The US Federal Bureau of Investigation (FBI) this week arrested a man in New York on suspicion of being on the run BreachForums, a popular English-language cybercrime forum where some of the world’s largest hacked databases regularly appear for sale. The forum administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForumsa remarkably similar crime forum entered and dismantled by the FBI in 2022.
In an affidavit filed in the District Court for the Southern District of New York, FBI Special Agent John Langmire said that around 4:30 pm on March 15, 2023, he led a team of law enforcement agents to make a probable cause arrest of a Conor Brian Fitzpatrick in Peekskill, NY.
“When I arrested the defendant on March 15, 2023, he told me in whole and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias ‘pompompurin/’ and c) he is the owner and administrator of ‘BreachForums the data breach website referred to in the Complaint,’ Langmire wrote.
Pompompurin has been something of an enemy to the FBI for several years. In November 2021, KrebsOnSecurity announced the news that thousands of fake emails about a cybercrime investigation were leaked from FBI email systems and Internet addresses.
Pompompurin took credit for that stunt, saying he sent the FBI email blast by exploiting a flaw in an FBI portal designed to share information with state and local law enforcement authorities. The FBI later acknowledged that a software misconfiguration allowed someone to send fake emails.
In December, 2022, KrebsOnSecurity announced the news that Hackers active on BreachForums infiltrated the FBI’s InfraGard program, a vetted FBI program designed to build cyber and physical threat information sharing partnerships with private sector experts. The hackers posed as the CEO of a large financial company, applied for InfraGard membership in the CEO’s name, and were granted admission to the community.
From there, the hackers looted InfraGard’s member database, and proceeded to sell the contact information of more than 80,000 InfraGard members in an auction on BreachForums. The FBI responded by disabling the portal for a period of time, before eventually forcing all InfraGard members to reapply for membership.
Recently, BreachForums was the sales forum for data is stolen from DC Health Link, a Washington, DC-based health insurance exchange that suffered a data breach this month. The sales thread initially said the data included the names, Social Security numbers, dates of birth, health plan and enrollee information of more than 170,000 individuals, although the official notice of the breach says 56,415 people were affected .
In April 2022, US Justice Department took over the servers and domain for RaidForumsa very popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. As part of that operation, the feds also charged the alleged administrator , 21-year-old Diogo Santos Coelho of Portugal, with six criminal counts.
Coelho was arrested in the United Kingdom on Jan. 31, 2022. At the time, the new BreachForums had been live for less than a week, but had a familiar look.
BreachForums remains accessible online, and from reviewing the live chat stream on the site’s home page, it appears that active users of the forum are only aware that their administrator — and the site’s database — are likely in the hands of the FBI:
“Wait if they arrested pom, wouldn’t the FBI have all our details where we registered?” asked a concerned BreachForums member.
“But we all have good VPNs I guess, right … right guys?” offered another denizen.
“Like pom will probably make a plea bargain and cooperate with the feds as much as possible,” replied another.
Fitzpatrick could not immediately be reached for comment. The FBI declined to comment for this story.
There is only one page on criminal complaint against Fitzpatrick (PDF), charging him with one count of conspiracy to commit access device fraud. His arrest affidavit is available here (PDF).