Today, the FBI confirmed they’ve entry to the database of the infamous BreachForums (aka Breached) hacking discussion board after the U.S. Justice Department additionally formally introduced the arrest of its proprietor.
20-year-old Conor Brian Fitzpatrick (also referred to as Pompompurin) was charged for his involvement within the theft and sale of delicate private data belonging to “millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies” on the Breached cybercrime discussion board.
Fitzpatrick appeared in the present day in court docket within the Eastern District of Virginia after being arrested one week in the past at house in Peekskill, New York, and launched on a $300,000 bond.
FBI now has entry to the BreachForums database
In new court docket paperwork revealed this Friday, FBI Special Agent John Longmire revealed that the FBI has the Breached database, which helped set up that Fitzpatrick is certainly Pompompurin as charged, the discussion board’s fundamental admin, based mostly on exercise logs and the Optimum Online Internet connection he used (registered utilizing the conorfitz@optimum.web e-mail deal with).
Fitzpatrick additionally made it simpler for legislation enforcement to hyperlink him to the Pompompurin on-line deal with after he instructed the RaidForums proprietor in a non-public dialog {that a} leaked, stolen database for ai.sort didn’t comprise his older e-mail deal with (conorfitzpatrick02@gmail.com), which was proven as leaked on Have I Been Pwned.
The FBI was capable of see this non-public dialog after they seized RaidForums’ servers, and its databases, in February 2022
As Longmire added in his March 15 affidavit, the FBI additionally discovered Fitzpatrick’s Optimum Online IP deal with (69.115.201.194) logged within the BreachForums database after utilizing it as soon as to check in on the discussion board, both after forgetting to make use of Tor or to allow the VPN he normally used, or after the VPN service failed.
Fitzpatrick used the identical IP deal with to entry his iCloud account dozens of instances from his iPhone over fewer than two weeks.
“While the FBI’s examination of the BreachForums database reveals that the pompompurin account was typically accessed through VPN services or Tor, I believe it is notable that IP address 69.115.201.194 was once used to login to the pompompurin account on or about June 27, 2022,” Longmire stated.
“Further, records received from Apple Inc. concerning an iCloud account associated with FITZPATRICK reveals that the account was accessed approximately 97 times from IP address 69.115.201.194 between on or about May 19, 2022 and on or about June 2, 2022, from an iPhone mobile device.”
On his arrest, the defendant additionally overtly admitted to legislation enforcement with out a lawyer current and after waiving his constitutional rights that he was behind the BreachForums Pompompurin account.
“He also admitted that he owns and administers BreachForums and previously operated the pompompurin account on RaidForums,” Longmire added.
“He estimated that he earned approximately $1,000 a day from BreachForums, and that he uses this money to administer BreachForums and purchase other domains.”
Who is Pompompurin?
Pompompurin has been a high-profile RaidForums member and a part of a cybercriminal underground devoted to breaching corporations and promoting or leaking their stolen knowledge on-line.
After the RaidForums’ seizure in 2022, Pompourin created a brand new discussion board often called BreachForums or Breached to fill the void.
Breached rapidly turned the biggest knowledge leak discussion board, generally utilized by ransomware gangs and different risk actors to leak stolen knowledge.
Just previous to Fitzpatrick’s arrest, a risk actor tried to promote the private knowledge of U.S. politicians stolen after breaching D.C. Health Link, the healthcare supplier for U.S. House members, their households, and their workers.
Pompompurin has additionally been concerned in high-profile firm breaches, together with utilizing a flaw within the FBI’s Law Enforcement Enterprise Portal (LEEP) to ship pretend cyberattack alert emails, stealing Robinhood buyer knowledge, and allegedly utilizing a Twitter bug to substantiate the e-mail addresses of roughly 5.4 million customers.
Since Fitzpatrick’s arrest, court docket paperwork haven’t revealed any prices introduced by Pompompurin’s personal breaches and malicious exercise exterior the info leak discussion board.
Breached shut down after Pompompurin’s arrest
Following Fitzpatrick’s arrest, the Breached hacking discussion board was shut down by Baphomet, the remaining administrator, after saying that they believed legislation enforcement had entry to the servers.
The announcement adopted an preliminary resolution emigrate the web site to new infrastructure to permit customers to proceed utilizing the platform.
“Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked, was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server,” Baphomet stated earlier this week.
“Unfortunately this likely leads to the conclusion that someone has access to Poms machine. This will be final my final update on Breached, as I’ve decided to shut it down. I’m aware this new will not please anyone, but it’s the only safe decision now that I’ve confirmed that the glowies likely have access to Poms machine,” with ‘glowies’ which means Federal brokers.
In a brand new replace shared in the present day, Baphomet commented on the FBI’s affirmation that they’d entry to Breached servers and added that each consumer ought to’ve been dealing with their very own OPSEC.
“The most important thing right now of our community is to be aware that the FBI is now confirmed to have access to the Breached database. They clearly say so in their most recent documents,” Baphomet stated.
“At this point the entire document will clearly show what I’ve said for the entirety of my time on Breached, and that you shouldn’t trust anyone to handle your own OPSEC. I never made this assumption as an admin, and no one else should have either.”