BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022.[1] Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.

BreachForums
Type of site
Internet forum
Available inEnglish
Predecessor(s)RaidForums
Country of originUnited States
Founder(s)Conor Brian Fitzpatrick, also known by his screen name "pompompurin"
URL
  • breachforums.st (online)
  • breachforums.cx (defunct)
  • breached.vc (seizure banner)
  • breached.to (seizure banner)
  • breached​26tezcofqla4adzyn22notfqwcac7gpbrleg4usehljwkgqd.onion Tor network(Accessing link help) (online)
  • breached​u76kdyavc6szj6ppbplfqoz3pgrk3zw57my4vybgblpfeayd.onion Tor network(Accessing link help) (seizure banner)
  • breached​65xqh64s7xbkvqgg7bmj4nj7656hcb7x4g42x753r7zmejqd.onion Tor network(Accessing link help) (defunct)
AdvertisingYes
CommercialYes
Users336,800 at time of last shutdown[citation needed]
LaunchedMarch 4, 2022; 2 years ago (2022-03-04)
Current statusOnline

On March 21, 2023, BreachForums was shut down following the arrest of the forum's owner, Conor Brian Fitzpatrick.[2] The forum was later reopened under the ownership of the hacking group ShinyHunters and previous BreachForums administrator "Baphomet". Fitzpatrick was later sentenced to 20 years supervised release. The site was again shut down and the domain seized on May 15, 2024, though the domain was back under the owner's control just hours later.

BreachForums, along with other dark web forums, uses DDoS-Guard for its web hosting services.[3] DDoS Guard has been criticized for hosting sites associated with illicit activities, and for its lack of action with abuse reports.[4]

History

edit

The forum was owned by and founded in March 2022 by then-19-year-old Conor Brian Fitzpatrick, known on the forum under his screen name "pompompurin".[5] Fitzpatrick's identity had been based on the Japanese character by Sanrio of the same name. Fitzpatrick had, a year earlier, claimed responsibility for the 2021 FBI email hack.[6] In 2024, the hacker IntelBroker became the forum's owner.[7]

Controversy

edit

On December 10, 2022, a member of the forum identified by the screen name "USDoD" posted a thread offering the sale of a database containing the information of over 80,000 members of the FBI non-profit organization and information portal InfraGard. The individual claimed to have obtained access to the portal through a social engineering attack in which they pretended to be the CEO of an unknown U.S. financial corporation.[8]

On March 6, 2024, a user known as IntelBroker posted that he was selling data originating from the breach of DC Health Link, a Washington D.C. health insurance marketplace. Soon after on March 9, 2023, another member identifying under the screen name "Denfur" posted a thread containing 200 entries, claiming that more information was to come. The D.C. Health Benefit Exchange Authority later stated that more than 56,000 customers had been impacted by the breach, but original posts relating to the data claim to have the information of over 170,000 customers.[9][10]

On July 23, 2024, the entire database of the original BreachForums was leaked online by a threat actor. The site's founder, Fitzpatrick, allegedly attempted to sell the data after being indicted and while released on bail.[11]

Arrest and shutdowns

edit

On March 15, 2023, in Peekskill, New York,[12] Fitzpatrick was arrested by law enforcement and charged with conspiracy to commit access device fraud in federal court.[5][13] Following Fitzpatrick's arrest, another forum administrator under the screen name "Baphomet" took ownership of the website and its infrastructure. However, following Baphomet's suspicion of the forum being compromised, on March 21, 2023, it was shut down.[14] Baphomet later reopened the forum with black-hat hacking group ShinyHunters. [citation needed]

Approximately a month after his arrest, Fitzpatrick attempted to commit suicide in his home while released on bail.[15] He later pleaded guilty to conspiracy to commit access device fraud, access device fraud, and possession of child pornography.[16][17] In January 2024, Fitzpatrick was detained after violating his bail conditions which forbade the use of a VPN.[18] Despite federal prosecutors requesting that Fitzpatrick serve over 15 years in prison, he was sentenced to time-served followed by 20 years of supervised release.[19] The United States has since filed an appeal of his sentence.[citation needed]

First domain seizure

edit
 
FBI seizure banner on June 23, 2023

On June 23, 2023, three months after shutting down, the clearnet domains for BreachForums were seized by the Federal Bureau of Investigation, U.S. Department of Health and Human Services, Office of Inspector General, and the Department of Justice in accordance with a seizure warrant issued by the U.S. District Court for Eastern Virginia.

