A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil’s Polícia Federal in “Operation Data Breach”.

USDoD, aka EquationCorp, has a long history of high-profile data breaches where he stole data and commonly leaked it on hacking forums while taunting the victims.

These breaches include those on the FBI’s InfraGard, a threat information sharing portal, and National Public Data, where the personal data and social security numbers of hundreds of millions of US citizens were leaked online.

However, it wasn’t until the threat actor targeted cybersecurity firm CrowdStrike and leaked the company’s internal threat actor list that things took a turn for the worse for him.

Soon after leaking the IOC list, Brazilian publisher Techmundo received an anonymous report created by CrowdStrike that allegedly identified, or doxed, the threat actor, revealing he was a 33-year-old Brazilian named Luan BG. 

Strangely, USDoD confirmed that CrowdStrike’s information was accurate in an interview with HackRead and said he was currently living in Brazil.

“So congrats to Crowdstrike for doxing me, they are late for the party, intel421 Plus and a few other companies already doxed me even before the Infragard hack,” USDoD told HackRead.

Likely aided by this information, Brazil’s Polícia Federal (PF) announced his arrest today in Belo Horizonte/MG.

“The Federal Police launched Operation Data Breach on Wednesday (16/10), with the aim of investigating invasions of the systems of the Federal Police and other international institutions,” reads the PF’s press release.

“A search and seizure warrant and a preventive arrest warrant were served in the city of Belo Horizonte/MG against an investigated person suspected of being responsible for two publications selling Federal Police data, on May 22, 2020 and on February 22, 2022.”

“The prisoner boasted of being responsible for several cyber invasions carried out in some countries, claiming, on websites, to have disclosed sensitive data of 80,000 members of InfraGard, a partnership between the Federal Bureau Investigation – FBI and private critical infrastructure entities in the United States of America.”

Ironically, the arrest was conducted under a law enforcement action named “Operation Data Breach,” which the police say was named after the cyberattacks the threat actor was known for.