Brazilian police claim they've cuffed serial cybercrook behind FBI and Airbus attacks
Early stage opsec failures lead to landmark arrest of suspected serial data thief
Brazilian police are being cagey with the details about the arrest of a person suspected to be responsible for various high-profile data thefts.
The policia federal, aka the "PF," seized the suspect on Wednesday, noting they were being held in connection to online assaults on the FBI's InfraGard, Airbus, the US Environmental Protection Agency (EPA), and the PF itself.
The arrested individual wasn't named, although people didn't have to pull a muscle to make the connection to USDoD – the moniker used by a serial cybercriminal who has been active for years.
The suspect that police believe is USDoD was arrested in Belo Horizonte, the capital of Brazil's Minas Gerais state, as part of Operation Data Breach after cops issued search and seizure and preventative arrest warrants.
"The person under investigation will be charged with the offence of hacking into a computer device, qualified by obtaining information, with an increase in the penalty for commercializing the data obtained," the PF said in a statement (machine translated from Portuguese).
"The investigation will continue to identify any other cyber intrusions that may have been committed by the person under investigation," it went on to say.
USDoDoxxed
In August, an unknown source leaked - to Brazilian tech news site Tecmundo - what they claimed was a CrowdStrike intelligence report on the cybercrook linking them to a specific suspect, after which it was shared with law enforcement. That person was said to be Brazilian.
The Register asked CrowdStrike about the authenticity of this report but it didn't immediately respond.
Cyber sleuths have been speculating online about USDoD's identity, using clues gathered during the early years of the crim's activity when opsec was a little sloppier.
Since the arrest was made, other security researchers also published rundowns of ways in which the identity of the suspect they believe to be the serial breacher may have been unearthed using OSINT techniques.
Never mind who, what did they USDoDo?
The biggest break-in? Allegedly, USDoD was behind an attack on the National Public Data, a major data broker in the US, early in 2024, seen by many as one of the most significant events in cybersecurity this year. The incident was recently confirmed to have bankrupted the business behind the broker.
Jerico Pictures, the company behind NPD, filed for bankruptcy in Florida earlier this month, admitting that hundreds of millions of people were potentially impacted by the data leak.
USDoD advertised a 277.1GB file for sale on an underground forum in June, which purportedly contained information on 2.9 billion people.
The miscreant was also fingered for the break-in at Airbus last year, in which 3,200 of the aerospace company's vendors had their data dumped online in a similar fashion to NPD.
Around the same time, USDoD also claimed responsibility for what he claimed to be a sizeable data theft at TransUnion. The company denied the attacker got into its own systems, saying it believed the attack targeted a third party instead, without offering any indication as to what that party might have been.
The US government is acutely aware of USDoD too, as the criminal was tied to break-ins and leaks of information from the EPA and the FBI's InfraGard – a public-private information-sharing network between the FBI and US businesses. ®