In recent news, law enforcement authorities in the United States have apprehended a New York resident suspected of running the infamous BreachForums hacking forum under the online pseudonym “Pompompurin.” This development was initially reported by Bloomberg Law and confirmed by News 12 Westchester, which reported that federal investigators had spent several hours at a home in Peekskill, New York, and were observed removing several bags of evidence.
The Federal Bureau of Investigation (FBI) filed an affidavit in court stating that the suspect identified himself as Conor Brian Fitzpatrick and admitted to owning the BreachForums website. FBI Special Agent John Longmire, who arrested Fitzpatrick on March 15, 2023, said, “When I arrested the defendant, he stated to me that his name was Conor Brian Fitzpatrick, he used the online pseudonym ‘pompompurin,’ and he was the owner and administrator of ‘BreachForums.'”
Fitzpatrick has been charged with one count of conspiracy to solicit individuals with the purpose of selling unauthorized access devices. He was released a day later after his parents signed a $300,000 bond on his behalf. The defendant is scheduled to appear before the District Court for the Eastern District of Virginia on March 24, 2023. As part of his bail conditions, Fitzpatrick is prohibited from obtaining a passport or international travel document, contacting his co-conspirators, and using narcotic drugs or other controlled substances unless prescribed by a licensed medical practitioner.
The BreachForums website emerged last year, three weeks after a coordinated law enforcement operation seized control of RaidForums in March 2022. Cybersecurity firm Flashpoint reported that in the threat actor’s welcoming thread, “pompompurin” stated that they had created BreachForums as an alternative to RaidForums but that it was “not affiliated with RaidForums in any capacity.” Since its inception, BreachForums has gained notoriety for hosting stolen databases belonging to several companies, often containing sensitive personal information.
Following Fitzpatrick’s arrest, another user on the forum named Baphomet declared that they were taking ownership of the website, stating that there was no evidence of any “access or modifications to Breached infra.” In an announcement, Baphomet stated, “My only response to [law enforcement], or any media outlet is that I have no concerns for myself at the moment. OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat.”
In other cybersecurity news, the Cyber Police of Ukraine recently announced the arrest of a 25-year-old developer who created a remote access Trojan that infected over 10,000 computers under the guise of gaming apps. If you find this article interesting, you can follow the publishers on Twitter and LinkedIn for more exclusive content.