Notorious dark web hacking forum BreachForums is reportedly shutting down following the arrest of one of its top administrators by the United States’ Federal Bureau of Information (FBI).
The administrator of the site, who went by ‘Pompompurin’ on the site and was named as Conor Brian Fitzpatrick by the FBI, was allegedly arrested by the Bureau on March 15 on suspicion of hosting and running the forum.
BreachForums was thought to be the reincarnation of RaidForums, a similar dark web site that was investigated and subsequently shut down by the FBI in April 2022.
It has been used by a number of hackers to break news of data breaches they have committed and as a marketplace for selling the data stolen in these breaches. Large databases of victims’ information have been posted to the site, including those involved in the Medibank data leak, which affected over 9.7 million people.
BreachForums officially closes
On March 21, a new admin for BreachForums, who uses the screen name ‘Baphomet’ made a post via the site’s official Telegram channel. Baphomet said it was the “final update for Breached” and that he would be “taking down the forum”.
“I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is,” he added.
The reference to “nothing [being] safe” is likely an allusion to the fact that the FBI has taken control of the forum. When the FBI shut down RaidForums in April 2022, the organization seized all its servers and domains, allowing them access to all posts before it was shut down.
Following his arrest, Fitzpatrick will appear before the federal court on March 24.
Pompompurin hacks into FBI network
Pompompurin has caused issues for the FBI in the past beyond his involvement with BreachForums. He was reportedly responsible for hacking into the FBI’s network in 2021 to send fake emails about a cybercrime investigation.
Fitzpatrick claimed he was able to send the emails across the FBI’s network by exploiting a vulnerability that was designed to help the FBI share information with law enforcement offices at both the state and local level.
The FBI later confirmed that a software misconfiguration had allowed an unauthorized party to send the fake emails.
Optus hacker posts apology on BreachForums
Australian telecommunication company Optus suffered a devastating data breach on September 22, 2022 that led to the details of 11 million customers being accessed.
A person claiming to be the hacker responsible for the data breach posted a small sample of the customer data stolen to BreachForums on September 23.
Using the alias optusdata, the hacker demanded that Optus pay them $1mn ransom, or they would leak the data of all 11 million customers affected by the breach. When Optus did not respond to the ransom demand, optusdata then posted a text file of 10,000 customer data records on September 26, allowing other malicious actors to use the data in their own phishing campaigns.
Victims of the breach reported on September 27 that they had been contacted with demands that they pay AU$2,000 (US$1,300) or their data would be sold to other hackers.
However, on the same day, the supposed hacker posted a new message on BreachForums, rescinding their demand and apologizing to Optus.
The hacker said there were “too many eyes” and would not be selling the data to anyone. They claimed they had deleted all the data from their personal drive, and had not made any copies. They also offered an apology to the 10,200 people who had their data exposed via their posts on BreachForums, and to Optus itself, saying “hope all goes well with this”.
They finished by saying they “would have reported [the] exploit if [Optus] had [a] method to contact” and that while the ransom was not paid, they “dont[sic] care anymore” as it was a “mistake to scrape [and] publish [the] data in the first place”.