Conor Brian Fitzpatrick, the 20-year-old founder and administrator of the now-defunct BreachForums, has been formally indicted in the United States for conspiracy to commit access device fraud.
Fitzpatrick, who was nicknamed “Pompompurin” online, faces up to five years in prison if proven guilty. He was arrested on March 15, 2023.
Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia, said: “This arrest sends a direct message to cybercriminals: Your exploitative and illegal activities will be discovered and you will be brought to justice.”
The development comes just days after Baphomet, the individual who assumed responsibility for BreachForums, shut down the website, citing concerns that law enforcement might have gained access to the backend. The Department of Justice (DoJ) has since confirmed that it carried out a disruptive operation that caused the illegal criminal platform to be taken offline.
According to Fitzpatrick, BreachForums was created in March 2022 to fill the void left by RaidForums.
It served as a marketplace for trading hacked or stolen data, including bank account information, social security numbers, hacking tools, and databases containing personally identifiable information (PII).
In new court documents released March 24, 2023, an undercover agent working for the U.S. Federal Bureau of Investigation (FBI) purchased five sets of data offered for sale, with Fitzpatrick acting as an intermediary. It was revealed that the transaction was completed as
Fitzpatrick’s link to pompompurin stems from nine IP addresses associated with service provider Verizon, which Pompompurin used to access RaidForums’ pompompurin account, and the defendant’s major OPSEC failure.
“The RaidForums record contains […] Communication between Pompompurin and the Almighty [the RaidForums administrator] On or about November 28, 2020, Pompompurin specifically informed the Almighty that it searched for the email address conorfitzpatrick02@gmail.com and the name “conorfitzpatrick” in its database of leaked data from “ai.type.” is referring to Affidavit.
It is worth noting that Android keyboard app Ai.type suffered a data breach in December 2017, accidentally exposing emails, phone numbers and locations associated with 31 million users.
According to further data obtained from Google, Fitzpatrick registered a new Google account with the email address conorfitzpatrick2002@gmail.com in May 2019, replacing conorfitzpatrick02@gmail.com, which closed around April 2020. rice field.
Additionally, the “old” conorfitzpatrick02@gmail.com email address exists on the legitimate data breach notification site Have I Been Pwned in the compromised Ai.type database.
“conorfitzpatrick2002@gmail.com’s recovery email address was funmc59tm@gmail.com,” the affidavit reads. “Subscriber records for this account reveal that the account was registered under the name ‘aa’ and was created around December 28, 2018 from her IP address 74.101.151.4. “
“Records received from Verizon reveal that IP address 74.101.151.4 was registered to a customer with the surname Fitzpatrick. [a residence located on Union Avenue in Peekskill, New York].”
The study found that Fitzpatrick logged into various virtual private network (VPN) providers between September 2021 and May 2022 to hide his real location and use a Google account linked to conorfitzpatrick2002@gmail.com. Evidence was also uncovered that they connected to various accounts, including
Discover the hidden dangers of third-party SaaS apps
Are you aware of the risks associated with third-party app access to your company’s SaaS apps? Join our webinar to learn about the types of permissions granted and how to minimize the risks.
reserve a seat
One of these masked IP addresses was further used to sign in to a Zoom account using the email address pompompurin@riseup.net under the name “pompompurin” and was recorded by the FBI as obtained from Zoom. became clear. Interestingly, Fitzpatrick is said to have registered on his RaidForums using his pompompurin@riseup.net email address.
Also discovered by the agency was a Purse.io cryptocurrency account registered with the email address conorfitzpatrick2002@gmail.com, “funded solely by the Bitcoin address Pompompurin discussed in a RaidForums post. According to Purse.io records, the account was used to purchase “several items” and have them shipped to his address in Peekskill.
In addition, the FBI obtained a warrant from Verizon to obtain his real-time cell phone GPS location, allowing him to log into BreachForums even though his cell phone’s physical location indicated he was at home. I made it possible for the authorities to determine that I did.
But that’s not all. In yet another of his OPSEC errors, Fitzpatrick said he made the mistake of logging into his BreachForums on June 27th, 2022 without using a VPN service or his TOR browser, using his real IP address. (69.115.201.194) has been published.
Based on data received from Apple, between May 19, 2022 and June 2, 2022, an iCloud account was accessed approximately 97 times using the same IP address.
“Fitzpatrick used the same VPN and IP address to log into his email account conorfitzpatrick2002@gmail.com, Conor Fitzpatrick Purse.io account, RaidForums Pompompurin account, BreachForums Pompompurin account, etc.,” the FBI said. said John Longmire of
After the release of the affidavit, Mr. Baphomet said, “I shouldn’t let anyone handle my OPSEC,” adding, “I have never made this assumption as an administrator, nor have anyone else. You shouldn’t do that,” he added.
