BreachForums founder detained

[Brother]

The creator and former head of the Breached platform, Conor Brian Fitzpatrick, also known as Pompompurin, violated the rules of bail. According to The Record, this was followed by a court order for his arrest.

Fitzpatrick was arrested Jan. 2 by the FBI after they told a judge that Pompompurin was using a computer without required monitoring software. This software not only monitors the actions of the accused on the Internet, but also blocks some individual sites. First of all, we are talking about sites that are in one way or another connected with stolen personal data or hacking. In addition, Fitzpatrick may not use VPN services, proxy servers or the Tor browser. One of these rules was also broken.

Now the founder of Breached will be behind bars awaiting sentencing. Initially, it was supposed to be announced on November 17, 2023, but then the date was moved to January 19, 2023. As journalists were able to find out, the postponement was requested by Fitzpatrick’s lawyers, who wanted experts to “evaluate various aspects of the mental health” of the defendant in light of his suicide attempt in April 2023.

Pompompurin's prospects in court are assessed as quite gloomy. The most problematic for him are not so much the charges related to cybercriminal activity, but those related to the possession of child pornography. During a search, 26 files of this genre were found on his devices, for which in the United States you can get up to 20 years in prison. It is known that at least several videos and photographs involve persons under the age of 14, which means that even if released, whenever that happens, he will be forced to register on the sex offenders register.

 

[Brother]

Former BreachForums administrator sentenced to 15 years in prison

A young man ruined his life by deciding to link it to cybercrime…

Conor Brian Fitzpatrick, a 21-year-old New York State resident known online as "Pompompurin" (Pompompurin), who previously ran the BreachForums forum, was sentenced to 15 years in prison.

Fitzpatrick was arrested by the FBI in March 2023 on charges of "conspiracy to sell unauthorized access devices." Last Tuesday, January 16, the court issued a verdict, finding Fitzpatrick guilty of conspiracy to defraud access devices, inducement to offer such devices, as well as possession of child pornography.

The prosecutor's office recommended that the court impose a 15-year prison term that is "sufficient but not excessive" to reflect the seriousness of Fitzpatrick's crimes, the damage he caused, the risk of recidivism, and deter similar cybercrimes in the future.

Earlier this month, Fitzpatrick, who was under house arrest, violated bail conditions by using a computer without court-ordered monitoring software, and on January 2, FBI agents re-detained Pompompurin, who had previously been released on $ 300,000 bail.

The now-defunct BreachForums was considered a revived version of another cybercrime forum, RaidForums, which was also seized by the FBI in August 2022. At BreachForums, cybercriminals exchanged data stolen from companies and other organizations.

For example, it was there that confidential information from the DC Health Link health insurance company was published, including personal data of members of the US House of Representatives and Senate.

During the existence of BreachForums, a lot of data leaks from various companies were posted there. According to the US Department of Justice, at the time of closing, more than 340 thousand active users were registered on BreachForums.

Now that Fitzpatrick has been given such a harsh sentence, the prospects for further functioning of resources like BreachForums look very vague. It is obvious that the US authorities are determined to stop cybercrime, regardless of the scale of the forums and the number of participants.

 

[Carding Forum]

BreachForums regulars are outraged: the full database of the hacker forum as of November 29, 2022 was published in Telegram on Tuesday evening.

Previously, it was only available on Have I Been Pwned.

Everything has been merged, including information about participants, their private correspondence, cryptocurrency addresses, and all forum posts.

Apparently, the leaked data was taken from a backup copy of the database, presumably sold to Pompompurin (aka Conor Fitzpatrick), who launched the site after the security forces seized its predecessor, RaidForums.

According to a widely circulated story, Fitzpatrick allegedly sold the database in July, when he was released on bail.

Since then, the data has been circulating among various attackers, one of whom tried to sell it for $ 150,000 at the end of the same month.

Since last weekend, BreachForums has started to smoothly merge into the network.

It all started with a certain Emo that dumped out a limited set of participants ' data, including names, email, and IP addresses.

Later, he leaked the entire database after the database sold out and the inevitability of its leak became obvious, revealing a huge amount of additional data with correspondence, payment logs, hashed passwords, IP address logs for each user, etc.

A public leak, according to the hacker, will allow participants to evaluate and eliminate holes in their OPSEC, and the infosec community will enrich its database for investigating and studying the profiles of threat actors.

In reality, this is more like the legalization of intelligence by the US intelligence agencies, which have had and still have different chronological versions of this database.

 

[chushpan]

Pompompurin's suspended sentence could be replaced with a real one.

Breach Forums founder Conor Fitzpatrick could go to prison. This outcome implies a decision by the Fourth U.S. Circuit Court of Appeals, which overturned part of his previous sentence, according to which he spent 17 days in prison, after which he was placed on supervised release for the next 20 years.

We are talking about the events preceding Pompompurin's conviction. As investigators established, in late 2023, after being released on bail, the Breached founder repeatedly violated the terms of his release. In particular, he bought a new iPhone, from which he used a VPN to log into various Discord chats.

“In his correspondence, Fitzpatrick claimed his innocence, indicating that his plea deal was complete nonsense and that he wanted to fight it. He also joked with his friends about selling data to foreign governments, urging one of the users to become an agent of China or Russia and sell state secrets,” the appeals court said.

As a result, Fitzpatrick was remanded in custody for 17 days just before his sentencing in January 2024. His final sentence was those 17 days, plus 20 years of supervised release. However, the judges now believe that Pompompurin’s time in captivity does not correspond to the severity of his crime, which cannot be overshadowed by Fitzpatrick’s young age or his autism spectrum disorder. He himself, according to the judges, deserves a more severe punishment and actual imprisonment.

The US government’s appeal filing states that the Breached founder deserves a prison term of 15 to 20 years. The retrial is scheduled for February.