Cybercrime , Fraud Management & Cybercrime
BreachForums Closes Amid Worries Over Law Enforcement AccessNew Admin Shuts It Down After Spotting a Suspicious Server Logon Sunday
Days after federal agents arrested the alleged administrator of criminal underground forum BreachForums, the new admin who took over announced that he is shutting down the site.
See Also: Healthcare Sector Threat Brief
FBI agents on Wednesday arrested Conor Brian Fitzpatrick, 20,* a resident of Peekskill, New York, and told a federal judge that he had confessed to being site administrator and owner "Pompompurin" (see: FBI Says It Arrested BreachForums Mastermind 'Pompompurin').
A user named "Baphomet" announced that he had taken control and vowed that the police would not be able to identify him.
That changed Tuesday morning when Baphomet said he's shutting down the English-speaking forum after spotting a suspicious server logon early Sunday afternoon. "This likely leads to the conclusion that someone has access to Poms machine," he wrote. "Nothing can be assumed safe, whether its our configs, source code, or information about our users."
Baphomet said he's investigating reconstituting the user base of BreachForums on a new website. "I'm going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I'm hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed."
A federal judge released Fitzpatrick on a $300,000 bond signed by his parents.
BreachForums is a spinoff of RaidForums, where Pompompurin was an active member and facilitated the sale of stolen data. Federal authorities shuttered RaidForums in February 2022.*
Cybersecurity experts at Cyble say that the fallout from Fitzpatrick's arrest could be law enforcement gaining access to information on illicit dealings on the forum. BreachForums hosted 336,800 members and was a popular forum during a time when many notable leaks and data breaches occurred.
One breach involved a data set stolen from the online health insurance marketplace used by members of Congress and residents of Washington, D.C. The hacking incident affected the data of 56,415 customers, including at least 17 current or former members of Congress, who had their personal data exposed. The number of affected customers is expected to rise, a Democratic lawmaker told CBS.
A BreachForums user also apparently used a fake email address to pose as a chief executive of an American financial institution to gain access to FBI public-private cybersecurity forum InfraGard and was selling details on BreachForums of its more than 80,000 members (see: Hacker Reportedly Breaches US FBI Cybersecurity Forum).
*Correction March 24, 2023 19:41 UTC: Corrects age of Conor Fitzpatrick, who is 20 years old, not 21. Also, law enforcement shuttered RaidForums in February 2022, not April 2022. We regret the errors.