Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
U.S. law enforcement authorities have arrested a New York man in connection with running the infamous BreachForums hacking forum under the online alias “Pompompurin.”
The development, first reported by Bloomberg Law, comes after News 12 Westchester, earlier this week, said that federal investigators “spent hours inside and outside of a home in Peekskill.”
“At one point, investigators were seen removing several bags of evidence from the house,” the New York-based local news service added.
According to an affidavit filed by the Federal Bureau of Investigation (FBI), the suspect identified himself as Conor Brian Fitzpatrick and that he admitted to being the owner of the BreachForums website.
“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias ‘pompompurin,’ and c) he was the owner and administrator of ‘BreachForums,’” FBI Special Agent, John Longmire, said.
Fitzpatrick has been charged with one count of conspiracy to solicit individuals with the purpose of selling unauthorized access devices.
The defendant was released a day later on a $300,000 bond signed by his parents and is scheduled to appear before the District Court for the Eastern District of Virginia on March 24, 2023.
Besides being barred from obtaining a passport or other international travel document, Fitzpatrick has been restricted from contacting his co-conspirators and using a narcotic drug or other controlled substances unless prescribed by a licensed medical practitioner.
BreachForums emerged last year three weeks after a coordinated law enforcement operation seized control of RaidForums in March 2022.
“In the threat actor’s welcoming thread, ‘pompompurin’ stated that they had created BreachForums as an alternative to RaidForums but that it was ‘not affiliated with RaidForums in any capacity,’” cybersecurity firm Flashpoint said at the time.
Discover the Hidden Dangers of Third-Party SaaS Apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions being granted and how to minimize risk.
The forum has since attracted notoriety for hosting stolen databases belonging to several companies, often including sensitive personal information.
In the wake of Fitzpatrick’s arrest, another forum user named Baphomet said they were taking ownership of the website, noting that there is no evidence of “access or modifications to Breached infra.”
“My only response to [law enforcement], or any media outlet is that I have no concerns for myself at the moment,” Baphomet said in the announcement. “OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat.”
The development comes as the Cyber Police of Ukraine announced the arrest of a 25-year-old developer who created a remote access trojan that infected over 10,000 computers under the guise of gaming apps.