BreachForums cybercrime website down, admin busted

The feds have arrested suspected cybercrime marketplace administrator Conor Brian Fitzpatrick, known as Pompompurin, prompting his cohorts to preach continuity. However, BreachForums is down following the arrest.

Federal agents have arrested Fitzpatrick, suspected curator of the infamous cybercrime marketplace BreachForums. Fitzpatrick was charged with “conspiracy to solicit individuals with the purpose of selling unauthorized access devices,” court documents show.

According to the statement from the FBI agent behind the arrest, Fitzpatrick allegedly admitted he was a BreachForums admin and used the alias Pompompurin.

While the court documents don’t indicate Pompompurin's age, Bloomberg reported that Fitzpatrick was among the 2021 graduates of a school in Peekskill, New York, where he was arrested.

BreachedForums arrest
BreachForums admin reassuring users. Image by Cybernews.

Hours after news about Pompompurin’s arrest broke, BreachForums was flooded with users inquiring about the website’s future. One of the remaining admins, known as Baphomet, claimed he had the technical capacity to protect the forum.

In an attempt to calm users, Baphomet said Pompompurin’s access to all important site infrastructure was restricted, and to date no modifications suggesting law enforcement gained access had been noted.

“OPSEC [operation security] has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat,” the admin wrote.

However, on the morning of March 20, the BreachForums website was inaccessible on the clear net and the dark web. That could point to admins migrating the infrastructure to new servers, problems related to the arrest of Fitzpatrick, or short-term issues.

Cybercriminals use BreachForums to exchange data stolen from businesses and other organizations. Recently, that stolen from a medical insurance company DC Health Link, including sensitive information on US House and Senate members, was posted on the website.

Numerous other leaks have appeared on the forums since its inception last year. Attackers posted data allegedly taken from US-based software company Beeline, Taiwanese hardware and electronics giant Acer, video game maker Activision, messaging app WhatsApp, and many others.

Pompompurin likely created BreachForums after the FBI seized a similar website called RaidForums. Pompompurin often took responsibilities suggesting him as the likely leader of BreachForums: for example, issuing a statement after the forum’s domain was suspended last year.

Media reports indicate Fitzpatrick was released on a $300,000 unsecured bond. Researchers at VX-Underground said that Fitzpatrick would appear in a Virginia court on March 24, the same day Yaroslav Vasinksyi will be sentenced in Texas. Vasinskyi confessed to having hacked the software company Kaseya as an affiliate of a ransomware gang REvil.