Second domain seizure

edit
 
FBI seizure banner on May 15, 2024

On May 15, 2024, the FBI seized the most recent BreachForums clearnet site along with its onion site and the associated telegram. The seizure followed a significant data leak involving Europol's portal. The forum briefly displayed an FBI seizure notice, highlighting cooperation with international partners. The FBI is examining the forum's backend data, which may lead to identifying members and advancing investigations. The forum administrator, Baphomet, was arrested according to ShinyHunters.[20] The site came back online on May 29, 2024.[21]

See also

edit

References

edit
  1. ^ "Justice Department Announces Arrest of the Founder of One of the World's Largest Hacker Forums and Disruption of Forum's Operation". United States Department of Justice. Archived from the original on March 28, 2023. Retrieved March 28, 2023.
  2. ^ "BreachForums down, and will not be back". DataBreaches.net. June 14, 2023 [March 21, 2023]. Archived from the original on June 18, 2023. Retrieved June 18, 2023.
  3. ^ "Developing: BreachForums down, ShinyHunters' and forum Telegram channels deleted? – DataBreaches.Net". June 10, 2024. Retrieved September 18, 2024.
  4. ^ Kolomychenko, Maria (January 29, 2021). Igumenov, Valery (ed.). "'Remove this infection from your network': The small Russian company that 'saved' Parler has other, far more odious clients". Meduza. Translated by Kevin Rothrock. Retrieved February 9, 2021.
  5. ^ a b Lakshmanan, Ravie. "20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison". The Hacker News. Archived from the original on April 2, 2023. Retrieved April 2, 2023.
  6. ^ Podkul, Cezary (January 25, 2022). "Despite Decades of Hacking Attacks, Companies Leave Vast Amounts of Sensitive Data Unprotected". ProPublica. Archived from the original on June 1, 2023. Retrieved April 2, 2023.
  7. ^ Melillo, Pietro (August 22, 2024). "IntelBroker Takes Control of BreachForums: A New Chapter in Cybercrime Management". RedHotCyber. Retrieved August 29, 2024.
  8. ^ Krebs, Brian. "FBI's Vetted Info Sharing Network 'InfraGard' Hacked". KrebsOnSecurity. KrebsOnSecurity. Archived from the original on April 2, 2023. Retrieved April 2, 2023.
  9. ^ Vicens, AJ. "Hacker tied to D.C. Health Link breach says attack 'born out of Russian patriotism'". CyberScoop. Archived from the original on May 8, 2023. Retrieved April 2, 2023.
  10. ^ Bajak, Frank. "Congress members warned of significant health data breach". AP News. Associated Press. Archived from the original on April 7, 2023. Retrieved April 2, 2023.
  11. ^ "BreachForums v1 hacking forum data leak exposes members' info". BleepingComputer. Retrieved July 25, 2024.
  12. ^ "FBI arrests alleged cybercriminal in Peekskill". March 19, 2023.
  13. ^ "United States v. Fitzpatrick" (PDF). Courtlistener. United States District Court for the Eastern District of Virginia. p. 29. Archived (PDF) from the original on April 12, 2023. Retrieved April 2, 2023.
  14. ^ Arntz, Pieter. "BreachForums to be shut down after all for fear of law enforcement infiltration". Malwarebytes. Archived from the original on May 13, 2023. Retrieved April 2, 2023.
  15. ^ Clarkin, Regina (April 28, 2023). "Accused Peekskill Cybercriminal Hospitalized Wednesday". Peekskill Herald. Archived from the original on March 18, 2024. Retrieved October 28, 2023.
  16. ^ "Owner of BreachForums pleads guilty in federal court to three counts, including one involving child pornography". July 14, 2023. Archived from the original on January 20, 2024. Retrieved October 28, 2023.
  17. ^ "Founder of One of the World's Largest Hacker Foums Arrested in Peekskill: 20 Year Old Admits to Cyber Crimes and Possessing Child Porn, Faces 40 Years". August 21, 2023.
  18. ^ Jones, Connor. "BreachForums admin jailed for flouting pretrial rules". The Register. Archived from the original on March 7, 2024. Retrieved February 16, 2024.
  19. ^ "BreachForums hacking forum admin sentenced to 20 years supervised release". BleepingComputer. Archived from the original on March 17, 2024. Retrieved February 16, 2024.
  20. ^ "FBI seize BreachForums hacking forum used to leak stolen data". bleepingcomputer.com. Archived from the original on May 15, 2024. Retrieved May 15, 2024.
  21. ^ "Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown". www.darkreading.com. Retrieved June 25, 2024.