Feds Cost NY Man as BreachForums Boss “Pompompurin” – Krebs on Safety | Tech Vio

He US Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of working BreachForums, a preferred English-language cybercrime discussion board the place a number of the world’s largest hacked databases are routinely put up on the market. The discussion board administratorpompompurinehas been a thorn within the facet of the FBI for years, and BreachForums is extensively considered a reincarnation of RaidForumsa remarkably comparable prison discussion board that the FBI infiltrated and dismantled in 2022.

FBI brokers eradicating objects from the Fitzpatrick house on March 15. Picture: Information 12 Westchester.

In an affidavit filed with the District Court docket for the Southern District of New York, FBI Particular Agent John Langmire stated that at about 4:30 p.m. on March 15, 2023, he led a group of regulation enforcement officers who made a possible trigger arrest of a conor brian fitzpatrick in Peekskill, New York.

“Once I arrested the defendant on March 15, 2023, he informed me in substance and partially that: a) his title was Conor Brian Fitzpatrick; b) he used the alias ‘pompompurin/’ and c) he was the proprietor and supervisor of ‘BreachForums,’ the information breach web site referenced within the criticism,” Langmire wrote.

Pompompurin has been one thing of a nemesis for the FBI for a number of years. In November 2021, KrebsOnSecurity broke the information that hundreds of bogus emails a few cybercrime investigation had been faraway from FBI electronic mail methods and web addresses.

Pompompurin took credit score for that hack, saying he was capable of ship the FBI electronic mail by exploiting a flaw in an FBI portal designed to share info with state and native regulation enforcement authorities. The FBI later acknowledged {that a} software program misconfiguration allowed somebody to ship pretend emails.

In December 2022, KrebsOnSecurity broke the information that hackers energetic on BreachForums had infiltrated the FBI’s InfraGard program, an FBI vetted program designed to create partnerships to share info on bodily and cyber threats with business consultants. personal. The hackers posed because the CEO of a serious monetary firm, utilized for InfraGard membership on behalf of the CEO, and had been granted admission to the group.

From there, the hackers ransacked the InfraGard membership database and proceeded to promote contact info for greater than 80,000 InfraGard members in an public sale on BreachForums. The FBI responded by disabling the portal for a while, earlier than lastly forcing all InfraGard members to reapply for membership.

Extra just lately, BreachForums was the gross sales discussion board for stolen knowledge from DC Well being Hyperlink, a Washington, DC-based medical insurance alternate that suffered a knowledge breach this month. The gross sales thread initially stated the information included the names, Social Safety numbers, dates of delivery, well being plan and enrollee info, and greater than 170,000 individuals, although the official discover of the breach says 56,415 individuals had been affected.

In April 2022, the US Division of Justice seized the servers and domains of RaidForums, a particularly fashionable English-language cybercrime discussion board that offered entry to greater than 10 billion shopper data stolen in a number of the leaks. of the world’s largest knowledge recordsdata since 2015. As a part of that operation, the feds additionally indicted the alleged administrator, Diogo Santos Coelho, 21, of Portugal, with six prison counts.

Coelho was arrested within the UK on January 31, 2022. At the moment, the brand new BreachForums had been energetic for slightly below per week, however wanting acquainted.

BreachForums stays accessible on-line, and by reviewing the stay chat feed on the positioning’s house web page, it seems that energetic discussion board customers are solely simply realizing that their administrator, and the positioning’s database, might be now’s within the palms of the FBI:

BreachForums members focus on the arrest of the alleged proprietor of the discussion board.

“Wait, if Pom was arrested, then the FBI does not have all of our knowledge that we have checked in with?” requested a involved BreachForums member.

“However I assume all of us have good VPNs proper…proper guys?” provided one other inhabitant.

“Like Pom, I’ll almost definitely make a plea deal and cooperate with the feds as a lot as attainable,” one other responded.

Fitzpatrick couldn’t instantly be reached for remark. The FBI declined to remark for this story.

There is just one web page within the prison criticism towards Fitzpatrick (PDF), which prices him with one rely of conspiracy to commit entry system fraud. The affidavit relating to his arrest is on the market right here (PDF).