Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Pompompurin. Show all posts

FBI Seized BreachForums Three Months After Administrator Arrest

 


It's been more than three months since the alleged administrator of the English-language cybercrime marketplace BreachForums was arrested in the United States for striking against the site's domain name. 

On March 20, the FBI arrested Conor Brian Fitzpatrick, 21, at his house in Peekskill, New York, for aggravated assault. As a result of the accusations against him, he has been charged with conspiracy to commit access device fraud while running BreachForums under the handle "pompompurin". 

The newly appointed administrator of the site promised not to restore the forum, which had been running for nearly a month. The forum was soon shut down by him after the newly appointed administrator promised not to restore it. 

A notice stating that the domain had been seized by the authorities was posted to the old website on Thursday. 

The notice includes 10 logos of different law enforcement agencies from around the world that appear on the notice. In addition to the BreachForums logo, it also displays an epic troll and the BreachForums website logo. 

It is estimated that BreachForums had over 340,000 members before closing down. During this time, cybercrime organizations acquired several hacking tools and stolen information which allowed them to trade information, especially financial information, with one another.

To prevent a further breach of privacy, the site is now hosted at Breached[.]vc, which displays a seizure banner that says the FBI, the Office of Inspector General, and the Department of Justice have unilaterally taken down the website. The warrant was issued by the U.S. Court of Appeals for the Eastern District of Virginia after the investigation had been completed. 

Additionally, this action was also accompanied by other law enforcement authorities throughout the world, including the U.S. Homeland Security Investigations, the U.S. Secret Service, the New York State Police Department, the United States, as well as the United States Postal Inspection Service, the Australian Federal Police, the Dutch National Police, the UK National Crime Agency, and Police Scotland. 

A trademark seizure message often contains law enforcement displays of the site logo, which is common in domain seizure messages. As an alternative, law enforcement took an unconventional approach to displaying the seizure banner. Pompompurin's avatar was also fitted with handcuffs, unconventionally. 

Although BreachForums' clear net domain has been seized, it appears its dark web counterpart has neither been seized nor displayed the seizure banner. Rather, it shows a "404 Not Found" Nginx error in place of the seizure banner. 

During the seizure of these domains, those domains' DNS servers have been changed from ns1.seizedservers.com to ns2.seizedservers.com, two of the name servers used by law enforcement when seizing domains. 

It is evident that Baphomet, who was the last remaining administrator of the original domains after Fitzpatrick was arrested, has taken steps to ensure their continued functionality. On March 20th, however, according to Baphomet, the site was shut down by the admin based on their belief that federal agents had gained access to the servers. 

After a short while, if you visited the domain, you would be presented with an error "502 - Bad Gateway" which indicated that the website had been temporarily suspended.

Several weeks ago, after rumors were circulating that Baphomet was partnering with Shiny Hunters, a threat actor notorious for the execution of numerous attacks against unsecured networks, that BreachForums was going to be relaunched on a new domain, the old Breached domain began displaying the default message, 'Welcome to NGINX! 

There was clear evidence that someone else had gained control over the domains and modified their configurations and content to gain control over them. Baphomet claims that these changes were made independently. 

The fact that messages began to appear on BreachedForums' old domains warning users that BreachedForums would not return is even stranger. It was also indicated that any forums that claim to be an updated version of BreachedForum should be approached with caution as there are reports of them.

"BreachedForums will never be resurrected against the evil forces behind it," reads an announcement posted on the Breached[.]vc website in response to a question posted on the forum. 

A later update to this alert was added with a cautionary message from Baphomet claiming to be a representative of the recently formed BreachForums, warning of the danger of forums claiming to be them. In response to the updates made to the old domains, Baphomet denied responsibility. 

The recently launched BreachForums hosted by Baphomet and Shiny Hunter had their data breached due to an escalating conflict between different hacking forums. There have been threats from threat actors who have released stolen data from the site. 

Later on, there was an update posted on the old Breached[.]VC domain warning that BreachForums had already been hacked by the BruteForums clone so we should not trust it. The message also contained a link to the SQL file for the updated BreachedForums site. This file leaked a stolen database from the previous site.

An Arrested Administrator Shut Down the Notorious Hacking Forum

 


An FBI officer has arrested a former administrator and owner of an infamous hacker forum that exposed data on companies such as HDB Financial Services, Rail Yatri, Acer, WhatsApp, Truecaller India, Hyundai India, Skoda India, etc. 

According to the FBI, a man was arrested last week who is suspected of being "Pumpompurin", the administrator of the infamous and popular BreachForums website. As soon as the cybercrime website's new administrator was informed of the arrest and the arrest of its administrators, he announced plans to close the forum down permanently. 

