US govt wants BreachForums admin sentenced to 15 years in prison – Source: www.bleepingcomputer.com

The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison.

BreachForums was a notorious cybercrime forum that gained prominence after the FBI seized RaidForums in 2022. Fitzpatrick created it under the alias “Pompompurin” to facilitate the trade and exchange of stolen data, including personal information, credit cards, account credentials, etc.

The platform offered humongous amounts of data to members, with the “official” databases section alone hosting 888 stolen databases and containing more than 14 billion unique records.

Fitzpatrick was arrested on March 15, 2023, in his home in New York and charged with one count of conspiracy to solicit individuals to sell unauthorized access devices.

The man immediately admitted his involvement and role in Breach and was released shortly after his arrest on a $300k bond until the court procedures could begin.

Earlier this month, Fitzpatrick was placed in custody again after he broke his release terms by using a virtual private network (VPN) tool to access the internet on an unmonitored computer.

The defendant’s final sentence is scheduled for Friday, January 19, 2024, and the U.S. government has already sent its proposal for the court’s consideration.

According to the released documents, first spotted by @vxunderground, the government recommends that Fitzpatrick receive a sentence of 188 months, approximately 15.7 years, based on the nature and impact of the defendant’s actions.

“The defendant’s administration of BreachForums played an instrumental role in bringing together more than 300,000 members to solicit, distribute, and access thousands of breached databases containing the stolen data of hundreds of companies, organizations, and governmental organizations of varying size and the PII of millions of U.S. persons,” reads the sentencing proposal.

“By creating a platform for hackers and fraudsters to connect and conduct business, the defendant made it possible for BreachForums members to commit exponentially more crimes and more sophisticated crimes than any could have done alone.”

In addition to being the admin of BreachForums, the U.S. government says Fitzpatrick acted as a middleman for the sale of stolen data between other users of the site, encouraging threat actors to leak samples of stolen data.

“The defendant’s middleman service substantially facilitated and encouraged the dissemination of hacked or stolen data through BreachForums because it enabled purchasers and sellers to verify the means of payment and contraband files being sold prior to executing the purchase and sale,” explains the sentencing proposal.

In addition to Fitzpatrick’s online cybercrime activities, the FBI found child pornography in 26 files on a seized SSD hard drive.

The U.S. government’s sentencing recommendation is at the lower end of the guidelines on the offense level and applicable sentences. This leniency might result from Fitzpatrick’s cooperation with the authorities, lack of violent crime record, an early plea deal, or other factors.

In addition to the imprisonment, the U.S. government also seeks a fine for his possession of child pornography, a substantial term of supervised release, restitution to victims, and forfeiture of certain assets.