Justice Department Announces Arrest of “Pompompurin” and Disruption of BreachForum’s Operation

The full text of DOJ’s press release today follows. A few questions from me are included after the press release:

The founder of BreachForums made his initial appearance today in the Eastern District of Virginia on a criminal charge related to his alleged creation and administration of a major hacking forum and marketplace for cybercriminals that claimed to have more than 340,000 members as of last week. In parallel with his arrest on March 15, the FBI and Department of Health and Human Services Office of Inspector General (HHS-OIG) have conducted a disruption operation that caused BreachForums to go offline.

According to court documents unsealed today, Conor Brian Fitzpatrick, 20, of Peekskill, New York, allegedly operated BreachForums as a marketplace for cybercriminals to buy, sell, and trade hacked or stolen data and other contraband since March 2022. Among the stolen items commonly sold on the platform were bank account information, social security numbers, other personally identifying information (PII), means of identification, hacking tools, breached databases, services for gaining unauthorized access to victim systems, and account login information for compromised online accounts with service providers and merchants.

“Today, we continue our work to dismantle key players in the cybercrime ecosystem,” said Deputy Attorney General Lisa O. Monaco. “Like its predecessor RaidForums, which we took down almost a year ago, BreachForums bridged the gap between hackers hawking pilfered data and buys eager to exploit it. All those operating in dark net markets should take note: Working with our law enforcement partners, we will take down illicit forums and bring administrators to justice in U.S. courtrooms.”

“People expect that their online data will be protected, and the Department of Justice is committed to doing just that,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Criminal Division. “We must and will remain vigilant to the threat posed by those who attempt to undermine our digital security. We will continue to disrupt the forums that facilitate the theft and distribution of personal information and prosecute those responsible.”

Fitzpatrick’s alleged victims have included millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies. Some of the stolen datasets contained the sensitive information of customers at telecommunication, social media, investment, health care services, and internet service providers. For instance, on Jan. 4, a BreachForums user posted the names and contact information for approximately 200 million users of a major U.S.-based social networking site. Further, on Dec. 18, 2022, another BreachForums user posted details of approximately 87,760 members of InfraGard, a partnership between the FBI and private sector companies focused on the protection of critical infrastructure.

“Cybercrime victimizes and steals financial and personal information from millions of innocent people,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “This arrest sends a direct message to cybercriminals: your exploitative and illegal conduct will be discovered, and you will be brought to justice.”

“The FBI will continue to devote all available resources to deter, disrupt, and diminish criminal enterprise activity,” said FBI Deputy Director Paul Abbate. “We will work alongside our federal and international partners to impose costs on malicious cyber actors around the world and continue to bring justice to those who victimize the American public.”

“Following the seizure of RaidForums last year, cybercriminals turned to BreachForums to buy and sell stolen data, including breached databases, hacking tools, and the personal and financial information of millions of U.S. citizens and businesses,” said Assistant Director in Charge David Sundberg of the FBI Washington Field Office. “The FBI and our partners will not let cybercriminals and those who enable them profit from the theft of sensitive data while hiding behind keyboards. This arrest and disruption of yet another criminal marketplace demonstrates the potency of our joint work to dismantle the digital structures that facilitate cybercrime.”

As part of the scheme, Fitzpatrick allegedly supported the activities of cybercriminals by creating and operating a “Leaks Market” subsection that was dedicated to buying and selling hacked or stolen data, tools for committing cybercrime, and other illicit material. To facilitate transactions on the forum, Fitzpatrick allegedly offered to act as a trusted middleman, or escrow service, between individuals on the website who sought to conduct these types of illicit transactions. In addition, Fitzpatrick allegedly managed an “Official” databases section through which BreachForums directly sold access to verified hacked databases through a “credits” system administered by the platform. As of Jan. 11, the Official database section purported to contain 888 datasets, consisting of over 14 billion individual records. These databases belong to a wide variety of both U.S. and foreign companies, organizations, and government agencies. Fitzpatrick allegedly profited from the scheme by charging for forum credits and membership fees.

