Unmasking a Cybercriminal With Open Source Intelligence
44:32 Share

It's like A I I don't IT is well in english a puzzle puzzle yeah it's like a puzzle.

About a month ago, a story broke about three point two billion social security numbers that were hacked and leaked from a florida based data broker called national public data. We talked about IT on the show. The person behind that hack used the handle USD O.

D. He had been Operating since at least twenty twenty, likely earlier the day before i'm recording this. On october six teeth.

He was arrested by brazil federal police in what they called Operation data breach. This is the story of how he was unmasked. U.

S, D, O, D name is a tool. He adopted IT in december twenty twenty two after exposing the data of eighty thousand in forging members. Infor guard is a collaboration between the FBI and the private sector.

U. S, dod impersonated a infrared red CEO god access and compromise the project. His handle, U, S, D, O, D, was a swipe at U.

S. Defense agencies. Weirdly, IT was not in pissing off the F, B, I that we see the beginning of his downfall.

IT was in getting on the wrong side of a private security firm called crowd strike. July twenty twenty four, U. S, D O D leaked.

A one hundred thousand line indicator of compromise is from the company. And crowd strike, swiffer retaliated. Ducks in U. S, D O D, in a blog post is alleged real identity lung, a thirty three old brazilian citizen. Weirdly, crowd trick wasn't the first to identify him. In interview with haki, lewen later revealed that another cyber security group, l four two one, had already masked before the infrastructures, but IT wasn't until the national public data breach that his identity became really widely published.

The question that all of this raised to me is, if two companies were able to docs this person's identity, a, why wasn't law enforcement? And b, what are the clues that they were both fighting in response to all of this loan? Publicly declared red his intentions to step away from cyber crime.

John bamy, a cyber scrutton expert, remarked in an interview with hacker that lunan announcement could be a tactic to money the waters and create A P, R, screen while he continue to do exactly whatever the hell is he wants. Moon has since been arrested. So it's a mess.

Is all these big companies pointing fingers along on and they're still that question. What were the bread chromes that LED all of these separate groups? right? tolerances.

door. For me, the answer to that question, arrested with a guy named batiste of all the people who unmasked U. S.

D. D. Betise robbert, is the one I was most fascinated by. Batik works in open source intelligence or taking information that's openly available for anybody to find, and doing the work of turning that into action intelligence.

Lilian ence, from information you need is complicated and it's not only, uh it's not just a question of all I manage to find the two longitude do have some information yeah i'm doing no, the most important thing and authorities to be able to analyze what you have to investigate, to understand the biggest story, a behind something. But tests was able to reproduce .

not just the findings of these other massive cyber security companies, but define the trail of red rum's leading to a person that had apparently evaded law enforcement for years, and then post those findings in granular detail on social media, which where I found IT as remarkable piece research.

The thing I was may be most fascinated by I was how concerned betis is with understanding the whole person, not just their alleged crimes, but then their whole life. Are they a family person? Are they social? Are they isolated? Is this behavior trend or an exception? And to hold that whole image of the person in their mind, even as they unravel allegedly wrong doings.

So I called him up, trying to understand natives, U. S, D, O, D, but how people like the test use the trove of public information, it's trAiling behind an actor like him. Try and create a picture of a person that doesn't want to be found. The bad ends, a good to find the story in .

the fact this .

is the boxing of U. S. Dod with petish, Robert researcher and CEO to predict the lab here attack.

But thank you for being here.

Thank you for the variation.

U, S D O D. So we're here to talk about, prior to all of this, what had this actor done? Why did people know this name? U, S D O D.

So U S D O D was a very famous seal since twenty, twenty two。 I think something like this are this guy a did a lot of things um a lot of a data, which is you are uh in the last two years he was involved on the e one of the biggest data made was was very recently when he leaked all the associate security numbers of the U. S. uh. Citizens so this is very uh very big uh that the breach and the used to be a very famous and underground forms on the on the also on telegram and oil, on the the major action forum yeah you made reference to the .

national public data breach in which a great deal of social security numbers in personal information, where leads to data brokers, a lot of damage done from that. There was the airbus breach. There was the crowd strike breach earlier, one linked in breach.

