Today, the FBI confirmed it has access to the database of popular hacking forum BreachForums (aka Breached) after the US Department of Justice also officially announced the arrest of its owner.

Conor Brian Fitzpatrick, 20 (also known as Pompompurin) was loaded for his involvement in the theft and sale of sensitive personal information belonging to “millions of American citizens and hundreds of U.S. and foreign businesses, organizations, and government agencies” on the cybercrime forum Breached.

Fitzpatrick appeared in court for the Eastern District of Virginia today after stopped a week ago at his home in Peekskill, New York, and released on $300,000 bond.

The FBI now has access to the BreachForums database

In new court documents released this FridayFBI Special Agent John Longmire revealed that the FBI has the Breached database, which has established that Fitzpatrick is indeed Pompompurin, the primary administrator of the forum, based on activity logs and the Optimum Online Internet connection they used (registered using the conorfitz@optimum .net email address).

Fitzpatrick also made it easier for law enforcement to link him to Pompompurin’s online alias after he told the owner of RaidForums in a private chat that a stolen and leaked database for ai.type did not contain his former email address (conorfitzpatrick02@gmail.com), which was shown as leaked on Have I Been Pwned.

The FBI was able to view this private conversation after seized RaidForums serversand its databases, in February 2022

As Longmire added in his March 15 affidavit, the FBI also found Fitzpatrick’s Optimum Online IP address ( recorded in the BreachForums database after he used it once to log into the forum. , either after forgetting to use Tor or enabling the VPN. that he usually used, or after the VPN service failed.

Fitzpatrick used the same IP address to access his iCloud account dozens of times from his iPhone in less than two weeks.

“While the FBI’s review of the BreachForums database reveals that the pompompurin account was generally accessible via VPN or Tor services, I think it is noteworthy that the IP address was previously used to log into the pompompurin account on or around June 27, 2022,” Longmire said.

“Additionally, records received from Apple Inc. regarding an iCloud account associated with FITZPATRICK reveal that the account was accessed approximately 97 times from IP address between on or about May 19, 2022 and on or around June 2, 2022, from an iPhone mobile device.”

During his arrest, the defendant also openly admitted to law enforcement without the presence of a lawyer and after waiving his constitutional rights that he was behind the BreachForums Pompompurin account.

“He also admitted that he owned and administered BreachForums and previously managed the pompompurin account on RaidForums,” Longmire added.

“He estimated that he was making about $1,000 a day from BreachForums, and he uses that money to administer BreachForums and buy other domains.”

Who is Pompompurin?

Pompompurin was a high profile member of RaidForums and is part of an underground network of cybercriminals dedicated to breaching businesses and selling or leaking their stolen data online.

After RaidForums was seized in 2022, Pompourin created a new forum known as BreachForums or Breached to fill the void.

Breached has quickly become the largest data leak forum, commonly used by ransomware gangs and other threat actors to leak stolen data.

Just before Fitzpatrick’s arrest, a threat actor tried to sell US politicians’ personal data stolen after they raped DC Health Linkthe healthcare provider for US House members, their families and staff.

Pompompurin has also been implicated in high-profile breaches, including using a loophole in the Company Portal for FBI Law Enforcement (LEEP) to send fake cyberattack alert emails, steal Robinhood customer dataand would have used a Twitter bug to confirm email addresses of approximately 5.4 million users.

Since Fitzpatrick’s arrest, court documents have revealed no charges brought by Pompompurin’s own violations and malicious activities outside of the data leak forum.

Breached closed after Pompompurin’s arrest

After Fitzpatrick’s arrest, the The hacked hacking forum has been closed by Baphomet, the remaining admin, after they said they believed law enforcement had access to the servers.

The announcement follows an initial decision to migrate the website to a new infrastructure to allow users to continue using the platform.

“Throughout the migration, I checked to see if anything was happening that might cause concern during the migration. One of the servers checked was the old CDN server described above. be connected on March 19 at 1:34 a.m. EST before I connected to the server,” Baphomet said earlier this week.

“Unfortunately this probably leads to the conclusion that someone has access to the Poms machine. This will be my last update on Breached as I have decided to shut it down. I am aware that this news will not sit well with anyone. , but it’s the only sure thing now that I’ve confirmed glowies probably have access to the Poms machine”, with “glowies” meaning feds.

In a new update shared today, Baphomet commented on the FBI’s confirmation that they had access to Breached servers and added that each user should have managed their own OPSEC.

“The most important thing right now for our community is to know that it’s now confirmed that the FBI has access to the Breached database. They make that clear in their most recent documents,” Baphomet said. said.

“At this point, the whole document will clearly show what I’ve been saying all my time on Breached, and that you shouldn’t trust anyone to handle your own OPSEC. I never made that assumption as a administrator, and no one else should have one or the other.”


Source link