Conor Brian Fitzpatrick – the former administrator of hacker marketplace BreachForums busted by the feds last March – will spend the next 20 years under supervised release.
The sentence, which was handed down by US Eastern District Court of Virginia’s Judge Leonie M. Brinkema on Friday, is a far cry from the US government's earlier recommendation that Fitzpatrick spend 15 years in prison for his hacking and child pornography-related crimes.
The now 21-year-old New York state resident, also known by his online screen name Pompompurin, had been running the now-defunct Breached site for nearly a year before its second-in-command shut it down in the wake of the arrest over fears the FBI had access to the site.
Malware repository vx-underground posted on X it had “spoken with individuals from the US Eastern District Court of Virginia” late Friday.
“We requested information from the Clerks office on the official sentencing of Mr. Conor Fitzpatrick, the previous administrator of BreachedForum. He was sentenced to 20 years supervised release,” the post stated.
“He will not be going to prison. That is a profoundly kind sentence from the Honorable Judge Brinkema,” vx-underground wrote.
“More details will be present on PACER on Monday, or Tuesday, when the Court Deputy enters the information into their system,” it said.
PACER is the public electronic court records system for the US federal courts.
The most recent case documents filed by prosecutors on Tuesday, January 16th, stated that Fitzpatrick "has pleaded guilty to an Information charging him with conspiracy to commit access device fraud, solicitation for the purpose of offering access devices and possession of child pornography."
Already there are rumors that the FBI has scooped up Fitzpatrick to assist the agency in exchange for what many industry insiders are saying is an extremely lenient sentence.
“Coming from Eastern VA myself, those sound like snitch numbers. *NO ONE* gets more than a few years of supervised probation without the internal investigators and Federal agents using you and need you out of prison to assist them,” one X user commented on the sentence.
“How the actual eff does child porn, criminal hacking, breaking bail == 20 years probation?!... Something janky going on here. This has to be one of the lightest hand slaps I've ever seen, short of getting off the hook entirely,” another X user said.
Just days before the official sentencing, US prosecutors filed a recommendation “that the Court impose a sentence of 188 months' imprisonment, which is sufficient, but not greater than necessary, to reflect the seriousness of the crime, the significant harm caused by the defendant's crimes, the risk of recidivism, and to deter the defendant and others who may seek to profit from this type of widespread cybercrime in the future."
On top of his original charges, Fitzpatrick, who was on house arrest awaiting sentencing, violated his parole by using a computer without the court-prescribed monitoring software enabled.
FBI agents arrested the former admin for the parole violation on January 2nd. Fitzpatrick had been previously released on 300,000 bail.
BreachForums was said to be a resurrected version of another criminal marketplace, RaidForums, which was also seized by the FBI back in August of 2022.
Cybercriminals used BreachForums to exchange data stolen from businesses and other organizations. For example, information stolen from a medical insurance company, DC Health Link, including sensitive information on US House and Senate members, was posted on the website.
Numerous other leaks have appeared on the forums since its inception last year. Attackers allegedly posted data from US-based software company Beeline, Taiwanese hardware and electronics giant Acer, video game maker Activision, messaging app WhatsApp, and many others.
The take-down of BreachForums, which the US Department of Justice said had over 340,00 active users, spurred a bevy of replicas until Fitzpatrick’s second, Blaphomet, relaunched the site in June of 2023.