This actor, in spite of all these very, very high profile attacks, U. S, D, A mange to stay anonymous for a very long time, in spite of everything that you were able to find during your investigation. How is you think that he was able to keep below the radar? Are in spite of these very, very high profile attacks and this very visible trail of bread crums leading to him?

So this guy was very was super visible, uh, for sure, in the acting ecosystem. So I mean, everyone know knows his name for sure. Um the thing is when you create a new password, when you create a new identity, uh like U S U D, uh, you need to be careful of everything like really everything.

You need to to be careful when you create a new profile on social networks, on the, on the new. You need to create a new email to be careful of the I P. You used everything.

So this is what we are calling an open. So Operation seek city. And the upside is super complicated. The thing is cycle ber criminals leaves always some traces behind and you you are always able to find a real identity because um because at one point they forget something.

They missed the fact that these four numbers was linked with a previous profile with the residential something like this. Uh so yes, he used to targets on very I for five companies and and people, but he made a lot of mistakes, to be honest. Uh and this is why we manage to find him, but we will not the first to find to find him for sure. The real question and this is something we will raise uh in the future and pretty shows F B, I was able to find him uh, almost two years before um but I don't know why I did nothing. Uh I don't think his identity was super complicated to find but for some reason no one talk about IT interesting.

I wonder why that is, is such a high profile person doing such high profile things and yet the evidence was right there.

The the fingers are in manage to in E E is beyond a lot of that is but he was not a super sophisticated, uh, I so sometimes for the, for the public, uh, you can be super impressive. Are OK you act with your eggs, national public databases, or this is crazy. But at the end, the technicality behind these acts are not that crazy.

So this guy was good for sure. You managed to do a lot of things, a lot of data breaches, but he was not a super killed, the active on in china hall. Um a good actor is some someone who is not, uh, super public.

Poor is not visible. A good actor is someone super discrete. A you don't want to be in and because if you are seeing IT means you are losing your access to to your victim. So this guy was seeking some fame for sure.

And this is why OK I say that uh ago is, uh ago is one of the biggest motor for the accuse。 So in china, ha um authorities, law enforcement managed to a catch a cyber criminals because they are pretty Young, a very motivated by uh by ago, by fame, by money and uh because of everything, they they are not in the control of what they are doing. And if you are motivated by these these kind of feelings, uh, you will make a lot of mistakes. And with only one mistakes, sometimes we manage to find your little entity.

Sure, he seem to want to make a name for himself at something that you don't really want to make a name for yourself at. Um so we we're talking about an unmasking that you kind of took part in an in shared because it's fascinating. I want of you could just take us through that beat by beats.

How did that? Where did IT start? What was the first clue you found? And just take us through the whole thing.

So in order to find this, he light on t you need to a, you need to put the investigator at to try to to follow is, uh, to follow is a steps. So what I started to do with my team is to just at least all the information we have about this guy, or is the public information we have. So this guy was very famous on twitter.

He was very famous on the, on the acting form called bridge forms so his profile was available uh, publicly and with this information you you were able to find uh, previous version of all of his profile. Uh what you have to understand and keep in mind is that internet of memory so everything is arrived somewhere by someone, by someone uh you have some public live. For example, you have the website of g which is crazy.

This this website I D just um uh is awesome. Uh you can find a lot of things. And for one with website, you can find the previous version uh of this website um arrive by people um I mean 1100千B1000B 就 应该 you can find the a lot of defenders。 So what we did is we listed the all the information we have.

The profile is website is a profile acting forms. Uh we exacted organ information uh contains in these products, so some links to to messaging application links to take example five uh this kind of we also consult h the previous version of its fight. So we go to the archive and we managed to do some links to a to A A twitter uh to to one of his preview sweet again.

And if IT was, is first big mistake because. What what you have to understand too is this for, uh, before being a cyber criminals, um this for being A A criminal to, uh this is not something you plan in advance. So this kind of guy in general, some kicky guy， uh, poll loves a poll, love a computers.

They yet some passion for computers, for security, uh, for heavy and genuine. And so when they are a teenager, they are talking on forms. They created profile.

I mean, like like, like just you are when they discovered the computer as I started to create A A digital life, but then life goes on, decided to go to be a river criminal and and they create a new identity. But still they A A lot of time they created, they say there side by criminal identity based on the previous identity, based on the real identity. So we used with credit lab to tag some cybercriminals.

