Conor Brian Fitzpatrick, also known as Pompompurin, has pleaded guilty to multiple charges in federal court. Fitzpatrick was the administrator of the breached data marketplace known as BreachForums. He has admitted to three charges, including possession of child pornography, unauthorized solicitation of access device fraud, and conspiracy to commit access device fraud.
According to court documents, Fitzpatrick knowingly possessed and attempted to possess explicit visual depictions involving minors. These depictions were transported using various means of interstate and foreign commerce, including computer networks. The evidence against him includes videos found on his laptop that depict sexually explicit conduct by prepubescent minors and children under the age of 12.
The investigation into Fitzpatrick’s activities began in March 2023 when the U.S. Justice Department announced his arrest on charges of conspiracy to commit access device fraud. The allegations against him centered around his facilitation of the sale and purchase of stolen data through the BreachForums platform. Undercover FBI agents were able to make several purchases of stolen data, including sensitive information from various entities such as internet hosting and security services companies, investment firms, healthcare providers, and individual victims.
The charges brought against Fitzpatrick highlight the significant impact of cybercriminal activities on the privacy and security of millions of individuals and numerous organizations. The investigation into his involvement in BreachForums relied on digital tracking and the gathering of evidence from various sources such as IP addresses associated with Fitzpatrick’s online presence, records from Google, and information from cryptocurrency exchange Purse.io. This evidence established a clear link between Fitzpatrick and his online persona, “Pompompurin.”
The arrest and subsequent guilty pleas by Fitzpatrick serve as a reminder of the need for robust cybersecurity measures to protect sensitive information from unauthorized access and exploitation. The charges related to the possession and attempted possession of explicit material involving minors also shed light on the presence of such content on breached data forums. While the closure of BreachForums has disrupted the cybercriminal underground, it is possible that successor platforms may emerge. However, the efforts of law enforcement to dismantle such forums act as strong deterrents and disrupt illegal activities.
Following Fitzpatrick’s arrest, former BreachForums member “Baphomet” announced the launch of a new breached data forum called BreachForums. This occurred around the same time as a significant database leak from the RaidForums, which was seized and its administrator, Omnipotent, was arrested in April 2022. Another forum called Exposed, which leaked the RaidForums’ database, was also abandoned at this time. Baphomet took over as the admin of BreachForums after Fitzpatrick’s arrest. Additionally, a hacker claiming to be a former Anonymous member announced an alternative forum called kkksecforum, but its accessibility is currently limited.
While there have been attempts to create clones of BreachForums, such as Pwnedforums, these platforms have not been successful in attracting users and have been suspected of being DDoS honeytraps. In a separate incident, UK law enforcement officials uncovered a network of cybercriminals involved in DDoS-for-hire schemes. German police also conducted a raid on FlyHosting, a web hosting company known for aiding cybercriminals in DDoS attacks and malware distribution.
The case surrounding Conor Brian Fitzpatrick, also known as Pompompurin, highlights the ongoing threat of cybercrime to data privacy and the need for strong cybersecurity measures. It also demonstrates the efforts of law enforcement to disrupt illegal activities and protect individuals and organizations from the damaging effects of cybercriminals.