Last week, the FBI arrested a man alleged to be “Pompompurin,” the administrator of the infamous and popular BreachForums. Days after the arrest, the cybercrime website’s new administrator announced that they are shutting down the forum for good.
“Please consider this the final update for Breached,” the new admin, known as “Baphomet,” wrote in the official Telegram channel. “I will be taking down the forum, as I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is.”
The new administrator Baphomet did not respond to our request for comment.
The apparent end of BreachForums comes roughly a year after a coalition of international law enforcement agencies led by the U.S. Department of Justice seized RaidForums, another notorious cybercrime forum where hacked databases would be advertised and sold. BreachForums was born in the aftermath of RaidForums’ demise, and served pretty much the same purpose and audience.
“I want to make it clear, that while this initial announcement is not positive, it’s not the end. I’m going to setup another Telegram group for those who want to see what follows. You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all,” Baphomet wrote. “Ggive (sic) me 24 hours to get some rest and give thought to how we move on from here. I will be back online after that, and we will talk. I am going nowhere.”
In an attached message, which was signed with Baphomet’s PGP key to prove it was genuinely written by them, they wrote that they were able to confirm that the authorities have access to Pompompurin’s machine.
Baphomet explained that while he was migrating the forum’s severs, he found that someone had logged into one of the servers before they did.
“Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless,” Baphomet wrote. “This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.”
The feds accuse Conor Brian Fitzpatrick of being Pompompurin, who faces charges in New York as well as in the Eastern District of Virginia. Fitzpatrick is accused of conspiracy to commit access device fraud.
On Monday, three days after Fitzpatrick’s arrest and before they found that someone had accessed one of the servers, Baphomet announced they were migrating the forum’s servers to keep BreachForums alive.
That plan is no longer in motion, but Baphomet said this is not the end.
“As for what this means now, It’s complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around,” they wrote.
“While the community of Breached will die, I’m going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I’m hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.”
Do you have information about BreachForums? We’d love to hear from you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Wickr, Telegram and Wire @lorenzofb, or email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.