And what we can find this, there is always a way to to, to highlight are they did in the best. And for U, S, U, D, this is exactly the same. Uh, we can find this passion, for example, this guy, uh this guy is producing some music, so he love some tech technical music. I don't this is not my life. I don't know the the besides a uh style of music, but this is some technical thing.

Um he also we were able to find this first nickname on the acting forms because I mean before being very good at what he is doing ten years ago, he was just A K T D publishing some youtube video uh on the and just explaining or to act something IT was super magic but still a this video is here。 And also because even if you are outside the criminal, you have a life, you can have a wife, you can have uh husband, you can have kids, you can have some patient. And so we were able to find of I I think IT was a full square, a profile on this guy was kissing his dog.

So IT was A A small puppy on the e on on his file. File picture of his guy is kissing the dog. So you are the image of cybercriminal.

This guy was, uh, was talking a lot. Yeah, I was very long. I clean out. No one will be able to catch me. Uh, fox, I F B, I ba A A. And at the end you can find is for four square are profile with in are kissing his dog. So so reality, so his life is always more complicated, uh, because you have a life before being, uh, being a bad guy.

Uh, you can find all the digital footprint and the what people have to understand is you some ocean when you are good at ocean open source intelligence, uh, a good earth investigator will be able to to find a lot of information about you, but also the your digital traces. And a good investigator will be able to to to understand your life history. So based on the digital footprint you leave, you will be able to understand, okay.

So in during this year and this year he was producing music. He was living year. Uh, then he started to go to action forum. So he created this first e published some video on youtube and then e he was trying to sell some services.

interesting. It's it's something we hear a lot that the mistake that ends up catching someone is the mistake they've made long, long before the thing that they're being caught for how much i'm struck by, you know, figuring out that this this person liked to post to youtube, that they like to make some kind of electronic music, that they love their dog. How how much when you're doing ocean is IT about the tangible details. First is that sense of who they are as a person, holding that in your head and really understanding who this person was.

This is complicated. Uh this is always complicated because um when you are working on the case, you uh obviously there is one big person of interest E V C U S U D. But this guy is a family， so this guy as wife， I think you have some kids too and the um is you you cannot start your investigation, uh say, okay ay this is a bad guy.

E D E D 我 一个 我 这个 拉 no， this is complex because life is complicated. You can do some mistakes. And when you are working in cyber h security, you can talk with a lot of cyber security professional.

You will see that in the past, they did some stuff. You get some some blurry stuff, let's say, live this because when you are working in in this field, you have some skills and you want. And when you are Young, you want to test, you want to test, you want to prove that you are the best.

And what the differences between are becoming cybercriminals on cybersecurity professional is not that big, uh, is sometimes you can be your wife IT can be your kids, uh IT can be your education IT can be the fact that, uh, you have a good situation on that can a people you met a IT can be， I mean life is completed and you have also the right to do some mistakes and to take some bad decisions. So when you are investigating um a cyber criminal, i'm trying to stick to the fact and to what i'm able to find the because the the the issue you have when you are doing some overtime investigation. So based only on digital traces, you have to be sure that the information, the account you found is really the account of the person of interest and the for this IT can be a little bit complicated sometimes because IT uh for example, i'm using the the user name of society。

Uh but i'm not the ability ety on all the website because when I started to become uh famous on on my on my field people started to uh create accord with my use name and for example um I do have an action on only fans but this this is not me of you three a and an india a get from india created an account with my user name so you need to be hey careful uh you need to be a hey careful when you uh when you do in the investigation because you will find a lot of information and then you have to be sure that um you you you linked and you are talking on， you are a you are following the the good as you go. I so what I want to do uh what I want to emphasize uh is um you you can have the capacity of exacting a lot of data. This is why anti and you will find the left of P I tools, uh, methodology in order to get data.

But then you have to be able to analyze, to quantify on the quality of the data you are able to expect on for this. Uh you can a there is some some metal body to to give a notation to the information to the data you you you have you need to to be able to to quantify is 后来后来 ability of the data and or the quality of the data on also the south uh of the data。 So if someone you cannot post give you some data even that a is 别哭， this is the man you yeah you don't know uh so you need to be super active and also when you go uh to a goat to to the justice, uh this isn't as a story because everything need to be, uh uh you need to be able to repeat deletion.

