U.S.
law
enforcement
authorities
have
arrested
a
New
York
man
in
connection
with
running
the
infamous
BreachForums
hacking
forum
under
the
online
alias
“Pompompurin.”
The
development,
first
reported
by
Bloomberg
Law,
comes
after
News
12
Westchester,
earlier
this
week,
said
that
federal
investigators
“spent
hours
inside
and
outside
of
a
home
in
Peekskill.”
“At
one
point,
investigators
were
seen
removing
several
bags
of
evidence
from
the
house,”
the
New
York-based
local
news
service
added.
According
to
an
affidavit
filed
by
the
Federal
Bureau
of
Investigation
(FBI),
the
suspect
identified
himself
as
Conor
Brian
Fitzpatrick
and
that
he
admitted
to
being
the
owner
of
the
BreachForums
website.
“When
I
arrested
the
defendant
on
March
15,
2023,
he
stated
to
me
in
substance
and
in
part
that:
a)
his
name
was
Conor
Brian
Fitzpatrick;
b)
he
used
the
alias
‘pompompurin,’
and
c)
he
was
the
owner
and
administrator
of
‘BreachForums,'”
FBI
Special
Agent,
John
Longmire,
said.
Fitzpatrick
has
been
charged
with
one
count
of
conspiracy
to
solicit
individuals
with
the
purpose
of
selling
unauthorized
access
devices.
The
defendant
was
released
a
day
later
on
a
$300,000
bond
signed
by
his
parents
and
is
scheduled
to
appear
before
the
District
Court
for
the
Eastern
District
of
Virginia
on
March
24,
2023.
Besides
being
barred
from
obtaining
a
passport
or
other
international
travel
document,
Fitzpatrick
has
been
restricted
from
contacting
his
co-conspirators
and
using
a
narcotic
drug
or
other
controlled
substances
unless
prescribed
by
a
licensed
medical
practitioner.
BreachForums
emerged
last
year
three
weeks
after
a
coordinated
law
enforcement
operation
seized
control
of
RaidForums
in
March
2022.
“In
the
threat
actor’s
welcoming
thread,
‘pompompurin’
stated
that
they
had
created
BreachForums
as
an
alternative
to
RaidForums
but
that
it
was
‘not
affiliated
with
RaidForums
in
any
capacity,'”
cybersecurity
firm
Flashpoint
said
at
the
time.
WEBINAR
Discover
the
Hidden
Dangers
of
Third-Party
SaaS
Apps
Are
you
aware
of
the
risks
associated
with
third-party
app
access
to
your
company’s
SaaS
apps?
Join
our
webinar
to
learn
about
the
types
of
permissions
being
granted
and
how
to
minimize
risk.
The
forum
has
since
attracted
notoriety
for
hosting
stolen
databases
belonging
to
several
companies,
often
including
sensitive
personal
information.
In
the
wake
of
Fitzpatrick’s
arrest,
another
forum
user
named
Baphomet
said
they
were
taking
ownership
of
the
website,
noting
that
there
is
no
evidence
of
“access
or
modifications
to
Breached
infra.”
“My
only
response
to
[law
enforcement],
or
any
media
outlet
is
that
I
have
no
concerns
for
myself
at
the
moment,”
Baphomet
said
in
the
announcement.
“OPSEC
has
been
my
focus
from
day
one,
and
thankfully
I
don’t
think
any
mountain
lions
will
be
attacking
me
in
my
little
fishing
boat.”
The
development
comes
as
the
Cyber
Police
of
Ukraine
announced
the
arrest
of
a
25-year-old
developer
who
created
a
remote
access
trojan
that
infected
over
10,000
computers
under
the
guise
of
gaming
apps.
About Author