According to the FBI, a New York man has been arrested on suspicion of being Pompompurin, the owner of the BreachForums hacking forum. Documents filed in court indicate that he is charged with conspiracy to solicit an individual to sell an unauthorized access device. 

A defendant, Connor Brian Fitzpatrick, was allegedly arrested on the charge of fraud and admitted to being Connor Brian Fitzpatrick during his arrest. It was also revealed that the person who owned the Breach Forums cybercrime forum was Pompourin, who is the owner of the forum. 

The suspect, Conon Brian Fitzpatrick, who is known to the public as "Pompompurin" or "Pom" has earned a high-profile status online for several years now. He has been a target of authorities for quite some time. Fitzpatrick claimed responsibility for the November 2021 attack on an FBI server under the pseudonym Pompompurin, before the breachforums.com website was founded in 2022 by him. 

A million fake cybersecurity emails were sent from the FBI's eims@is.fbi.gov address at the time of Fitzpatrick's alleged exploit in 2021 based on the false information they were provided by Fitzpatrick. A series of emails, containing the subject lines “threat actor in systems” and describing the attack as “a sophisticated chain attack” on your virtualized clusters, were sent out claiming that their intelligence monitoring reported the exfiltration of several of your virtualized clusters. 

There was an operation by U.S. and European law enforcement agencies in April 2022 that led to the takedown of RaidForums, one of the most popular regular internet forums for hackers at the time. Having been a regular member of Raid Forums, Fitzpatrick is known to have become the most popular successor site to Raid Forums after it was demolished. 

There are countless hacking stories linked to BreachForums since its creation because it quickly developed into one of the most popular sites for selling stolen data, especially among independent hackers and other groups that are not associated with ransomware gangs or other ransomware threats. 

In the cybercriminal underground, Pompompurin has gained a reputation of a very well-known player involved in a wide range of activities including hacking companies, and selling or leaking stolen data through forums and social media networks. 

The Raid Forum's cybercrime forum was also a well-known forum where he was active. 

It was an initiative of Pompourin to fill the void left by RaidForums' seizure by the FBI in 2022 by founding an independent forum called 'BreachForums.' 

In recent years, it has been one of the largest forums of its kind, used by malicious users of ransomware and hackers to leak stolen information to the public. 

Earlier this week, a threat actor attempted to use BreachForums to sell the personally identifiable information of U.S. politicians that had been breached in a breach in Washington. 

The Washington Health Link is a healthcare provider for U.S. congressmen and women. Members of the House, their staff, and their families will be affected by the legislation. 

Pompompurin has also been involved in various high-profile breaches of high-profile companies over the years, as BreachForums has become a force in cybercrime. 

Several breaches have been reported, including sending bogus cyberattack emails through a vulnerability in the FBI's Law Enforcement Enterprise Portal (LEEP), stealing customer data from Robinhood, and allegedly confirming the email addresses of 5.4 million Twitter users using a bug.

250 Million Americans Sensitive Data Leaked Online by Pompompurin

 

As of 22nd April 2021, a Pompompurin named hacker group dropped a database of more than 250 (250,806,711) million American citizens and residents which included their personal and sensitive household information. 

The database that was published on a popular hacker forum, included 263 GB of documents, each with 200,000 CSV subfiles. Although the origin of the leak comes from open Apache SOLR on Amazon Web Server, it is not clear who obtained or managed the data. Besides, three separate IP addresses were made accessible for the data which is something the hacker obtained before its owner disabled or reassigned them. 

The stolen information is nothing short of a treasure trove for cybercriminals and state-supported hackers as it contained massive amounts of information such as full names, telephone numbers, mailing addresses, DOB, Status of marriage, home developed year, Zip code, gender, house rental, home address, credit capability, political participation, number of proprietary cars, details on wages and taxes, number of domestic animals, children's numbers in a home. However, the leak didn’t contain any passwords. 

After the database had been leaked online for a whole week, it was then exposed alongside Telegram chat groups on even several Russian-speaking hacker forums. 

The leaked documents are a treasure trove among malicious people looking for US civilians based on the ongoing diplomatic line-up between Russia and the United States over the SolarWinds hack. 

Moreover, this is not the first instance that US people and residents have been unveiled with a collection of confidential household data online. Data of 200 million people from the US was mistakenly disclosed by a marketing agency in June 2017. Further in December 2017, a data analytics company based in California revealed household data, in which 123 million Americans were compromised due to an AWS bucket that was not properly installed. 

The leaked documents now constitute a threat to the confidentiality and physical protection of victims online. Although some may use the data to find people, hackers and scammers may send phishing emails, SMS, and use the data to try SIM swapping or other identity frauds. However, if an unknown party sends users an email emphasizing clicking on a connection or logging in then they must not click on the links sent as Text messaging.