BreachForums boss busted for bond blunders – including using a VPN – Source: go.theregister.com

The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.

Conor Brian Fitzpatrick, better known in the cybercrime underworld by his alias Pompompurin, was first arrested in March 2023 because of his believed connection to BreachForums and later pleaded guilty [PDF] to three charges in July:

• Conspiracy to commit access device fraud

• Access device fraud – unauthorized solicitation

• Possession of child sex abuse material

He was granted pretrial release on a $300,000 bond under a number of conditions, which included not using a computer without monitoring software controlled by the pretrial services office, and using a VPN, both of which he was arrested for violating.

The FBI arrested [PDF] Fitzpatrick on January 2. He will now be held in custody until he attends his separate court appearances, for breaching his pretrial agreement and his main sentencing hearing.

The other conditions of his pretrial release prevented him from any contact with minors other than his own sibling unless supervised by an adult familiar with his offense, visiting cybercrime-related websites, registering new domains or creating new websites, seeking employment, or enrolling in educational programs.

For each of his two access device fraud charges, Fitzpatrick faces a maximum prison sentence of 10 years, a fine of $250,000, full restitution for victims, and forfeiture of assets. The latter includes proceeds generated from his crimes amounting to at least $698,714, all cryptocurrencies, property, registered domains, electronic hardware, and any owned child sex abuse material or fraud-related assets.

The child sex abuse material charge attracts a maximum sentence of 20 years in prison and a further $250,000 fine, as well as the requirement to be added to the sex offenders register.

Fitzpatrick’s sentencing hearing was originally scheduled for November 17, 2023, but was pushed back at the request [PDF] of his legal representatives after a psycho-sexual expert said they were unable to complete their evaluation of Fitzpatrick in time for the hearing due to a large workload. It has now been moved to January 19 [PDF].

• Look out, Scattered Spider. FBI pumps ‘significant’ resources into snaring data-theft crew
• Strangely enough, no one wants to buy a ransomware group that has cops’ attention
• Get your very own ransomware empire on the cheap, while stocks last
• Cybercrim claims fresh 23andMe batch takes leaked records to 5 million

BreachForums was created by Fitzpatrick shortly after the fall of similar site RaidForums, which was taken down by law enforcement in 2022 after six years in operation. The criminal behind RaidForums, Diogo Santos Coelho aka “Omnipotent”, 23, is also waiting to find out if the UK will extradite him to face trial in the US following his January 2022 arrest.

According to Fitzpatrick’s plea deal [PDF], he controlled the BreachForums site for at least a year between March 2022 and 2023, along with other admins.

He agreed that he ran the site in a way that made it an “attractive marketplace for cybercriminals” to buy and sell stolen data for use in subsequent cybercrime.

It also hosted tutorials that educated users on how to execute other types of cybercrime, and Fitzpatrick himself was said to have acted as a trusted middleman offering an escrow service to forum users wishing to exchange information for money.

According to a forum post made by Fitzpatrick in 2022, picked up by prosecutors, he claimed to have handled more than $430,000 in such escrow activities.

Among the most notable leaks hosted on BreachForums were the personal information of 200 million Twitter users, the plea deal said without naming Twitter explicitly, and the details about members of the InfraGard critical infrastructure partnership between the FBI and private sector companies in 2022.

Today, BreachForums still exists under a new domain and is thought to be run by the criminal known as Baphomet, Fitzpatrick’s closest ally during the period in which he ran the forum.

Following the original takedown in 2023, a litany of copycat sites emerged attempting to piggyback off the popularity of the BreachForums brand, though many at the time were wary of them potentially being controlled by the FBI to catch additional criminals.

Authorities have been known to carry out these kinds of operations in the past, such as the case with the dark web market Hansa in 2017, which ultimately led to hundreds of arrests. ®