The FBI has seized the infamous BreachForums hacking discussion board used to leak and promote stolen company information to different cybercriminals.
The seizure occurred on Wednesday morning, quickly after the positioning was used final week to leak information stolen from a Europol regulation enforcement portal.
The web site is now displaying a message stating that the web site and its backend information at the moment are underneath the management of the FBI, indicating that each the positioning’s servers and domains have been seized within the regulation enforcement motion.
“This web site has been taken down by the FBI and DOJ with help from worldwide companions,” reads the seizure message.
“We’re reviewing this website’s backend information. When you’ve got data to report about cyber prison exercise on BreachForums, please contact us,” continues the seizure banner.
The seizure message additionally reveals the 2 avatars of the positioning’s directors, Baphomet and ShinyHunters, with the addition of jail bars.
If regulation enforcement has gained entry to the hacking discussion board’s backend information, as they declare, it might be used to help regulation enforcement investigations as e mail addresses, IP addresses, and personal messages between members might doubtlessly be uncovered.
The FBI has additionally seized the positioning’s Telegram channel, with regulation enforcement sending messages stating it’s underneath their management.
The FBI is requesting victims and people contact them with details about the hacking discussion board and its members to help of their investigation.
The seizure messages embrace methods to contact the FBI concerning the seizure, together with an e mail, a Telegram account, a TOX account, and a devoted web page hosted on the FBI’s Web Crime Grievance Heart (IC3).
“The Federal Bureau of Investigation (FBI) is investigating the prison hacking boards often called BreachForums and Raidforums,” reads a devoted subdomain on the FBI’s IC3 portal.
“From June 2023 till Might 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was working as a clear-net market for cybercriminals to purchase, promote, and commerce contraband, together with stolen entry units, technique of identification, hacking instruments, breached databases, and different unlawful providers.”
“Beforehand, a separate model of BreachForums (hosted at breached.vc/.to/.co and run by pompompurin) operated an identical hacking discussion board from March 2022 till March 2023. Raidforums (hosted at raidforums.com and run by All-powerful) was the predecessor hacking discussion board to each model of BreachForums and ran from early 2015 till February 2022.”
This IC3 subdomain hosts a kind that can be utilized by victims and people who want to share details about BreachForums and its members with regulation enforcement.
BleepingComputer contacted the FBI and Division of Justice with additional questions, however no response was instantly obtainable.
The infamous BreachForums
BreachForums was the successor of a string of hacking boards used to commerce, promote, and leak stolen information, in addition to promote entry to company networks and different unlawful cybercrime providers.
The primary of those websites was often called RaidForums, which initially launched in 2015 and have become the biggest website for distributing stolen information, and was generally utilized by ransomware and extortion teams.
The positioning was ultimately seized by regulation enforcement, with the police arresting the proprietor often called “All-powerful”.
Quickly after, considered one of its extra energetic members, Pompompurin, created a brand new discussion board referred to as ‘Breached’ to fill the void left behind by RaidForums.
The positioning rapidly grew in recognition and was utilized by hundreds of members to brag about their cybercrime actions and to leak and promote stolen information.
Nonetheless, the positioning quickly drew the ire of regulation enforcement after considered one of its members, IntelBroker, leaked the stolen information of D.C. Well being Hyperlink, a healthcare supplier for U.S. Home members, their workers, and their households.
Quickly after, Breached was seized by regulation enforcement, and its admin, Conor Fitzpatrick (aka Pompompurin), was arrested.
As soon as once more, these on this cybercrime neighborhood have been left and not using a house, so considered one of Breached’s earlier admins, often called Baphomet, teamed with ShinyHunters, a infamous stolen information vendor, to launch a brand new website named BreachForums.
Like the opposite websites, BreachForums rapidly turned widespread with stolen company information being leaked from new breaches, together with these on AT&T, 23andMe, Hewlett Packard Enterprise, Residence Depot, Dell, PandaBuy, and The Put up Millenial.
Right now’s seizure message signifies that regulation enforcement has had entry to the positioning’s servers, doubtlessly for a very long time, as they monitored menace actors’ actions.
Nonetheless, the breach that went too far might have been the current leak of knowledge stolen from Europol’s Platform for Consultants (EPE) portal by a menace actor often called IntelBroker, forcing regulation enforcement to take motion.