U.S. regulation enforcement at the moment seized the clear internet area of the infamous BreachForums (aka Breached) hacking discussion board three months after apprehending its proprietor Conor Fitzpatrick (aka Pompompurin), underneath cybercrime expenses.
Hosted at Breached[.]vc, the area now reveals a seizure banner saying the web site was taken down by the FBI, the Division of Well being and Human Providers, the Workplace of Inspector Basic, and the Division of Justice primarily based on a warrant issued by the U.S. District Court docket for the Japanese District of Virginia.
Different regulation enforcement authorities worldwide have been additionally a part of this motion, together with the U.S. Secret Service, Homeland Safety Investigations, the N.Y. Police Division, the U.S. Postal Inspection Service, the Dutch Nationwide Police, the Australian Federal Police, the U.Ok. Nationwide Crime Company, and Police Scotland.
As is widespread with area seizure messages, regulation enforcement displayed the brand for the positioning. Nonetheless, in a singular show, regulation enforcement took an unconventional strategy by additionally that includes handcuffs added to Pompompurin’s avatar within the seizure banner.
BleepingComputer has discovered that regulation enforcement additionally seized the pompur[.]in area, which was Pompompurin’s private web site, as a part of this operation.
Whereas BreachForums’ clear web area has been seized, its darkish internet counterpart does not but show the seizure banner however as an alternative reveals a “404 Not Discovered” Nginx error.
FBI and Justice Division spokespersons weren’t instantly out there for remark when contacted by BleepingComputer earlier at the moment.
As first reported by DataBreaches.web, these area seizures additionally led to the seizure of one among their very own websites used to report on information breaches.
The entire seized domains have had their DNS servers modified to ns1.seizedservers.com and ns2.seizedservers.com, two identify servers generally utilized by regulation enforcement.
Breached vs. the brand new Breached
After the arrest of Fitzpatrick, Baphomet, the remaining administrator, tried to take care of the functioning of the unique domains. Nonetheless, Baphomet believed that federal brokers gained entry to the servers, prompting the admin to close down the positioning on March twentieth.
Quickly after, visiting the area displayed “502 – Dangerous Gateway” error messages, indicating the positioning was now shut down.
In June, after rumors of Baphomet partnering with Shiny Hunters, a menace actor infamous for quite a few information breaches, to relaunch BreachForums on a brand new area, the outdated Breached area started displaying a default ‘Welcome to nginx!’ web page.
This indicated that another person had gained management over the domains and was altering their content material and configuration. Baphomet denied accountability for these modifications.
Even stranger, messages emerged on the outdated domains warning customers that BreachedForums would by no means return and emphasizing that any boards claiming to be a brand new model of BreachedForum must be approached cautiously.
“Any boards claiming to be ‘Breached’ or ‘BreachForums’ must be used with warning. BreachForums won’t ever return,” learn a message posted on the Breached[.]vc area.
This alert was later up to date with alleged messages from Baphomet cautioning that any boards claiming to be the brand new BreachForums must be assumed unsafe. Baphomet denied it was them making these updates on the outdated domains.
In an escalating battle between varied hacking boards, Baphomet’s and Shiny Hunter’s new BreachForums was hit by its personal information breach, with menace actors releasing the positioning’s stolen database.
Subsequently, an replace appeared on the outdated Breached[.]vc area, advising towards trusting the BreachForums clone because it had already been hacked. This message additionally contained a hyperlink to an SQL file for the leaked stolen database from the brand new BreachedForums.
All of those new updates on the positioning included a hidden HTML remark stating ‘Meow,’ adopted by a crying smiley face:
<!– meow :'(( –>
Whereas some within the cybersecurity neighborhood felt that this was an try by regulation enforcement to discourage the return of additional information breaches and hacking boards, this message additionally leaked the brand new BreachForums database, which isn’t one thing you’d sometimes see from regulation enforcement.
It’s extra probably that different menace actors had entry to the servers and have been posting these messages.
The outdated discussion board’s area started displaying the FBI’s seizure banner three days later.
Pompompurin’s arrest
Throughout his arrest on March fifteenth, BreachForums’ proprietor overtly admitted with out a lawyer current and after waiving his constitutional rights that his actual identify was Connor Brian Fitzpatrick and that he was certainly Pompourin, in accordance with a press release by FBI Particular Agent John Longmire included in court docket paperwork.
He was charged with involvement within the theft and sale of delicate private data belonging to “hundreds of thousands of U.S. residents and lots of of U.S. and overseas corporations, organizations, and authorities companies.”
Fitzpatrick was launched sooner or later in a while a $300,000 bond and was scheduled to look within the District Court docket of the Japanese District of Virginia on March twenty fourth.
On the day of his arraignment, the FBI confirmed in new court docket paperwork that that they had entry to BreachForums’ database.
After the proprietor’s arrest, Baphomet shut Breached down after saying they believed regulation enforcement had entry to the discussion board’s servers.
Who’s Pompompurin?
Pompompurin has been a high-profile member of RaidForums and a part of a cybercriminal underground centered on hacking corporations’ networks and promoting or leaking stolen information on-line.
Following the seizure of RaidForums in 2022, Pompompurin created the BreachForums (or Breached) discussion board, which shortly turned the most important platform for information leaks, often utilized by ransomware teams and different menace actors to leak stolen data.
Notably, earlier than Fitzpatrick’s arrest, an unidentified particular person tried to promote private information belonging to U.S. politicians. This information was obtained throughout the breach of D.C. Well being Hyperlink, the healthcare supplier for U.S. Home members, their households, and workers.
Pompompurin was additionally concerned within the breach of different high-profile organizations and firms. For example, he exploited a vulnerability in the FBI’s Regulation Enforcement Enterprise Portal (LEEP) to ship faux cyberattack alert emails.
He additionally stole buyer information from Robinhood and purportedly exploited a Twitter bug to seek out the e-mail addresses of roughly 5.4 million customers.
It also needs to be famous that court docket paperwork launched following Fitzpatrick’s arrest are but to reveal any expenses towards Pompompurin linked to breaches and malicious exercise past BreachForums.