Arról, hogy hogyan doxxolták az egyik legismertebb blackhat hacker-t, USDoD-ot

Let's go for the full deep dive.

Before his suspension last month, USDoD used the Twitter account @equationcorp. The bio of the account was "I protect the hive. When the system is out of balance, I correct it" pic.twitter.com/UCbap2wWA1

— Baptiste Robert (@fs0c131y) August 23, 2024

 

This instagram account has been mentioned by a tattoo artist. Not my style but why not?https://t.co/JM6e91RTja

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Thanks to Tineye, with a reverse image search, I was able to find the Medium account of Luan: https://t.co/Ew1GR9UFFY pic.twitter.com/WMfozwPEy2

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Thanks to the awesome WhatsMyName, from luanbgs22 we can find a Gravatar account. Same face, this is our guy.

Do you know? You can get an email from a Gravatar profile. Thanks to hashtray for example, we found the email luanbgs22@gmail.com pic.twitter.com/VOkaxEAxCK

— Baptiste Robert (@fs0c131y) August 23, 2024

 

In the RaidForums data breach, a hacking forum, we can see that this email is linked to the username LLTV

Moreover, the email has been used to register https://t.co/UdGr9hOO1O, https://t.co/B4KeKQz981, https://t.co/W6hetpWOOW.

On Reddit the user LLTV talked about BlackSUSE:… pic.twitter.com/Vg3UfPZbOo

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Remember with https://t.co/phrmLUHA31 we found his Github account: https://t.co/dRnisYCkg7

The bio is "Linux User/Gray Hat/Pet's lover/Future Ruby Programmer/Os-Dev." and by looking at his repo Luan like reverse engineering. pic.twitter.com/g92krmk0M7

— Baptiste Robert (@fs0c131y) August 23, 2024

 ,

On another post on the same forum, ElmagoLoko posted a link to his Github profile which is... https://t.co/gfYh6Wkofo the one we found earlier.

Luan is Elmagoko, he loves reverse engineering and pentesting.https://t.co/b0zyjRQruQ pic.twitter.com/2dE6D3TK8O

— Baptiste Robert (@fs0c131y) August 23, 2024

 

This is the last sprint.

On Hack Forums (again), ElmagoLoko, published a Jabber email: ElMagoLoko@hacker.imhttps://t.co/AOdIAIWoGy pic.twitter.com/UH9f0Kb6fa

— Baptiste Robert (@fs0c131y) August 23, 2024

 

CryptoSystem was active on Guiado Hacker in 2020 - 2021 and posted multiple data leaks: BlackWater, Chinese Communist Party, Cayman National Bank

Very similar to what USDoD was doing ;) https://t.co/bnEqbeu47y pic.twitter.com/a1MmJlA4l7

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Time to sumup:

1. USDoD has the same bio than the Instagram account of Luan Gonçalves Barbosa
2. He is a music producer based in Brasil
3. Based on his digital footprint he loves hacking and reverse engineering
4. He has accounts on multiple hacking forums and posted data leaks

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Good luck to all the people involved to this case.

All this investigation, tweets included, has been done in 10 hours by the 2 best #OSINT analysts at @PredictaLabOff and myself. Also, without https://t.co/sW1KOrTB2p and https://t.co/phrmLUHA31 it wouldn't be possible. pic.twitter.com/hT8sYxBRBE

— Baptiste Robert (@fs0c131y) August 23, 2024

 

Update: USDoD say goodbye to his friends on TG https://t.co/6heEgjppMc

— Baptiste Robert (@fs0c131y) August 23, 2024

(A cikk nyomokban Mesterséges Intelligencia által szolgáltatott adatokat tartalmaz, így a tartalmát érdemes duplán ellenőrizni!)