The administrator of one of the biggest hacker forums on the Internet, BreachForums, nicknamed PomPomPurin, was detained by police. This happened in the afternoon of Friday, March 17. This, however, does not mean any trouble for the hacker’s site.
What is BreachForums?
BreachForums is the name of one of the most crowded online spaces dedicated to hackery in any of its aspects, including illegal ones. Although the forum is available from the regular browser, there are a couple of sections unavailable on the surface Web. Opening them requires using at least Onion-routing web browser plugins, or the exact Tor browser. Still, that is not the most dubious stuff about that website.
Most interesting things pop out when you try to browse across even the regularly-accessible topics. Forum is flooded with offers of leaked databases, stealer malware logs, and other definitely illegal things for sale. A normal bill there is around $10,000, but it may sometimes climb over $100,000. Buyers, obviously, are not lagging behind, offering hefty sums for getting access to certain companies’ infrastructure, purchasing botnets and so forth. It is not a big surprise that the FBI and other authorities were interested in capturing the actors who stand behind all this mess.
Pompompurin Detained After a Long Investigation
All the information mentioned above may have created an impression that BreachForums is led by serious cybercriminals who follow the harshest rules of OpSec. And that is the truth – but not when it comes to one of the site’s admins, nicknamed PomPomPurin. The actual operation that led to the suspect’s detainment obviously lasted for some time. But the most interesting element of this action as usual touches the place where the crook exposed himself.
Threat actor "pompompurin" thought it is funny to brag today that he registered an account. So we immediately forwarded all his details to the @FBI. 🚔
Most of his VPN IPs are from the US, so they are actionable. He still uses the emails pom@pompur.in and pompompurin@riseup.net. pic.twitter.com/RFnmg7VwOX
— Intelligence X (@_IntelligenceX) January 3, 2023
The way he was uncovered is strikingly childish. He used his home Wi-Fi network, without any VPN, proxy or other protection, to log into Intelligence X. The latter is an online service with search engine capabilities and the ability to see previous iterations of the web resource. Its administration, however, is not a great fan of serving cybercriminals. Most probably, they were tracking this account for some time before, after getting a request from the FBI. As soon as PomPomPurin stumbled, his detailed information was given to the authority – and the action was not long in coming. Conor Brian Fitzpatrick was detained in the town of Peekskill, NY.
Will BreachForums Survive?Most probably — they will, as another administrator of the resource, nicknamed Baphomet, assures that he has all the access needed to provide full functionality of the forum. He already banned the account of a captured actor, and closed all access to the forum’s backend infrastructure. Still, there’s one thing that is unlikely to be blocked: the tongue.
A number of earlier cases of cybercriminals’ detainment ended up with leaking a lot of information about the partners of the captured person. Fortunately or not, they are getting pretty talkative seeing nice men in uniform. However, seeing Baphomet’s comments make an impression that even in the worst-case scenario things will be under control. The worst case here is accessing the infrastructure and forum using Pompompurin’s accounts. Such occasions may give the FBI enough clues to find other administrators. It is even more important that Pom was under investigation not only for administering the BreachForums but also for hacking activity. Moreover, it seems that most of the infrastructure related to BF was not physically located around the detainee. For that reason, it is obvious that the forum is not likely to be shut down.