A 20-year-old guy named Conor Brian Fitzpatrick, who founded and managed BreachForums (which is no longer active), has been accused of being part of a plan to commit access device fraud in the United States.
If he is found to be guilty, Fitzpatrick - who used the username "pompompurin" online - may be sentenced to as much as five years in jail. He was taken into custody on March 15th, 2023.
punished for victimizing and stealing financial and personal information from numerous individuals, as stated by Jessica D. Aber, the U.S. Attorney for the Eastern District of Virginia. The detainment of such criminals serves as a warning that their illicit and exploitative actions will be exposed, and they will face repercussions. To be held accountable for one's actions and face consequences through legal means.
Recently, Baphomet, who had taken control of BreachForums, shut down the site due to worries that law enforcement may have acquired access to its backend. A few days later, the Department of Justice acknowledged that they had caused a disturbance in the system. The operation resulted in the shutdown of the illegal criminal platform.
According to Fitzpatrick, the forum called BreachForums was established in March 2022 in response to the closure of RaidForums a month earlier due to an international law enforcement operation. The purpose of creating BreachForums was to fill the gap left by RaidForums.
The platform was used as a venue where hacked or stolen data, such as bank account details, Social Security numbers, hacking tools, and databases with PII, were traded.
Newly released court papers on March 24, 2023 have shown that the FBI had covert operatives who obtained five sets of data for sale. These purchases were facilitated by Fitzpatrick as a mediator to finalize the deals.
Fitzpatrick was found to have connections to pompompurin through nine different IP addresses linked to Verizon, which he used to access his account on RaidForums. This was a significant failure in his operational security.
The RaidForums data archive included [...] correspondence between two users, pompompurin and omnipotent [who appears to be the site's administrator], dated around November 28 2020. In this conversation, pompompurin specifically informed omnipotent that they had looked up the email address conorfitzpatrick02@gmail.com, as well as the associated name. According to the sworn statement, the name 'conorfitzpatrick' was found in a compromised dataset from 'Ai.type'.
It is important to mention that Ai.type, an Android keyboard application, experienced a security breach in December 2017 which resulted in the unintentional exposure of personal information such as email addresses, phone numbers, and locations for 31 million users.
Additional information gathered from Google revealed that Fitzpatrick created a fresh Google account in May 2019 using the email address conorfitzpatrick2002@gmail.com, as a replacement for his previous email account conorfitzpatrick02@gmail.com, which was terminated roughly in April 2020.
Furthermore, when searching for conorfitzpatrick02@gmail.com on the breach notification service Have I Been Pwned (HIBP), it confirms that the aforementioned email address was, in fact, compromised in the Ai.type breach.
According to the legal document, the email address linked for account recovery with conorfitzpatrick2002@gmail.com was funmc59tm@gmail.com. The registered name under this account was "a a" and it was created on approximately December 28, 2018 using the IP address 74.101.151.4, as shown in subscriber records.
Information obtained from Verizon indicated that an individual with the surname Fitzpatrick, residing at a dwelling situated on Union Avenue in Peekskill, New York, had registered the IP address 74.101.151.4.
During the investigation, it was discovered that Fitzpatrick had utilized several virtual private network (VPN) providers from September of 2021 until May of 2022 to conceal his actual whereabouts and gain access to various accounts, including the Google Account associated with conorfitzpatrick2002@gmail.com.
access a Zoom account, which was traced back to a masked IP address. The FBI obtained records from Zoom indicating that the account was registered under the nickname pompompurin and the email address pompompurin@riseup.net. It is worth noting that Fitzpatrick allegedly used this same email address to log in to the account. Create an account on RaidForums.
The agency discovered a Purse.io cryptocurrency account that was linked to the email address conorfitzpatrick2002@gmail.com and was only funded by a Bitcoin address previously mentioned by pompompurin on RaidForums. Purse.io records indicate that the account was utilized for transactions. He bought various things and had them delivered to his location in Peekskill.
Furthermore, the FBI obtained a legal order to obtain his cell phone's GPS location in real-time from Verizon. This enabled the law enforcement officials to verify that he was accessing BreachForums while being physically present at his residence as indicated by his phone's location.
However, it doesn't end there. Fitzpatrick also committed an OPSEC blunder by accessing BreachForums on June 27, 2022 without utilizing a VPN service or TOR browser, thus revealing the genuine IP address (69.115.201.194).
According to information provided by Apple, the iCloud account was accessed around 97 times between May 19th and June 2nd using the same IP address.
John Longmire of the FBI stated that Fitzpatrick has utilized identical VPNs and IP addresses to access multiple accounts, including conorfitzpatrick2002@gmail.com, the Conor Fitzpatrick Purse.io account, and the pompompurin accounts on RaidForums and BreachForums, among others.
Following the release of the affidavit, Baphomet expressed that relying on others to ensure your own operational security is unwise. As an administrator, Baphomet never made this assumption and believes that nobody else should have either.