An American believed to be behind the BreachForums criminal marketplace for selling stolen data has been arrested in a community just north of New York City.
According to an FBI affidavit filed in the Southern District of New York and posted by a court monitoring website, Conor Brian Fitzpatrick is believed to be the forum’s administrator, who used the nickname Pompompurin.
He was arrested in Peekskill, N.Y., Wednesday and charged with one count of conspiracy to solicit individuals with the purpose of selling unauthorized access devices.
“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias “pompompurin,” and c) he was the owner and administrator of “BreachForums,”” the affadavit says.
According to internet intelligence firm Webz.io, BreachForums was the top hacker website in 2022, with 225,000 registered members and 740,000 posts. It was created three weeks after police infiltrated and seized RaidForums in April, 2022. Pompompurin had been very active on RaidForums and apparently decided to build a replacement. Within six months, BreachForums had become one of the most popular platforms for hacking discussions, including the trade of leaked data.
That alone might have been enough to put Pompompurin in the sights of the FBI. But the agency had a bigger incentive: In November, 2021, the fbi.gov domain name and internet address were hacked and used to send out thousands of fake emails about a cybercrime investigation. According to cybersecurity reporter Brian Krebs, the person behind that was Pompompurin.
Law enforcement may have been after BreachForums for some time. According to CyberNews, last November BreachForums’ domain was suspended, although the site continued to operate.
Krebs reports that after the arrest, BreachForums still continues to operate. However, there’s a good chance its database — and information about posters — is now in the hands of U.S. law enforcement.
According to Webz.io, participants didn’t have to create an account to gain access to the BreachForums. Instead, there were premium sections and posts where the content was restricted, and only available to registered users. Some of the content could only be accessed by paying users.
The platform issued credits to reward users for their contributions. Credits could also be purchased and then used to unlock hidden content such as leaked databases and compromised accounts.
Ilia Kolochenko, chief executive officer of ImmuniWeb, called the arrest “a remarkable success of the FBI and its partner agencies, sending an unequivocal message to cybercriminals that high-profile breaches of law enforcement agencies will not be tolerated. The impact of this arrest is particularly amplified by the fact that, after several successful joint raids of U.S. and European law enforcement agencies in 2022, most cybercrime groups and their leaders became paranoically prudent to avoid detection and arrest. Nonetheless, proving fault of Fitzpatrick beyond a reasonable doubt in court will be a challenging task for prosecution, which may rather consider a guilty plea.”
From a strategic viewpoint, he added, the arrest is unlikely make a tectonic shift in cybercrime. Once an underground forum disappears, its place is rapidly taken by another one, he noted — sometimes even by several successors at once. “The formidable hydra of modern cybercrime is continually growing, being backed by record profits from illicit gains that allow, among other things, hiring the best talents from the industry. Many groups of cyber mercenaries offer remunerations tenfold bigger than top cybersecurity vendors can afford paying, let alone success fees and bonuses.
“In the meanwhile, law enforcement agencies have been considerably underfunded and understaffed, being unable to cope with the mushrooming cyber fraud and crime. Worst, among the deteriorating climate of political and financial uncertainty, international collaboration – which is absolutely indispensable for efficient investigation and prosecution of cybercrime – is at unprecedentedly low levels. Without a globally coordinated effort to bridle cyber gangs, chaos and lawlessness will continue reigning in the digital realm.”
There are two types of investigation in the law enforcement and national security worlds, notes David Masson, director of enterprise security at Darktrace, but only one kind results in arrests; evidence-based investigations. The FBI will have probably known who “PomPom” was for some time, but knowing something is the case is not the same thing as being able to prove it in a court of law, he said. “Given Connor Brian Fitzpatrick has now been arrested, after years of alleged cyber damage done to, amongst others, the FBI itself, we may well wonder whether potential involvement in the recent DC Health Link hack was what gave the Bureau their chance. All will be revealed and proved, or not, in court, in due course.”