All all the steps need to be public, need to be redo eves necessary on the for this, you need to linked everything you need to have source for all the information you have, you need to ask thing. So this is super important to a preserve. All the links or the proof are you are .

was struck by how thero the documentation, even in your public posting about this occurs. Ject was right at the same time as as you came anything shortly prior crowd strike published appears saying that they were pretty sure that they have figured out who USD L D. was.

As you talked about earlier, IT was inevitable that the fb GUI was probably looking into this actor as well. Your project was innocent project. That was stuff that was just out there in the world. How did your work differ from potentially, uh, what crowd strike was doing, what other parties were doing to figure out who this person was?

So the real story is a we one morning um I find post I I just read the post on twitter um about the portuguese. I think IT was a portuguese um article um saying we manage uh animi source give a report from cot sike， this report say this guy U S U D is school。 He has and they in this article, this article west not the good um on the they vote some information about U S U D.

But IT was super in complete there were were no so settled and the I I read this ticket and I was like, okay, this is interesting um I can smell some, I can smell something like this is interesting if they manage to find IT to find this guy, I am probably able to do IT too. Uh so I will start to find IT by, uh, with my tools, with my a following my way. But I want to source everything.

I want to have some clear, a clear way on the logical way to find him. So I started with my team. So we wear three people from predictable working on IT. And though, I mean, ten was later, we manage to to redo all the analysis on to find a lot of information about team.

And then the day after, I was not that happy, because I wanted to find another way to find him, and I managed to find a second way to find this really litill. So this guy made a lot of mistakes under when I did this work the second day um so when I was seeing before this guy the biggest tissue this guy made is he used in convert is E E convert is twitter icon is personal twitter ict to the U S U D, A twitter account. So everyone was known this A U S U D account, but so this twitter account was used before weave anima address.

And when you find, when you search these c, my address on data reaches, you are able to find a lot of personal information about him. And this is all you can find him. But i'm not i'm not from low enforcement, but low enforcement as a special power, obviously.

And and they were able to do a request to twitter to ask some information about this witter account long time ago。 So by doing a request to twitter, they were able to get some might be the previous user names used by this guy, but also this e mail. And when you have this may.

You can search on the ties and find everything about him, find where he is leading his name on everything. So this is why I don't eat on this, why this guy is still free. It's probably, uh, due to some geopolitical reasons.

I guess there is no treaty between between U. S. On brazil. And this is probably why I did nothing. But we, I publish these twitters had, uh, few weeks ago. Now on the I, I am pretty sure the F, B, I new movie guy was a long time before.

The world keeps getting smarter. Your e commerce business should too. Whether you're looking for incredible efficiency or your businesses outgrown your old shipping solutions, ship station helps you take the next step.

Ship station helps you achieve the exceptional shipping efficiency with a robust all in one order for filming system that integrates with over one hundred and eighty of the most popular e commerce platforms, marketplaces and Carriers, is the fastest, most affordable way to ship products to your customers with discounts of up to eighty nine percent off ups. Dhl express in ups rates, IT seamlessly integrates with services and selling channels you already use and manage orders on one easy dashboard. You can effortless to scale your business with smart features and automation that boost efficiency while bringing costs down. Lead your e commerce business into a smarter future with the shipping software that delivers switched to ship station today, go to ship station 点 com and use code hack to sign up for your free sixty day trial that ship station dark com code。

A Jordan, when we started of this podcast, did we ever think we would make merch?

No, and I think pates .

good thing. We don't make pens. Guess, guess what we make now.

But isn't t shirts and hats? Visors lots advisers. Everybody needs a hat visor. Start a trend. You are death con the summer and you're not on a hackbutt.

Anyway, we use shop of five chavez is great as like a global commerce platform that helps you sell every stage of your business. You know, from the long cheron online shop stage to the first real life store stage. All the way to that, we just do a million order stage shop fies there to help you grow just like they're helping us .

whether you're selling senate super offering outdoor out with shop, if I have to sell everywhere, they really do mean that from there all in one e commerce platform to their in persons points e system wherever you are and whatever is you are selling, shop fies got you covered.

