Conor Brian Fitzpatrick, the 20-year-old founder and the administrator of the now-defunct BreachForums has been formally charged within the U.S. with conspiracy to commit entry machine fraud.
If confirmed responsible, Fitzpatrick, who glided by the web moniker “pompompurin,” faces a most penalty of as much as 5 years in jail. He was arrested on March 15, 2023.
“Cybercrime victimizes and steals monetary and private data from tens of millions of harmless individuals,” mentioned U.S. Legal professional Jessica D. Aber for the Jap District of Virginia. “This arrest sends a direct message to cybercriminals: your exploitative and unlawful conduct might be found, and you can be delivered to justice.”
The event comes days after Baphomet, the person who had taken over the obligations of BreachForums, shut down the web site, citing considerations that regulation enforcement might have obtained entry to its backend. The Division of Justice (DoJ) has since confirmed that it performed a disruption operation that induced the illicit prison platform to go offline.
BreachForums, per Fitzpatrick, was created in March 2022 to fill the void left by RaidForums, which was taken down a month earlier than as a part of a global regulation enforcement operation.
It served as a market for buying and selling hacked or stolen knowledge, together with checking account data, Social Safety numbers, hacking instruments, and databases containing personally figuring out data (PII).
In new courtroom paperwork launched on March 24, 2023, it has come to mild that undercover brokers working for the U.S. Federal Bureau of Investigation (FBI) bought 5 units of information provided on the market, with Fitzpatrick appearing as a intermediary to finish the transactions.
Fitzpatrick’s hyperlinks to pompompurin got here from 9 IP addresses related to telecom service supplier Verizon that he used to entry the account on RaidForums and a serious OPSEC failure on the defendant’s half.
“The RaidForums information additionally contained […] communication between pompompurin and all-powerful [the RaidForums administrator] on or about November 28, 2020, by which pompompurin particularly mentions to all-powerful that he had looked for the e-mail handle conorfitzpatrick02@gmail.com and title ‘conorfitzpatrick’ inside a database of breached knowledge from ‘Ai.sort,'” in line with the affidavit.
It is value noting that the Android keyboard app Ai.sort suffered a data breach in December 2017, resulting in the unintended leak of emails, telephone numbers, and places pertaining to 31 million customers.
Additional knowledge obtained from Google confirmed that Fitzpatrick registered a brand new Google account with the e-mail handle conorfitzpatrick2002@gmail.com in Could 2019 to switch conorfitzpatrick02@gmail.com, which was closed round April 2020.
What’s extra, a seek for conorfitzpatrick02@gmail.com on the data breach notification service Have I Been Pwned (HIBP) corroborates the very fact the outdated e mail handle was certainly uncovered within the Ai.sort breach.
“The restoration e mail handle for conorfitzpatrick2002@gmail.com was funmc59tm@gmail.com,” the affidavit reads. “Subscriber information for this account reveal that the account was registered underneath the title ‘a a,’ and created on or about December 28, 2018 from the IP handle 74.101.151.4.”
“Information obtained from Verizon, in flip, revealed that IP handle 74.101.151.4 was registered to a buyer with the final title Fitzpatrick at [a residence located on Union Avenue in Peekskill, New York].”
The investigation additionally turned up proof of Fitzpatrick logging into varied digital non-public community (VPN) suppliers from September 2021 to Could 2022 to obscure his true location and connect with totally different accounts, together with the Google Account linked to conorfitzpatrick2002@gmail.com.
A kind of masked IP addresses was additional used to check in to a Zoom account underneath the title of “pompompurin” with an e-mail handle of pompompurin@riseup.web, information obtained by the FBI from Zoom reveal. Apparently, Fitzpatrick is alleged to have used the pompompurin@riseup.web e mail handle to register on RaidForums.
Additionally unearthed by the company is a Purse.io cryptocurrency account that was registered with the e-mail handle conorfitzpatrick2002@gmail.com and “was funded completely by a Bitcoin handle that pompompurin had mentioned in posts on RaidForums.” Information from Purse.io confirmed that the account was used to buy “a number of gadgets” and ship them to his handle in Peekskill.
On prime of that, the FBI secured a warrant to get his real-time mobile phone GPS location from Verizon, permitting the authorities to find out that he was logged in to BreachForums whereas his telephone’s bodily location confirmed he was at his house.
However that is not all. In yet one more OPSEC error, Fitzpatrick made the error of logging into BreachForums on June 27, 2022, with out utilizing a VPN service or the TOR browser, thereby exposing the true IP handle (69.115.201.194).
Based mostly on knowledge obtained from Apple, the identical IP handle was used to entry the iCloud account about 97 instances between Could 19, 2022, and June 2, 2022.
“Fitzpatrick has used the identical VPNs and IP addresses to log into the e-mail account conorfitzpatrick2002@gmail.com, the Conor Fitzpatrick Purse.io account, the pompompurin account on RaidForums, and the pompompurin account on BreachForums, amongst different accounts,” FBI’s John Longmire mentioned.
Within the aftermath of the discharge of the affidavit, Baphomet mentioned “you should not belief anybody to deal with your personal OPSEC,” including “I by no means made this assumption as an admin, and nobody else ought to have both.”
