SoylentNews

Feds Arrest Alleged BreachForums Owner Linked to FBI Hacks

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Feds arrest alleged BreachForums owner linked to FBI hacks [theverge.com]:

• Security [theverge.com]/
• Policy [theverge.com]/
• Tech [theverge.com]

Feds arrest alleged BreachForums owner linked to FBI hacks Feds arrest alleged BreachForums owner linked to FBI hacks / The FBI has arrested Conor Brian Fitzpatrick, also known as ‘Pompompurin,’ who took credit for hacking the agency’s emails in 2021. Share this story

The FBI has arrested the person allegedly in charge of the BreachForums online hacking community, as reported earlier by Krebs on Security [krebsonsecurity.com] and Bleeping Computer [bleepingcomputer.com]. Conor Brian Fitzpatrick, also known online as “Pompompurin,” was arrested at his New York home on Wednesday and charged with conspiracy to commit access device fraud, according to a pair [documentcloud.org] of court filings [documentcloud.org].

In a sworn statement, the FBI agent involved in the case claims Fitzpatrick admitted to owning BreachForums at the time of his arrest and identified himself as Pompompurin. Pompompurin created BreachForums [flashpoint.io] after the FBI seized RaidForums [bleepingcomputer.com], a similar hacking site that also sold leaked information.

The hacker is implicated in a number of breaches, with many of them targeting the FBI. In 2021, Pompompurin took responsibility for a hack that sent out thousands of fake cybersecurity warnings from the FBI’s email address [theverge.com], and is also linked to the breach of Infragard [krebsonsecurity.com], the FBI’s information-sharing program that aims to raise awareness about physical and digital threats to government organizations and independent companies.

The hacking forum was recently involved in the breach of DC Health Link

Additionally, Bleeping Computer notes that Pompompurin is connected to the 2021 Robinhood breach [theverge.com] that exposed the information of millions of its users, as well as the leak of Twitter user handles and email addresses [bleepingcomputer.com] that occurred in November 2022.

A recent post on BreachForums indicates that the site will remain up and running under new ownership — at least for now. The hacking forum has already been involved in recent cyberattacks, including a breach of DC Health Link [bleepingcomputer.com], a healthcare marketplace used by many US politicians and government staff members, and the breach of Australian telecommunications company Optus [theguardian.com].

Fitzpatrick was released on a $300,000 bond on Thursday and will appear in a Virginia court on March 24th, according to Bloomberg [bloomberg.com].

Most Popular

1. If you’re diabetic, don’t wait for your smartwatch to replace your needles [theverge.com]
2. Microsoft’s new Copilot will change Office documents forever [theverge.com]
3. VW beats Tesla to the punch and unveils an affordable electric vehicle [theverge.com]
4. Amazon’s Swarm is so close to being brilliant [theverge.com]
5. This Apple Pencil clone provides 80 percent of the experience for a quarter of the price [theverge.com]

Verge Deals

/ Sign up for Verge Deals to get deals on products we've tested sent to your inbox daily.

Email (required)Sign upBy submitting your email, you agree to our Terms [voxmedia.com] and Privacy Notice [voxmedia.com]. This site is protected by reCAPTCHA and the Google Privacy Policy [google.com] and Terms of Service [google.com] apply.;

Notorious Hacking Forum Shuts Down After Administrator Gets Arrested

upstart [soylentnews.org] writes:

████ # This file was generated bot-o-matically! Edit at your own risk. ████

Notorious hacking forum shuts down after administrator gets arrested [techcrunch.com]:

Last week, the FBI arrested a man [bloomberg.com] alleged to be “Pompompurin,” the administrator of the infamous and popular Breach Forums. Days after the arrest, the cybercrime website’s new administrator announced that they are shutting down the forum for good.

“Please consider this the final update for Breached,” the new admin, known as “Baphomet,” wrote in the official Telegram channel. “I will be taking down the forum, as I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is.”

The new administrator Baphomet did not respond to our request for comment.

The apparent end of Breach Forums comes roughly a year after a coalition of international law enforcement agencies led by the U.S. Department of Justice seized RaidForums [vice.com], another notorious cybercrime forum where hacked databases would be advertised and sold. Breach Forums was born in the aftermath of RaidForums’ demise, and served pretty much the same purpose and audience.

“I want to make it clear, that while this initial announcement is not positive, it’s not the end. I’m going to setup another Telegram group for those who want to see what follows. You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all,” Baphomet wrote. “Ggive (sic) me 24 hours to get some rest and give thought to how we move on from here. I will be back online after that, and we will talk. I am going nowhere.”

In an attached message, which was signed with Baphomet’s PGP key to prove it was genuinely written by them, they wrote that they were able to confirm that the authorities have access to Pompompurin’s machine.

Baphomet explained that while he was migrating the forum’s severs, he found that someone had logged into one of the servers before they did.

“Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless,” Baphomet wrote. “This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.”

The feds accuse Conor Brian Fitzpatrick of being Pompompurin, who faces charges in New York as well as in the Eastern District of Virginia. Fitzpatrick is accused of conspiracy to commit access device fraud.

On Monday, three days after Fitzpatrick’s arrest and before they found that someone had accessed one of the servers, Baphomet announced they were migrating the forum’s servers to keep Breach Forums alive.

That plan is no longer in motion, but Baphomet said this is not the end.

“As for what this means now, It’s complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around,” they wrote.

“While the community of Breached will die, I’m going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I’m hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.”

Do you have information about BreachForums? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com [mailto]. You can also contact TechCrunch via SecureDrop [techcrunch.com].

Original Submission #1  Original Submission #2