IT is such a comprehensive platform you can do pretty much anything on. To integrate with so many other platforms is great. When we did our analysis to figure out which online sales platform we wanted to use shop, if I was the automatic winner.

yeah. Powers ten percent of all e commerce in the us. And shop fies, like the big global force behind Albert roth, is broke laded. Millions of other entrepreneurs of every size across one hundred and seventy five countries. You want your name to be on the list, you should probably go check out shop fy, and their award winning help is there to support you process every single step of the way.

because businesses the grow, grow is sharp. Fy danged .

straight sign up for a one dollar promotional al period, a shop fied dot come slash act all over case you go to shop fy dot com slash hacked right now to grow your business to matter what stage you are in that you are all one more times .

Scott shop of five dock com slash hacked or teaching .

who is premium al premier al is the trusted guide to ensure that you get the most out of your google cloud products as a google premier partner. Prom, I vote, is one hundred percent google focused and can help your organization get the full value from google solutions like google workplace, who cloud platform germany and vertex AI, google chrome hardware and more.

So why should you partner with them? Security is the biggest non negotiable in business. The only thing more important than that is making sure you had don't lose that, whether there's your organizations data or your customer data. Other important information promo s comprehensive management platform g panel is designed to enhance google workplace security with real time reporting, alerts and automation. G panel empowers organizations with unparalleled control over user management, compliance efficiency and more IT includes creating, editing or removing users in just a few clicks, managing permissions, rolls signature template, tes devices more from a single dashboard, real time alerts and actions once suspicious activity occurs in creating custom policies that seamlessly automate on boarding sporting nd commission in workflows learn how you can secure your google workplace with g panel by heading to premium al dot com slash hacked that's P R O M E V O dot com slash hacked in.

One of our most recent episodes were talking about data brokers. And when they got hacked and a bunch of people's personal information got stolen, why am I saying that? Because today we're talking about a sponsor of the hacked podcast, a sponsor of the hot line hacked series delete.

Have you ever wondered how much of your personal data is just like float around on the internet for anyone to see? Answer is probably more than you think. Your name, contact info and social security number, home address, even information about your family members, the encounter compiled by data brokers and sold and resolved online, anyone on the web can buy your private details. This can lead to identity is that fishing attempts, harassment, unwanted spam phone calls. Now you can protect your privacy with delete me.

Privacy matters to me and i'm pressure given the fact you're listening to this podcast that matters to you and as a person who exists publicly, especially as somebody who shares their opinions online and hyper aware of safety of me, myself, my family and and under security, and it's easier than ever to find that persons information out about people online all that day is just hang out on the internet. And IT has real world consequences.

That's why we personally recommend, use and choose delete me. Delete me as a subscription service that removes your personal information from hundreds of different data brokers.

sign up and provide delete me with exactly what information you don't want just hanging out on the internet, and their experts take IT from there. Delete me sends you regular personalized privacy reports showing what they're found, where they found IT, and how and what they removed.

Delete me as interest a one off one time service. They're always working for you, constantly monitoring and removing the personal information that you don't want on the internet. Put IT simply, the only me does all the hard work of wiping your and your family's personal information from data broker websites.

So take control of your data and keep your private life private by signing up for delete me now at a special discount for all hacked listeners today, get twenty percent off delete me plan when you go to join. Delete me duck ARM slash hacked and use promotion de hack to check out. The only way to get twenty percent off is to go to join delete me dcom slash hacked and enter hacked to check out that again is joined delete me duck on slash act code hacked to check out.

He's also been posting since all of this happened. Have you been following his this response to this identity becoming public?

So when IT happened, when the portuguese uh uh when the portuguese uh newspaper are publish article, uh so a lot of the attention uh received a lot of of media attention saying, is this true or not? Are you this guy on the E I think the article was publishing the morning and for the french on the during at the end of the day he confirmed to one of the uh U S. Newspaper that yes, I am this guy.

I will not hide, so if authorities want to meet me, there is no issue and not his head and I I can help you and I I will not. I don't, I will assume what what I did in the best, uh, we few days after that, we need some modification. And is a instagram account, which was a way to find him also. So his IT was the second way to find his real entity and also he locked, uh, is a facebook account, so he did some modification. But to be honest, this guy was not to be clever because, uh, there is still a lot of information about him on the and .

as we said earlier, IT seems as though the mistake that gets you cuts the majority made. So locking down an account moving forward doesn't do a whole lot.

