Breach Notification , Cybercrime , Fraud Management & Cybercrime
FBI Says It Arrested BreachForums Mastermind 'Pompompurin'Agents Say NY Man Ran the Popular Successor to the Forum Shuttered in April 2022
Federal agents arrested the alleged administrator of the criminal underground forum BreachForums, tracing him to a small town in New York's Hudson Valley.
See Also: OnDemand | Are You Vulnerable? The Alarming Rise in Cyberattacks
FBI agents say Conor Brian Fitzpatrick, a resident of Peekskill, confessed to being "Pompompurin," the owner of BreachForums, an English-language successor to a hacking forum shuttered by federal law enforcement in February 2022.*
"When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias 'Pompompurin/"' and c) he was the owner and administrator of 'BreachForums/' the data breach website," wrote Special Agent John Longmire.
A local television station broadcast video of federal agents removing evidence from a Peekskill house. Bloomberg reported that an area newspaper listed Fitzpatrick among the 2021 graduates of Peekskill High School.
A federal judge released Fitzpatrick on a $300,000 bond signed by his parents. His next court appearance is set for the U.S. District Court for the Eastern District of Virginia in Alexandria, Virginia, on Friday.
On BreachForums, a user named Baphomet wrote that he has assumed control. "I have most, if not all the access necessary to protect BF infrastructure and users," he wrote. He vowed he won't be caught. "OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat."
BreachForums is a spinoff of RaidForums, which was disrupted in February 2022 by law enforcement. Pompompurin had been an active member of RaidForums, which facilitated the sale of stolen data.
Threat intelligence firm Flashpoint predicted after RaidForums' demise that "due to the anti-Russian sentiment felt by a large portion of RaidForums users, these users may not be easily enticed to migrate to Russian-language alternative."
Pompompurin quickly elevated the platform into a go-to hot spot on the English-language cybercriminal scene.
"Following the takedown of its older sibling, the forum has grown increasingly in popularity owing to its member base - 41,500 members, an almost 35,000 rise since April 2022 - and their selling of media-attention-seeking data sets," wrote cybersecurity firm ReliaQuest in 2022.
BreachForums also appears to allow ransomware groups to advertise for affiliates, targets and initial access to victim networks, without restrictions. Kela reports that the Chaos ransomware builder has been advertised on the forum, as have new ransomware-as-a-service offerings SolidBit and Garyk.
Last December, a hacker reportedly using a fake email address posed as a chief executive of an American financial institution to gain bureau-approved access to FBI public-private cybersecurity forum InfraGard and was selling details on BreachForums of its more than 80,000 members (see: Hacker Reportedly Breaches US FBI Cybersecurity Forum).
*Correction March 24, 2023 20:59 UTC: Law enforcement took down RaidForums in February 2022, not April 2022. We regret the error.