A hacker known under the moniker USDoD was arrested in Brazil on October 16, 2024. The Federal Police of Brazil reports successfully detaining an individual in the city of Belo Horizonte, accused of obtaining and selling internal data of governmental organizations and companies. That happened just a month after the identity of the hacker was revealed to the public by a research from CrowdStrike analysts.
USDoD Hacker Arrested in Brazil
On October 16, Brazilian Policia Federal published a post about performing a successful arrest of an individual that is (allegedly) known online as USDoD. Hacker forum users and regular readers of cybersecurity newsletters can remember this nickname for a whole series of high-end cyberattacks, against government organizations and corporations. The hacker rarely hesitated with boasting of his success and regularly posted on the Darknet regarding new hacks and data leaks.
Among some of his most notable victims are French commercial aircraft manufacturing company Airbus, CrowdStrike, InfraGard and National Public Data, the US data broker. The latter was eventually forced to file for Chapter 11 bankruptcy, as the leakage of almost 3 billion records led to massive class action lawsuits that the company won’t be able to handle. And nonetheless, the leak was available on the Darknet, allowing any con actor with enough money to buy the whole database to put their hands on it.
The aforementioned InfraGard, a joint venture of the FBI and a selection of private clinics, got their personnel’s private information leaked in one of the USDoD’s hacks. This could have been one of the key reasons why he has become a prime target for law enforcement: standing in the way of the US main law enforcement never ends well.
As I’ve mentioned, the personality of USDoD was leaked soon before the arrest, in early September 2024. CrowdStrike published a comprehensive article showing that the person in question is Luan Goncalves, a 33 years old Brazilian citizen from the Minas Gerais state. What is not typical of threat actors is that he accepted his “defeat” in the game of anonymity, and was probably prepared for the further arrest.
Seeing an actual hacker getting arrested is not a common sight these days. From the noteworthy law enforcement actions against cybercrime groups lately we have mostly seen detainments of some intermediary members, not key figures. And overall, the counteraction strategy over the last 2 years mostly revolves around disrupting infrastructure, not capturing the top hackers. QakBot network disruption and LockBit ransomware takeover are a few examples of this tactic being widespread and fairly effective.
Brazilian Federal Police Seizes USDoD Hacker’s PC
Aside from the arrest and among other things that were obtained during the arrest, law enforcement managed to confiscate the computer that the hacker had at his living place. This can potentially carry a lot of useful information, but there is one caveat to consider: knowing that he is about to be detained, the malicious actor has likely removed anything that can potentially be used against him as evidence. Hence, although the detail itself is better to keep in mind, it is unlikely to have any reasonable impact.
It is also possible that the USDoD a.k.a Luan Goncalves was so ready and claimed defeat being ready to prove he is not guilty. Pulling such a trick may be tough, especially considering the extensive identity reveal that specified all the ties between the online and real-life personality of the hacker, but it is still possible.
Overall, throughout the extensive timeline of its activity, USDoD was known for being daredevil, with no regard or sympathy to the country and government. This is especially easy to understand from his interview to Cybernews (see the quote below). Thus, such a sudden obedience is unlikely to be a sincere change.