“This case sends a clear message that illicitly stealing, selling, and trading the personal information of innocent members of the public will not be tolerated, and that malicious cyber actors will be held accountable,” said Special Agent in Charge Stephen Niemczak of the HHS-OIG. “HHS-OIG and our law enforcement partners remain dedicated to protecting the American public and the integrity of government networks and data from these egregious cyberattacks.”

The BreachForums website has supported additional sections in which users discuss tools and techniques for hacking and exploiting hacked or stolen information, including in the “Cracking,” “Leaks,” and “Tutorials” sections. The BreachForums website also includes a “Staff” section that appears to be operated by the BreachForums administrators and moderators.

Fitzpatrick is charged with conspiracy to commit access device fraud. If convicted, he faces a maximum penalty of five years in prison.

Fitzpatrick’s arrest and the disruption of BreachForums comes nearly a year after the Department of Justice announced the seizure of a predecessor hacking marketplace, Raidforums, and unsealed criminal charges against RaidForums’ founder and chief administrator, who is the subject of extradition proceedings in the United Kingdom.

The law enforcement actions against Fitzpatrick and BreachForums are the result of an ongoing criminal investigation by the FBI Washington Field Office, FBI San Francisco Division, and HHS-OIG, with assistance provided by the U.S. Secret Service, Homeland Security Investigations New York Field Office, New York Police Department, U.S. Postal Inspection Service, and Peekskill Police Department. The U.S. Attorneys’ Office for the Northern District of California, the District of Maryland, and the Southern District of New York have also provided assistance in this matter.

The Justice Department’s Office of International Affairs is handling the extradition.

The Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Carina A. Cuellar for the Eastern District of Virginia are prosecuting the case.

A criminal complaint is merely an allegation. All defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Note 1: DataBreaches has sent an inquiry to DOJ asking why the reference to “the extradition.” What extradition? Fitzpatrick is an American citizen who was arrested in New York and is facing charges in Eastern District Virginia. Why would International Affairs be handling any extradition? DataBreaches will update when a reply is received. DataBreaches also has questions about whether the federal law applies to data that was leaked, not hacked. But more on that another time.

Update: No reply from DOJ was received. Maybe they meant that International Affairs was handling the extradition of Coelho, but that is a separate case.

About the author: Dissent

8 comments to “Justice Department Announces Arrest of “Pompompurin” and Disruption of BreachForum’s Operation”

You can leave a reply or Trackback this post.
  1. Adjhat - March 24, 2023

    Why is OIG involved?

    What is the purpose of the Office of the Inspector General of the HHS?
    Since its 1976 establishment, the Office of Inspector General (OIG) has been at the forefront of the Nation’s efforts to fight waste, fraud and abuse and to improving the efficiency of Medicare, Medicaid and more than 100 other Department of Health & Human Services (HHS) programs.

  2. Adjhat - March 24, 2023

    June 2016 rings a bell.

    • Dissent - March 24, 2023

      Why are you referring to that date?

      • Adjhat - March 24, 2023

        In a separate investigation, the FBI and USSS investigated administrators and users of a website named “RaidForums” for committing and aiding and abetting, inter alia, violations of 18 U.S.C. §§ 1028A and 1029 from at least as early as in or around June 2016.

        What did RaidForums do in June of 2016?

        • Dissent - March 24, 2023

          No idea. And it doesn’t say HHS-OIG was involved back then. I also went back and checked the press releases for the arrest of Coelho and seizure of RaidForums: neither says the HHS was involved in those. Maybe HHS first got really involved when BreachForums opened? I really don’t know.

  3. Dave - March 27, 2023

    You can be extradited from state to state in the US, as each state has its own judicial system

    • Dissent - March 27, 2023

      Thanks, but they specified International Affairs. I suspect they were referring to Coelho/Omni. They haven’t answered me.

Comments are closed.