But I know for, I know for a fact that this guy, a lot of people tried to dog him before because, you know, the acting community h acting in communities with 啊， you have a lot, a lot of Young people trying to take, trying to take the lead. And when someone is to be a public famous, like U. S, D, D, was, they want to take him down, basically.

And so are a lot of people 啊， discuss with him before, long time before that. And they warm, saying, okay guys, okay guys, you, we can find your identity. You did a mistake later.

He did nothing. He didn't correct IT so IT, he was not thing before. We kind of wrap up. Is there anything .

about the story that I haven't asked you about is they're like a big element to this that .

we didn't get what we can bring to people. Politics is so this guy was a very famous are for two years, he leaked a lot of information, but IT was not super killed. He was not, hey, adding some a lot of cyber security, a film manage to find on, but at the end he was able to do what he was doing.

So life is complicated. Uh, he was pulling. This guy was super strong, was threatening the F, B, I, saying, no one will be able to catch me.

But but, uh, in reality, this guy is not that not very happy, on the is super important for people, policeman and on the especially Young people, poor love cyber security who want to work in cyber security that IT doesn't pay at the at the end, maybe if you choose to be a cyber criminal, you will get a lot of money, but at one point you will lost everything all your life, personal life and also professional life. He doesn't work IT. So it's super important for Young people, for people inside our security to understand that, okay, IT can be sixty sometimes.

Yes, this guy managed to do a big database for sure, and that at end you will lose everything and you will face some some you will probably go to present at at one point, so to jil to jail, uh, at one point. So be careful of what you are doing. A B A B security professional call. We have a lot of things to do legally and so uh, don't hesitate to to do the college choice for anyone .

who is looking to get into for the first time. Kind of on the side that you're on, on the side that doesn't have people like you looking into you. What what would you recommend? We have a lot of folks that are interested in this field. Where where should someone who likes ocean start?

So ocean is complicated. Um what you have to understand what all thing is all is the name for open source intelligence. Open source means publicly accessible on intelligence. Uh is with super stoned world, with a big background, with A A heal, meaning on a lot of history behind working uh I know in the U S。

A lot of people, uh our military background more than in front of europe, general, and being from the intelligence community， uh is a is super different from being from from the real world they take like this and so of creating intelligence for information you find on the external is complicated. And it's not only h, it's not just a question of all. I managed to find a tool and guitar on the I do have some information yeah i'm doing no, the most important thing of all is to be able to analyze what you have to investigate, to understand the biggest story, uh, behind something.

So if you want to go on ocean, you need to be logical. A more than technical, and techno technical is important. You will be able to create some tool for sure. But at the end, if you have a lot of information on, you don't know what you have in front of you, it's just that IT doesn't matter. It's .

fascinating. So being able, as we we're talking about, hold the person behind this data that you're finding in your head as they come into clear and clear your image relief.

Yes, it's like A A I. I don't if IT is well in english puzo puzzle yeah it's like a puzo um it's I mean, when you are watching a movie, uh uh a movie about I am uh when you are watching a movie, you see the investigator are trying to understand what happened and D N, this guy is, but in your life is more complicated than because you have everything, you have a lot of data about t you need to, your brain must be able to do the correct link.

You need to understand the situation based on data which can be in complete, and you need to sometimes try some stuff, try some ipod 啊， be wrong alert and come back, try to find more data, understand what happened. So it's complicated because life is complicated, and it's not just a black or White, because life is not black on or White if you want to work in those, uh, this is a, this is really a passion. Uh, you will learn a lot of things.

You will work on a lot of different topic because 啊， i mean, I need a lot of a cool people on the work on different stories, but you will also work on on horribles stuff sometimes because this world is made of horribles people sometimes uh rebel crimes and um we need as a society people to investigate on to do this for converses why uh the work of the law enforcement all over the world is super important because uh we need these guys uh to to do their work and to find to get a bad guys. So o cni just a small part of wet law enforcement. Whatever is the world is doing, uh IT good and some citizens can do IT but be careful of what you are doing because great power, uh, big responsibility uh as always this is a .

fascinating stigmata was great to read about and thank you for sit down and taking me through IT this was a very fascinating .

thanks to you.