Pompompurin, the infamous hacker and owner of breachforums was recently arrested ! | breaking news

Pompompurin, the infamous hacker and owner of breachforums was recently arrested, and the FBI has just revealed exactly how they tracked him down 

 But, before we get to that  

how did this guy, who brands himself using a hellokitty character rise to become one of the most famous personalities in the cyber criminal underworld? Well - owning breachforums certainly played a part, it’s become one of the largest English speaking blackhat forums on the internet the most famous section being the leaks market which has facilitated the sale of  countless data breaches I’d say maybe even most of the leaks we’ve looked at on this channel over the past year, came from breachforums. Aside from being a cyber criminal King Pin,  

Pompompurin also gained notoriety and became a bit of a celebrity for his rivalries with security researchers, the most notable being his frequent and very public clashes with the owner of NightLion security, Vinny Troia, which stems from Vinny’s unsuccessful attempts to unmask  Purin’s real identity. Purin wasn’t too happy with these attempts and responded by unleashing  a multi-year long troll campaign against Vinny, which included hacking his Twitter account, as  well as breaching the National Center for Missing and Exploited children, all in an effort to put out an alert claiming Vinny is a Pedo. 

But by far his biggest troll was utilising a vulnerability in the FBI website itself to send thousands of spam emails from a legit FBI email address, warning of  fake cyberattacks being perpetrated by Vinny. But arguably Pompom’s biggest enemy was his ego - which is by no means unique among cyber criminals. Whilst attracting so much attention  made him a celebrity amongst his peers, it painted a large target on his back in the eyes of the FBI,  

which has just revealed exactly how they hunted him down. 

For this story we have to go back to the days of raidforums, a now seized blackhat site that Purin was a regular user of. When the FBI shut the site down last year they obtained its database which included the private messages of  all the forums’ members. One such conversation between Pompompurin and raidforum’s owner  

“Omnipotent”, is of particular interest. They were 

discussing a data leak pertaining to the keyboard  

app AI.type, over 30 million user’s details were 

leaked, and the database was of course posted on  

raidforums - the database was said to include 

all the app’s users. 

However Purin messaged Omnipotent, saying the leaked database could not have contained all the app’s users, because his email wasn’t included in the dump. 

He says “Not messaging to ask for credits back or anything, because I wanted it anyways, I just wanted to let you know that it doesn’t seem to be the full amount of data" 

Omnipotent responds “What email did you look up and how?”

He says “I don’t want to share my actual email for obvious reasons, but this email seems to have the same case as mine):”  

“conorfitzpatrick02@gmail.com”

Pompompurin no doubt thought he was being real smart when he told Omnipotent this wasn’t his email, but not only was it his real email, but it contains Purin’s real name “Conor Fitzpatrick” - Whilst Omnipotent didn’t figure this out - the FBI did. After the FBI served Google warrants, they found that this email was linked to a google pay account, which another gmail account shared the same details to. The FBI investigated this second email and found it was accessed using the same IP address as a zoom account which was registered to  

the email address “pompompurin@riseup.net” - which is the exact same email that Purin used to log  

into raidforums. Regardless of whether Purin used VPNs or TOR, he had committed the deadly sin of  mixing his irl and online identities, firstly when he sent Omnipotent that fateful message,  and secondly when he mixed the IPs he was using for his irl and Pompompurin identities. Oh and  those Google pay accounts, were linked to Pompom’s home address, so tracking him down was simple. court documents show that when Pompompurin, also known by his much less catchy name “Conor Brian  Fitzpatrick” was arrested he quickly accepted the game was over, admitting to the FBI that  

he was Pompompurin and “the owner and admin of BreachForums”. Conor was charged with “conspiracy to solicit individuals with the purpose of selling unauthorized access devices”. “Access devices”  simply being a fancy term for a means of accessing an account, like usernames and passwords. His bail was set at $300 thousand dollars, which was promptly paid by his parents - because the guy is apparently only 20 years old - and under sentencing guidelines he could be  facing the next 20 years of his life in prison.BreachForums’ second in command, an admin going  by ‘Baphomet’ posted an announcement in the early hours of Purin’s arrest. Saying he assumed the worst after just 24 hours of Purin being afk - which really puts into perspective  just how glued Purin was to his criminal enterprise. 

During this initial 24 hours,  

Baphomet “[removed] his access to all important infrastructure and restricted his forum account  [so he could] still login but not carry out any administrator actions.”. He’s also been monitoring  “[logs] to see [if there’s been] any access or modifications to [Breachforums infrastructure]”.  

Which brings us to the next act in this saga, the future, or lack thereof, of breachforums. Breachforums was born out of the downfall of raidforums, an almost identical site,  hosting a community dedicated to cyber crime, with sales of hacking tools,  a leaks market, and so on. After 8 years on the internet, raidforums was - well,  raided themselves by the FBI, with 

its owner “Omnipotent” arrested - to  this day the 21 year old behind it is still fighting extradition to the US. The shutdown of raidforums left its half a million registered users homeless,  but Pompompurin, a user of the site with a good reputation soon stepped in to fill the void,  creating breachforums. The new site was pretty much a continuation of raidforums, just under new  management, so much so that Purin even let users keep the ranks they had gained on raidforums. 

However barely 12 months after breach was set up, with Purin now sitting in a jail  cell. Admin Baphomet has been forced to not only restrict Purin’s access to the site he founded,  but ban him altogether, after all it’s clear at this point he just ain’t coming back,  and fear runs high that the FBI could in some way exploit Purin’s access to  breachforums in order to deanonymise it’s users.Let’s not forget, after raidforums’ seizure,  it was transformed into an FBI honeypot, every page on the site redirected to a login page that  law enforcement was using in order to grab user credentials. After banning Purin, Admin Baphomet  vowed to takeover the site and keep it alive long term by migrating to new infrastructure. 

However this pledge didn’t last long, he soon released an update saying he was going to shut  down breachforums for good - reason being that logs showed someone (presumably the FBI) had  exploited Purin’s credentials to access breached infrastructure shortly after his arrest, meaning  in his words “nothing can be assumed safe, whether its our configs, source code, or information about  our users - the list is endless. This means that I can't confirm the forum is safe”, 

His fears were confirmed in the last day or so, when newly published court documents revealed  Pompompurin’s other opsec mistakes. Like the time he forgot to use a VPN when logging into  breachforums, but rather using an IP registered to his real home address. The fact the FBI even know  this confirms they have access to breachforum’s database, just as they did with raidforums. What happens now? Well - Baphomet says he’s having conversations with competitor forum admins,  “hoping to work with some of those people to build a new community”. Whether that happens or not, the void will be filled one way or another, with its quarter of a million users now internet refugees.

stay tuned stay safe !