March 17, 2023

The U.S. Federal Bureau of Investigation (FBI) this week arrested a New York man on suspicion of running BreachForums, a popular English-language cybercrime forum where some of the world biggest hacked databases routinely show up for sale. The forum’s administrator “Pompompurin” has been a thorn in the side of the FBI for years, and BreachForums is widely considered a reincarnation of RaidForums, a remarkably similar crime forum that the FBI infiltrated and dismantled in 2022.

Federal agents carting items out of Fitzpatrick’s home on March 15. Image: News 12 Westchester.

In an affidavit filed with the District Court for the Southern District of New York, FBI Special Agent John Longmire said that at around 4:30 p.m. on March 15, 2023, he led a team of law enforcement agents that made a probable cause arrest of a Conor Brian Fitzpatrick in Peekskill, NY.

“When I arrested the defendant on March 15, 2023, he stated to me in substance and in part that: a) his name was Conor Brian Fitzpatrick; b) he used the alias ‘pompompurin/’ and c) he was the owner and administrator of ‘BreachForums’ the data breach website referenced in the Complaint,” Longmire wrote.

Pompompurin has been something of a nemesis to the FBI for several years. In November 2021, KrebsOnSecurity broke the news that thousands of fake emails about a cybercrime investigation were blasted out from the FBI’s email systems and Internet addresses.

Pompompurin took credit for that stunt, and said he was able to send the FBI email blast by exploiting a flaw in an FBI portal designed to share information with state and local law enforcement authorities. The FBI later acknowledged that a software misconfiguration allowed someone to send the fake emails.

In December, 2022, KrebsOnSecurity broke the news that hackers active on BreachForums had infiltrated the FBI’s InfraGard program, a vetted FBI program designed to build cyber and physical threat information sharing partnerships with experts in the private sector. The hackers impersonated the CEO of a major financial company, applied for InfraGard membership in the CEO’s name, and were granted admission to the community.

From there, the hackers plundered the InfraGard member database, and proceeded to sell contact information on more than 80,000 InfraGard members in an auction on BreachForums. The FBI responded by disabling the portal for some time, before ultimately forcing all InfraGard members to re-apply for membership.

More recently, BreachForums was the sales forum for data stolen from DC Health Link, a health insurance exchange based in Washington, D.C. that suffered a data breach this month. The sales thread initially said the data included the names, Social Security numbers, dates of birth, health plan and enrollee information and more on 170,000 individuals, although the official notice about the breach says 56,415 people were affected.

In April 2022, U.S. Justice Department seized the servers and domains for RaidForums, an extremely popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. As part of that operation, the feds also charged the alleged administrator, 21-year-old Diogo Santos Coelho of Portugal, with six criminal counts.

Coelho was arrested in the United Kingdom on Jan. 31, 2022. By that time, the new BreachForums had been live for just under a week, but with a familiar look.

BreachForums remains accessible online, and from reviewing the live chat stream on the site’s home page it appears the forum’s active users are only just becoming aware that their administrator — and the site’s database — is likely now in FBI hands:

Members of BreachForums discuss the arrest of the forum’s alleged owner.

“Wait if they arrested pom then doesn’t the FBI have all of our details we’ve registered with?” asked one worried BreachForums member.

“But we all have good VPNs I guess, right…right guys?” another denizen offered.

“Like pom would most likely do a plea bargain and cooperate with the feds as much as possible,” replied another.

Fitzpatrick could not be immediately reached for comment. The FBI declined to comment for this story.

There is only one page to the criminal complaint against Fitzpatrick (PDF), which charges him with one count of conspiracy to commit access device fraud. The affidavit on his arrest is available here (PDF).

Update: Corrected spelling of FBI agent’s last name.


65 thoughts on “Feds Charge NY Man as BreachForums Boss “Pompompurin”

  1. lachlan.shipley@education.nsw.gov.au

    Free vile free pom

  2. mealy

    50k wasn’t a lot to ask for, but I guess it’s how you ask? Otisville or bust.
    “Wait if they arrested pom then doesn’t the FBI have all of our details we’ve registered with?”
    +1 on reddit/criming

  3. Free My boy

    He didnt do nothing wrong! Let him at least eat some KFC!

  4. The Sunshine State

    Thanks for posting the article ! LOL

  5. Aaron Akhtar

    This wouldn’t have been possible without the help of the prolific cybercriminal known as “thekilob”. We can all thank him for leading federal agents to pompompurin’s arrest.
    We can all live with more peace of mind now, knowing the threat actor “pompompurin” won’t be an issue any longer. Thank you, “thekilob”.

    1. poland

      What do you mean? How did thekilob, a well known troll, lead to the arrest?

  6. Free pom

    He was framed by Vinny Troia free my homie up

  7. An actual normal person

    Don’t free pom. Lock him up for at least 20 years. Also, arrest all the cybercriminals showing their face in this comments section.

    1. Sheninja

      Uhhh, contrary to popular belief, not all of us are criminals. Some of us are doctorate holding academics, lawyers, and devilishly handsome motherfuckers.

  8. Vinny Troia

    Feds should give me some of that bail money since I helped catch him.

    1. NeightLyin

      That’s a rather rich take considering this development all but guarantees his implication in criminal negligence, defamation, and libel. Jackass.

  9. pompomisagoodboy

    Noooooo why did they take pompom (ಥ‸ಥ)
    But no matter what they do with him, he will forever be a legend for trolling Troia (and Kleissner and many others).

  10. BomBasticSideEye

    Lol always good to see script kiddies getting arrested. All he wanted was clout and to be called “hacker” by the media.

      1. Sdiporehta

        Noone needs your permission to post here lol. Stay mad for losing your card skimmers supplier lmao.

  11. Steven

    #KeepHimLockedUp
    #PressMoreCharges
    #HandsOffMyData

  12. anon

    I heard it was HollisticKiller who helped the Feds catch Pom…

  13. KFritz

    There’s no “continue reading” link at the bottom of the article. To access comments I had to click on the comments link or the title link at the top of the page

  14. Krian Brebs

    Give him the death penalty for cybercrime!

  15. NULL

    ROFL REKT
    Leaking random civilian PIs online for crime gangs to abuse is just not cool. Just don’t do it.

    1. Noctulian

      These are Anglosphere hackers, a community of people that always been characterized by it’s childlike behaviour and naïve curious nature. They mostly don’t even know what a civilians are or that the civilian internet is dual use military communications infrastructure.

  16. PEPE_REAL_LIFE

    this is no BOSS, just a sad bullied kid who looks like pepe the frog
    now in prison he will get even more bullied, kek bye

    “My only response to LE, or any media outlet is that I have no concerns for myself at the moment. OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat.”

    and the guy who thinks he has “strong opsec” – good luck on your next visit to an airport
    better never leave your beloved cyber crime harbor excuse of a country

Comments are closed.