Breach Notification , Cybercrime , Fraud Management & Cybercrime
Agents Say NY Man Ran the Popular Successor to Forum Shuttered in April 2022 Prajeet Nair (@prajeetspeaks) • March 18, 2023
Federal agents arrested the alleged administrator of criminal underground forum BreachedForums, tracing him to a small town in New York’s Hudson Valley.
See Also: State of Brand Protection Report
FBI agents say Conor Brian Fitzpatrick, resident of Peekskill, confessed to being “pompompurin,” owner of BreachForums, an English language successor to a hacking forum shuttered by federal law enforcement in April 2022.
“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias ‘Pompompurin/”‘ and c) he was the owner and administrator of ‘BreachForums/’ the data breach website,” wrote Special Agent John Longmire.
A local television station broadcast video of federal agents removing evidence from a Peekskill house. Bloomberg reported that an area newspaper listed Fitzpatrick among the 2021 graduates of Peekskill High School.
A federal judge released Fitzpatrick on a $300,000 bond signed by his parents. His next court appearance is set for the federal courthouse in Alexandria, Va., on March 24.
On BreachForums, a user by the name of Baphomet wrote that he has assumed control. “I have most, if not all the access necessary to protect BF infrastructure and users,” he wrote. He vowed he won’t be caught. “OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat.”
BreachForums is a spin-off of RaidForums that was disrupted in February 2022 by law enforcement. Pompompurin had been an active member of RaidForums, a forum to facilitate the sale of stolen data.
Threat intelligence firm Flashpoint predicted after RaidForums’ demise that “due to the anti-Russian sentiment felt by a large portion of RaidForums users, these users may not be easily enticed to migrate to Russian-language alternative.”
Pompompurin quickly elevated this platform into one of the next go-to hot spots on the English-language cybercriminal scene.
“Following the takedown of its older sibling, the forum has grown increasingly in popularity owing to its member base – 41,500 members, an almost 35,000 rise since April 2022 – and their selling of media-attention-seeking data sets,” wrote cybersecurity firm Reliaquest in 2022.
Breached also appears to allow ransomware groups to advertise for affiliates, targets and initial access to victim networks, without restrictions. Kela reports that the Chaos ransomware builder has been advertised on the forum, as have new ransomware-as-a-service offerings SolidBit and Garyk.
In December, a hacker reportedly using a fake email address posed as a chief executive of an American financial institution to gain bureau-approved access to FBI public-private cybersecurity forum InfraGard and was selling details on BreachedForums of its more than 80,000 members (see: Hacker Reportedly Breaches US FBI Cybersecurity Forum).
