Shmuel GihonMar 20, 2023
Written by Shmuel Gihon, research team leader.
On March 15, the FBI arrested an individual suspected of being the notorious Pompompurin, the admin of one of the most popular cybercrime forums today – BreachForums.The individual is a 21-year-old, Conor Brian Fitzpatrick who federal agents claim admitted to being the famous Pompompurin. Pompompurin is a famous cybersecurity individual which whom anyone in the community is familiar.
The BreachForums is still up and running and is currently managed by another admin named Baphomet.The cyber security community already has mixed opinions about the reason for the arrest, the future of BreachForums, and how the freedom of Pompompurin depends on the people he is willing to take down with him.
As mentioned, Pompompurin has been one of the most popular and very active members of the cybercrime community in recent years.
He operated a Twitter account that has been active since 2007, but some speculations claim that he took over the profile or bought it several years after.
Pompompurin has an extended repertoire of data leakages, breaches, massive campaigns and was considered an authority in the cybercrime community regarding the authenticity of breaches and data leakages, especially when he founded the BreachForums marketplace.
Over the past years, Pompompurin had several incidents with the FBI, making him a high-profile criminal to catch. He was responsible for massive malspam campaigns abusing the FBI domain. In addition, he compromised the FBI’s InfraGard project and leaked its entire database.
In April 2022, the FBI took down the notorious RaidForums after being operated on for five years
As RaidForums was one of the leading forums for the cybercrime community, the question left unanswered for a short time was – who would fill the void RaidForums left behind.
As one of the most active users in RaidForums, Pompompurin took the initiative and founded the BreachForums which looks very similar to RaidForums and quickly became the successor of RaidForums.
The added value of BreachedForums was that Pompompurin emphasized the reliability of the content advertised in the underground forum. Pompompurin made a standard in which every scammer and any unreliable data and threat actors are blocked, leading BreachedForums to become the most reliable source of data leakage and marketplace for the cybercrime community.
Currently, it seems that another admin is managing the underground forum named Baphomet who announced that he thinks Pompompurin was really captured by the authorities.
In addition, Baphomet announced that Pompompurin’s access to any critical infrastructure of the forums had been revoked in case the FBI tried to shut the site down with his account and that nothing suspicious was noted yet. Also, it seems like Baphomet has an emergency plan created with Pompompurin in case something like this happens.
Currently, it seems like Baphomet will be the new admin and owner of BreachForums in the near future.
Finally, it appears that as part of the forum’s emergency plan, they blocked the option for new members to register to BreachForums.
Massive cyber security events such as RaidForums shutdown might have an effect for several years later. It is possible that during the shutting down and compromising of the RaidForums forum, the FBI and other law authorities might have obtained valuable information about Pompompurin that came in hand in the hunt against him.
Along with that, there is a possibility that this information also provided leads on other popular threat actors that we might see getting arrested in the near future.
On the other hand, Some members claim that Pompompurin will have some deal with the FBI and will become their informer in exchange for taking down a lot of the community members with questionable and malicious backgrounds, which raises many concerns.
Pompompurin’s arrest is more than welcome and seems to strike some fear in threat actors’ hearts. Given that he seemed untouchable for several years and founded his own leak forum, people saw him as someone who would never get caught, at least not in the near future.
As the FBI successfully arrested him, they sent a streaked message to all threat actors that their day would also come.
As of now, it doesn’t seem that another forum will take the place of BreachForums as the site is still up, but there is a great chance of threat actors migrating to other forums which they feel safer such as Russian Market, XSS, Cracked and more.