In a significant law enforcement operation, a 21-year-old man from New York has been arrested for allegedly operating the notorious hacking forum BreachForums under the alias “Pompompurin.” The arrest, reported first by Bloomberg Law, follows intensive investigations by federal authorities at a residence in Peekskill, where evidence was confiscated.
According to a Federal Bureau of Investigation (FBI) affidavit, the suspect, identified as Conor Brian Fitzpatrick, openly admitted to his involvement with the forum. He has been charged with conspiring to sell unauthorized access devices, which poses a significant threat to various organizations and individuals who may be targeted by such illicit activities.
Fitzpatrick’s arrest took place on March 15, 2023, and he was released the following day after his parents posted a $300,000 bond. He is set to appear in the District Court for the Eastern District of Virginia. The conditions of his release include restrictions on international travel and communication with co-conspirators, as well as prohibitions against the use of narcotic drugs unless prescribed.
BreachForums came into existence shortly after the shutdown of RaidForums in March 2022, positioning itself as a successor. According to cybersecurity specialists, Fitzpatrick created the platform as an alternative, asserting its lack of affiliation with its predecessor. This inherent design and development indicate tactics such as initial access, where attackers establish control over platforms for illegal activities.
As the forum gained notoriety for hosting stolen data, including sensitive personal information from various companies, it became a focal point for cybersecurity concerns. Following Fitzpatrick’s arrest, another user, known as Baphomet, claimed leadership of the forum, distancing themselves from the ongoing investigation while asserting their Operational Security (OPSEC) practices shielded them from repercussions.
In a demonstration of the evolving landscape of cybercrime, these incidents are juxtaposed with recent actions taken by global authorities, such as the Cyber Police of Ukraine, who arrested a 25-year-old developer for creating a remote access trojan that compromised over 10,000 devices under the pretext of offering gaming applications.
Update
Despite previous statements indicating the forum would remain operational, BreachForums is currently offline, displaying a “502 – Bad Gateway” error, raising questions about its future and the resiliency of online criminal networks.
