Conor Brian Fitzpatrick, the founder of the now-defunct BreachForums site, has entered a guilty plea in connection with various charges linked to the cybercrime forum he ran, which also included possession of child pornography.

This significant development, first reported by DataBreaches.net, follows Fitzpatrick, also known as pompompurin, being formally charged in the United States nearly four months ago. The charges were related to conspiracy to commit access device fraud and possession of child pornography.

Launched in March 2022, BreachForums functioned as an illicit online marketplace where members exchanged hacked or stolen databases. This enabled cybercriminals to gain unauthorized access to targeted networks. The forum was dismantled in March 2023 shortly after Fitzpatrick’s arrest in New York.

Estimates indicate that the platform was associated with approximately 888 databases containing around 14 billion individual records. Prior to its closure, BreachForums boasted over 333,000 members, illustrating the scale of its operations.

The court documents detail that Fitzpatrick’s objective in operating BreachForums was to facilitate the trafficking of stolen databases, which included access devices, along with posting solicitations for these databases.

Fitzpatrick, aged 20, faces a potential maximum prison sentence of 40 years and fines that could amount to $750,000. Sentencing is scheduled for November 17, 2023.

The announcement of Fitzpatrick’s plea aligns with ongoing efforts by international law enforcement, such as the Spanish National Police, who recently captured a Ukrainian national linked to a fraudulent scareware operation that had evaded authorities for over a decade.

In a related case, Ashley Liles, a 28-year-old ex-IT security analyst, was sentenced to three years and seven months in prison for attempting to extort his company during a ransomware incident in 2018.

Using information gleaned from the original attacks, Liles is reported to have altered the payment instructions in ransom communications to divert funds to himself. He had previously pleaded guilty in April 2023.

The ramifications of these cases highlight the pressing need for businesses to remain vigilant against cyber threats and the importance of understanding tactics employed by adversaries. Within the MITRE ATT&CK framework, tactics such as initial access, persistence, and privilege escalation may have been relevant components in these incidents. Organizations must ensure robust cybersecurity protocols are in place to mitigate the risks associated with evolving cybercriminal tactics.