BreachForums, one of, if not the biggest Darknet forum, is once again seized by law enforcement. On Wednesday afternoon, May 15, 2024 its main page shows the FBI banner that says about the forum taken over. There are also some details that may point at the detainment of its current administration.
BreachForums is Taken Down by the FBI, Again
On May 15, both the clear web mirror and the Darknet version of the BreachForums started to display the FBI banner. Neither FBI nor other law enforcement agencies mentioned on the banner published any details regarding the operation. The forum was changing its top-level domains lately, probably maneuvering from the takeovers of the server infrastructure. Was not really effective, by the looks of it.
BreachForums is a major Darknet forum that also serves as a marketplace for various illegal things. Malware, leaked data, hacker services and many other things are (or should I say “were”?) for sale here. It saw a major spike in popularity after law enforcement disrupted another underground forum – RaidForums.
That is not the first time the FBI disrupted BreachForums operations. Back in March 2023, they put the forum offline, but in a different manner – by detaining one of its admins, Pompompurin a.k.a Conor Brian Fitzpatrick. At the same time, feds took quite a lot of data from his computer, putting other admins at risk. This, in fact, was the primary reason for the forum to go offline at that time.
Three months after though it resurfaced, keeping the same format and some of the admins. Group of hackers known as ShinyHunters claimed to be leading the forum’s resurrection. After another month or two, the Darknet facility was running as nothing ever happened. Until this day, of course.
What happened to BreachForums?
I suppose that the FBI managed to seize their network infrastructure, same as they did to several threat actors throughout the last 8 months. The guess is backed by the fact that BreachForums recently went through several TLD changes: from the post-revival breachforums[.]is, that was holding for over half a year, to breachforums[.]cx, and shortly after – to breachforums[.]st. I can hardly imagine what this can be done for, if not for covering the tracks and/or escaping the chase.
But regardless of the way this was done, the result is rather striking. Aside from the forum itself, law enforcement agencies managed to take over the Telegram channel of the forum. As proof, they posted this pretty message from the account of Baphomet, the longtime BF administrator.
This action accompanies a few details from the banner they’ve posted on the Breach main page. Along with the BreachForums logo, they added profile pictures of two admins, Baphomet and The Jacuzzi, with jail bars put on top. That probably supposes the FBI now has access to all the data about the forum admins, or even probably detained them.
Since this all happened just hours ago, and there is no official information from the law enforcement agencies, more and more details will likely surface later on. I will update the post as they appear.