned an AlienVault pulse. Same name as the Insta account. See the medium link? His old Medium username was luanbgs22
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks to the awesome WhatsMyName, from luanbgs22 we can find a Gravatar account. Same face, this is our guy.
Do you know? You can get an email from a Gravatar profile. Thanks to hashtray for example, we found the email luanbgs22@gmail.com
Do you know? You can get an email from a Gravatar profile. Thanks to hashtray for example, we found the email luanbgs22@gmail.com
@TecmundoDigita @PredictaLabOff @EquationCorp Now the fun is coming!
Thanks to , we found a lot of info linked to this email: Github, Gravatar, TV Time, leaked data and registered domains by this email predictasearch.com
Thanks to , we found a lot of info linked to this email: Github, Gravatar, TV Time, leaked data and registered domains by this email predictasearch.com
In the RaidForums data breach, a hacking forum, we can see that this email is linked to the username LLTV
Moreover, the email has been used to register , , .
On Reddit the user LLTV talked about BlackSUSE: blacksuse.org
blacksuse.wiki
blacksuse.systems
reddit.com/r/linux/commen…
Moreover, the email has been used to register , , .
On Reddit the user LLTV talked about BlackSUSE: blacksuse.org
blacksuse.wiki
blacksuse.systems
reddit.com/r/linux/commen…
@TecmundoDigita @PredictaLabOff @EquationCorp The Reddit user LLTV mentioned also the Medium blog NatSec:
We are still on the right tracks! But more fun is coming reddit.com/r/cybersecurit…
We are still on the right tracks! But more fun is coming reddit.com/r/cybersecurit…
@TecmundoDigita @PredictaLabOff @EquationCorp Remember with we found his Github account:
The bio is "Linux User/Gray Hat/Pet's lover/Future Ruby Programmer/Os-Dev." and by looking at his repo Luan like reverse engineering. predictasearch.com
github.com/Labs22
The bio is "Linux User/Gray Hat/Pet's lover/Future Ruby Programmer/Os-Dev." and by looking at his repo Luan like reverse engineering. predictasearch.com
github.com/Labs22
@TecmundoDigita @PredictaLabOff @EquationCorp Luan worked hard on BlackSUSE a Linux distribution based on OpenSUSE.
By searching BlackSUSE on search engines we found this post about BlackSUSE from the user ElmagoLoko on the forum Hack Forums hackforums.net/showthread.php…
By searching BlackSUSE on search engines we found this post about BlackSUSE from the user ElmagoLoko on the forum Hack Forums hackforums.net/showthread.php…
@TecmundoDigita @PredictaLabOff @EquationCorp On another post on the same forum, ElmagoLoko posted a link to his Github profile which is... the one we found earlier.
Luan is Elmagoko, he loves reverse engineering and pentesting.
github.com/Labs22
hackforums.net/showthread.php…
Luan is Elmagoko, he loves reverse engineering and pentesting.
github.com/Labs22
hackforums.net/showthread.php…
@TecmundoDigita @PredictaLabOff @EquationCorp A good #OSINT thread always needs a dating profile mention.
ElmagoLoko has a profile on the dating website Friend Finder. The age is consistent with the rest
friendfinder-x.com/profile/Elmago…
ElmagoLoko has a profile on the dating website Friend Finder. The age is consistent with the rest
friendfinder-x.com/profile/Elmago…
@TecmundoDigita @PredictaLabOff @EquationCorp This is the last sprint.
On Hack Forums (again), ElmagoLoko, published a Jabber email: ElMagoLoko@hacker.im
hackforums.net/showthread.php…
On Hack Forums (again), ElmagoLoko, published a Jabber email: ElMagoLoko@hacker.im
hackforums.net/showthread.php…
@TecmundoDigita @PredictaLabOff @EquationCorp This email is mentioned on Guiado Hacker, a hacking forum (again), by an user called CryptoSystem.
forum.guiadohacker.com.br/vb5/forum/segu…
forum.guiadohacker.com.br/vb5/forum/segu…
@TecmundoDigita @PredictaLabOff @EquationCorp CryptoSystem was active on Guiado Hacker in 2020 - 2021 and posted multiple data leaks: BlackWater, Chinese Communist Party, Cayman National Bank
Very similar to what USDoD was doing ;)
forum.guiadohacker.com.br/vb5/member/942…
Very similar to what USDoD was doing ;)
forum.guiadohacker.com.br/vb5/member/942…
@TecmundoDigita @PredictaLabOff @EquationCorp Let's take the hack of the Cayman National Bank.
It has been done by the famous hacktivist Phineas Fisher:
The leak has been published by the Distributed Denial of Secrets group and well it's still available today
en.wikipedia.org/wiki/Phineas_F…
caymannewsservice.com/2019/11/hackti…
It has been done by the famous hacktivist Phineas Fisher:
The leak has been published by the Distributed Denial of Secrets group and well it's still available today
en.wikipedia.org/wiki/Phineas_F…
caymannewsservice.com/2019/11/hackti…
@TecmundoDigita @PredictaLabOff @EquationCorp Time to sumup:
1. USDoD has the same bio than the Instagram account of Luan Gonçalves Barbosa
2. He is a music producer based in Brasil
3. Based on his digital footprint he loves hacking and reverse engineering
4. He has accounts on multiple hacking forums and posted data leaks
1. USDoD has the same bio than the Instagram account of Luan Gonçalves Barbosa
2. He is a music producer based in Brasil
3. Based on his digital footprint he loves hacking and reverse engineering
4. He has accounts on multiple hacking forums and posted data leaks
@TecmundoDigita @PredictaLabOff @EquationCorp Is Luan USDoD?
Yep he confirmed it to a statement to HackRead 2 hours ago
hackread.com/usdod-hacker-s…
Yep he confirmed it to a statement to HackRead 2 hours ago
hackread.com/usdod-hacker-s…
@TecmundoDigita @PredictaLabOff @EquationCorp Good luck to all the people involved to this case.
All this investigation, tweets included, has been done in 10 hours by the 2 best #OSINT analysts at @PredictaLabOff and myself. Also, without and it wouldn't be possible. beta.predictagraph.com
predictasearch.com
All this investigation, tweets included, has been done in 10 hours by the 2 best #OSINT analysts at @PredictaLabOff and myself. Also, without and it wouldn't be possible. beta.predictagraph.com
predictasearch.com
@TecmundoDigita @PredictaLabOff @EquationCorp Thanks for reading and don't forget #OPSEC is hard!
@TecmundoDigita @PredictaLabOff @EquationCorp Bro come on… Someone try to login to my unused Patreon account
@TecmundoDigita @PredictaLabOff @EquationCorp Update: USDoD say goodbye to his friends on TG
https://twitter.com/_johnhammond/status/1827102828143521830
• • •
Missing some Tweet in this thread? You can try to
force a refresh
