U.S. law enforcement has arrested a man who allegedly owns the notorious dark web data-breach site "BreachForums," and who claimed to be responsible for hacking the Federal Bureau of Investigation in 2021.
Conor Brian Fitzpatrick, also known as "Pompompurin" within the online hacking community, was arrested at his New York home around 4:30 p.m. last Wednesday and charged with one count of conspiracy to commit access device fraud, an FBI agent said in a sworn statement filed in Southern District of New York court last week.
Pompompurin created BreachForums in 2022, right after the FBI took down RaidForums, a prominent cybercrime forum where he had been an active member. BreachForums has since become one of the largest and most active data leak forums that sell sensitive organizational and personal information to hackers and ransomware gangs.
Last week, BreachForums was used by a threat actor to sell government officials' personal and health information in the D.C. Health Link breach.
The FBI agent said Fitzpatrick admitted during the arrest that he used the alias "pompompurin" and is the owner and administrator of "BreachForums."
Besides owning BreachForums, Fitzpatrick is also an active player in other high-profile breaches, including several incidents targeting the FBI. In 2021, he took credit for hacking into the FBI's email system and sending hundreds of fake cybersecurity warnings. He is also linked to the 2022 breach of the FBI InfraGard network, an incident that caused more than 80,000 members' contact information to go on sale.
The Southern District of New York court told SC Media on Monday that the case is now under seal. According to Bloomberg, Fitzpatrick was released on a $300,000 bail and will appear in a Virginia court on March 24th.
A recent post on BreachForums indicates that the site is still up and running under the new ownership of a user named Baphomet, according to Engadget. "I think it's safe to assume [Pompompurin] won't be coming back, so I'll be taking ownership of the forum…I have most, if not all the access necessary to protect B.F. infrastructure and users," Baphomet wrote.
The arrest of Fitzpatrick comes as the Biden administration released one of the most aggressive national cybersecurity strategies to date and urged private and public sectors to take proactive steps to defend against cybercriminals.
Austin Berglas, a former FBI agent and a founding member at BlueVoyant, told SC Media that arrests and criminal prosecutions can send a strong message to hackers and effectively deter future criminal activities.
While acknowledging that identifying the actual hackers can be difficult, as many of them operate across borders which requires complicated legal and diplomatic maneuvering, Berglas said information sharing from the private sector can help the government better disrupt criminal operations like BreachForums.
"Sharing indicators of compromise and tactics, techniques, and procedures will provide government agencies with the most up-to-date, actionable intelligence needed to identify groups, individuals, and infrastructure," said Berglas.
Bryan Cunningham, a former White House lawyer and an advisor for Theon Technology, said he expects to see government agencies more aggressively pursue threat actors across the globe this year and believes in the country's national intelligence capabilities to do this.
"I don't think any past administrations prioritized dismantling ransomware gangs and hackers as a proper use of our national intelligence capabilities, but I do think that is changing now," Cunningham told SC Media in an interview.