Recently, one of BreachForums administrators nicknamed PomPomPurin was arrested by the FBI. That event took place on March 17, 2023, and since then, another administrator of that forum assured that BreachForums activity will not be interrupted or influenced. However, since 19:00 GMT of March 19, the page is not available.
What is BreachForums and who is PomPomPurin?
BreachForums is one of the biggest online communities dedicated to hacking, data leaks, malware and so forth. It goes deeply beyond the boundaries of legitimacy and is considered one of the Darknet markets. It contains numerous offers of leaked data for sale – mainly from corporations and government organisations. BreachForums also was a place to post bids for access to corporate networks and databases with data of specific groups of people. Despite such illegal content, it was available from the surface Web, yet some sections were Darknet-only. The fact that the FBI is interested in stirring this snake ball is estimated.
On March 17, 2023, one of the administrators of BreachForums, PomPomPurin a.k.a Conor Brian Fitzpatrick was detained. The FBI arrested him in his house in Peekskill, NY. That fact was approved by another “chief” of the forum, nicknamed Baphomet. He noticed that Pom did not appear online for over a day without any warning. After that, he banned both the forum account and server infrastructure access of the detainee. Baphomet additionally pointed out that BreachForums’ work will not be interrupted, as he has enough access to maintain the servers. As it turned out, something went wrong.
BreachForums website is not available
On March 19, 2023, users noticed that BreachForums is not accessible. When trying to access the surface Web version, the server returns 502 error code. It also says “Looks like we have got an invalid response from the upstream server. That’s all we know”. The Darknet version shows an Onionsite Not Found error, which generally stands for the situation when servers that were holding the website are not operating. At a glance, it looks like the FBI proceeded from PomPomPurin detainment to seizing the servers.
Baphomet claimed that there is no danger of the FBI taking over the infrastructure, both physically and technically. Nonetheless, after the BreachForums shutdown, he reappeared with another message. It says that currently Baph does his best to migrate the servers and reconfigure everything as quickly as possible. He also tries to give no chance for law enforcement to reveal it.
That contrasts with his claims in the forum post, where he says about doing constant monitoring of logs to uncover anything that may be a sign of infrastructure compromise. If he suddenly decided to migrate the infrastructure – probably the FBI found a way to access it despite the blocks deployed by Baphomet. Another possible cause is that Pompompurin was pretty talkative, especially considering the possible softening of punishment for cooperation.
This or another way, BreachForums is likely entering troubled times. Even if the migration ends up successful, law enforcement may still be on the trail. Possibly, Baphomet is the next to face nice men in uniform – just because of his decision to take over the forum controls. Still, nothing points to the impossibility of the Breached Forums returning and running in a usual manner – as if nothing happened.
Update for 21.03.2023
A message in the BreachForums Telegram channel appeared, claiming that Breached Forums will not be continued. The channel that most likely belongs to the aforementioned Baphomet, posted the following message:
“I will be taking down the forum, as I believe we can assume that nothing is safe anymore”. That already says a lot regarding what happened to Breached Forums after the PomPompurin detainment. Though Baphomet still has a bit of hope, saying that he will establish another Telegram group, where he will notify about possible betterment.
Even more interesting details appear in the text file that Baph offers to download. It finally sheds light on the FBI’s part in this action. It says that Baph detected login activity on one of the non-essential servers on March 19, 2023 – two days after Pom’s arrest. Thus it is logical to assume that law enforcement succeeded at taking over PomPomPurin’s computer and accessing it. The server contained enough information to compromise source code, user information, configurations and other things.
It is not completely clear whether Baphomet will use assets from BreachForums or not. He states that a number of other hacker forums’ admins and representatives contacted him, offering certain deals. Baph promises “to build a new community that will have the best features of Breached”. Yet, by these words, the actor confirms that BreachForums are completely ceased, with no chance to return.
Breached Forums saw their major boost after the RaidForums shutdown back in April 2022. A huge community of hackers was seeking another place to communicate, and exchange experiences and stolen data. Pom’s brainchild was first on hand. Moreover, he was brave enough to post an offer to join his forum right under the FBI’s Twitter post regarding the RaidForums shutdown.
Will the hacker community suffer because of such a loss? Most probably, other hacker sites will witness a spike in activity – nature always abhors a vacuum. Another edge of the “problem” is a slowdown in hacker operations: there is no usual place to sell the stolen and buy the needed access or applications. Nonetheless, they will definitely adapt to the situation, and we will see the outcome in the near future.