The founder of the hacking forum BreachForums has made his first court appearance in the Eastern District of Virginia after being arrested on charges related to his alleged creation and management of the platform. Conor Brian Fitzpatrick, a 20-year-old resident of Peekskill, New York, is accused of operating BreachForums as a black market for cybercriminals to trade stolen or breached data since March 2022.
Court records reveal that more than 340,000 individuals claimed to be members of BreachForums. However, a joint operation conducted by the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services Office of Inspector General (HHS-OIG) led to the arrest of Fitzpatrick on March 15, effectively shutting down the platform.
One of the main activities on the hacking forum was the sale of stolen information. According to the Department of Justice, BreachForums facilitated the exchange of bank account information, social security numbers, personally identifiable information (PII), hacking tools, compromised databases, unauthorized access services, and compromised online account login information. The platform’s victims included millions of US residents and numerous US and international corporations, organizations, and government bodies.
The stolen datasets found on BreachForums often contained sensitive data from consumers of telecommunication, social media, investment, healthcare, and internet service providers. For example, in January 2023, a user of the forum released the names and contact details of nearly 200 million subscribers of a major American social networking website. Another breach in December 2022 exposed over 87,000 participants in InfraGard, a collaborative effort between the FBI and private sector businesses to protect critical infrastructure.
Due to the previous seizure of RaidForums, cybercriminals turned to BreachForums as an alternative platform for buying and selling stolen data, including breached databases and hacking tools. Fitzpatrick allegedly profited from the scheme by charging fees for forum credits and membership. The FBI Washington Field Office’s Assistant Director in Charge, David Sundberg, stated, “These databases belong to a wide variety of both U.S. and foreign companies, organizations, and government agencies.”
Beyond facilitating the trade of stolen data, BreachForums also provided extra support forums for discussions related to hacking techniques and the use of compromised information. The website featured sections such as “Cracking,” “Leaks,” and “Tutorials,” where users could exchange tools and methods for hacking.
Fitzpatrick has been charged with conspiracy to conduct access device fraud. If convicted, he could face a maximum sentence of five years in prison. The arrest and charges against Fitzpatrick send a clear message that the illicit theft, sale, and trade of personal information will not be tolerated, and cybercriminals will be held accountable for their actions, according to Special Agent in Charge Stephen Niemczak of the HHS-OIG.
The disruption operation conducted by the FBI and HHS-OIG has dealt a significant blow to the cybercriminal community, as BreachForums was a prominent platform for the trade of stolen data. However, the arrest of Fitzpatrick also highlights the ongoing challenges law enforcement agencies face in combating cybercrime and the ever-evolving tactics used by cybercriminals to exploit and profit from data breaches.
It is essential for individuals, businesses, and government agencies to remain vigilant in their cybersecurity measures and take proactive steps to protect sensitive information from falling into the hands of criminals. As the threat landscape continues to evolve, collaboration between law enforcement agencies, industry stakeholders, and cybersecurity experts is crucial to combatting the persistent and ever-growing cyber threats facing society.