Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Security

Dark Web 'BreachForums' Operator Charged With Computer Crime (bloomberg.com) 16

An anonymous reader quotes a report from Bloomberg: Federal agents have arrested a Peekskill, New York, man they say ran the notorious dark web data-breach site "BreachForums" under the name "Pompompurin." Conor Brian Fitzpatrick was arrested by a team of investigators at his home around 4:30 p.m. Wednesday, an FBI agent said in a sworn statement filed in court the next day. Fitzpatrick is charged with a single count of conspiracy to commit access device fraud.

BreachForums hosted the stolen databases of almost 1,000 companies and websites. The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users of the site and can be used for fraud. Pompompurin's profile on BreachForums describes him as "Bossman" and pictures the Sanrio Co. cartoon dog whose name he used as an online alias. The profile shows Fitzpatrick's most recent visit to the site was Wednesday at 3:53 p.m., shortly before his arrest. The FBI agent, who led the other agents in the arrest, said Fitzpatrick admitted he had used the alias "Pompompurin" and was the owner and operator of BreachForums.

In November 2021, Pompompurin claimed responsibility for sending out fake emails that originated from an "fbi.gov" email address. Pompompurin claimed responsibility for the breach in an interview with Brian Krebs. Details of the charges, filed in federal court in Alexandria, Virginia, have not been made public. A spokeswoman for the US Attorney in Alexandria didn't return phone and email messages seeking comment. Fitzpatrick was presented in federal court in White Plains, New York, and released on a $300,000 unsecured bond, signed by his parents. Fitzpatrick is required to avoid any contact with co-defendant, co-conspirators and witnesses in the case. He's due to appear in court in Alexandria on March 24.

This discussion has been archived. No new comments can be posted.

Dark Web 'BreachForums' Operator Charged With Computer Crime

Comments Filter:
  • by iAmWaySmarterThanYou ( 10095012 ) on Saturday March 18, 2023 @08:45AM (#63380177)

    And a stupid one, too. He did an interview with a well known security white hat and admitted responsibility for a breach. And this was no kiddie bullshit. Stolen data was sold for money on his criminal hosting site.

    Deserves everything coming to him.

    • Re: (Score:1, Troll)

      by 0xG ( 712423 )

      Oh, Isee:

      The databases often includes personal information, such as names, emails and passwords. The information is offered for sale by users

      Only *corporations* can do that.

      • by Anonymous Coward

        He should've incorporated, then sold all that crap.

        And bought and sold it himself, not hosted a forum for other people to buy and sell. Now he's an accomplice and will be slapped with all the damages without seeing the profit.

        Get your profit from owning a corporation, people, regardless of whence that profit came. Corporate profit is where it's at. Don't be small fry.

  • Someone who runs "BreachForums" charged with computer crime?? What is this world coming to!!!
  • Pssst (Score:3, Insightful)

    by Ol Olsoc ( 1175323 ) on Saturday March 18, 2023 @08:54AM (#63380193)
    Please folks, don't think for a moment that this stolen stuff is just "names, emails and passwords".

    Companies have been essentially giving this stuff away to hackers for years now. It takes a strong suspension of disbelief to think that they don't have the real gold like CC numbers Social, and bank/checking accounts.

    If you haven't been the victim of fraud so far, it's just because your information hasn't been chosen yet. Kind of a weird implementation of security through obscurity. There is so much info out there, they pick victims at random now.

    But we're all led to believe that it's Grandma's computer with her weak password as being the real problem. While companies hand personal information out every day

    • I'm literally planning to change my name because of this shit. I know my social is already out there. I need to figure out where I've got my proof that someone else is using my social so I can get a new one of those, too.

      • I'm literally planning to change my name because of this shit. I know my social is already out there. I need to figure out where I've got my proof that someone else is using my social so I can get a new one of those, too.

        Yikes! Getting a new social has to be a nightmare.

    • Itâ(TM)s a failure on how things are handled in USA. If your social security number gets leaked itâ(TM)s no big deal in most countries, same with any national ID system.
      • Itâ(TM)s a failure on how things are handled in USA. If your social security number gets leaked itâ(TM)s no big deal in most countries, same with any national ID system.

        If anyone in the world believes that this is not a problem outside of the USA, they are grossly mistaken. If it can be programmed, it can be broken into - even then, unless all other nations never ever have an open server, a bad password, or a back door used for maintenance purposes, it's all out there.

        You are pwned somewhere unless you do not participate in modern society in any form.

        • A SSN should be an identifier, but NOT an authenticator. That fact that so many companies in the US treat it as both is the problem. Publish them all and that will stop.
          • A SSN should be an identifier, but NOT an authenticator. That fact that so many companies in the US treat it as both is the problem. Publish them all and that will stop.

            There is that. I guess I was thinking about more than just SSN. But exactly correct - my old tattered SSN card says no to be used as identification right on it.

    • Please folks, don't think for a moment that this stolen stuff is just "names, emails and passwords".
      Companies have been essentially giving this stuff away to hackers for years now. It takes a strong suspension of disbelief to think that they don't have the real gold like CC numbers Social, and bank/checking accounts.

      If you haven't been the victim of fraud so far, it's just because your information hasn't been chosen yet. Kind of a weird implementation of security through obscurity. There is so much info out

  • Seems to me that the 'dark web' isn't so dark. We keep hearing about people being arrested after security services of some country or other investigate something on the 'dark web'. If it was really so secure this wouldn't happen. I've no love for this guy and criminal organizations and am glad these guys get arrested. But the Tor network was supposed to be set up so that government organizations wouldn't be able to compromise it, so that people in repressed countries could use it to communicate. It sounds

    • I'm not sure they get caught because of some IP leak from tor. They usually put some personal information on these forums or trust other users which is probably needed at some point for any activity (legal or not). Misuse of the software probably does happen too.
  • And why didn't they hand him straight over to the state of New York? Are the feds hoping he runs, or did he spend two days talking so much that the Justice Department is feeling benevolent?

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...