How the FBI Caught Hacker Pompompurin
Summary
TLDRPompompurin, the notorious hacker and owner of BreachForums, was arrested by the FBI after a series of opsec failures. Known for his high-profile cybercrimes and clashes with security researchers, his downfall came from mixing his real and online identities. The FBI traced him through a leaked database, his email, and IP addresses linked to his home. Now facing up to 20 years in prison, the future of BreachForums is uncertain as its second-in-command, 'Baphomet', struggles to maintain the site amidst fears of FBI infiltration.
Takeaways
- đ Pompompurin, known for using a Hello Kitty character, became a notorious figure in the cybercriminal world by running breachforums, a major English-speaking blackhat forum.
- đ The FBI tracked down Pompompurin through a slip-up in a private message on a seized forum, where he mentioned an email address that contained his real name, Conor Fitzpatrick.
- đ§ The FBI linked Pompompurin's real identity to a Google Pay account, which was connected to an IP address used for a Zoom account registered to an email address that Pompompurin used to log into breachforums.
- đ Google Pay accounts were linked to Pompompurin's home address, making it easy for the FBI to locate him.
- đŽââď¸ After his arrest, Conor Fitzpatrick, also known as Pompompurin, admitted to being the owner and admin of BreachForums and was charged with conspiracy to solicit the selling of unauthorized access devices.
- đ° Pompompurin's bail was set at $300,000, paid by his parents, and he could face up to 20 years in prison according to sentencing guidelines.
- đ Following Pompompurin's arrest, the second in command of BreachForums, 'Baphomet', restricted and eventually banned Pompompurin's access to the forum due to security concerns.
- đ¨ Baphomet feared that the FBI could exploit Pompompurin's access to de-anonymize BreachForums' users, leading to the decision to shut down the forum.
- đ Baphomet considered migrating to new infrastructure to keep the forum alive but later decided to shut down BreachForums completely due to evidence of FBI access to the forum's infrastructure.
- đ The shutdown of BreachForums left its large user base without a platform, and Baphomet is in discussions to potentially build a new community with other forum admins.
- đ The script highlights the cyclical nature of such forums, with the downfall of one often leading to the rise of another, as seen with the transition from raidforums to BreachForums.
Q & A
Who is Pompompurin and what is his connection to the cyber criminal underworld?
-Pompompurin, also known as Conor Fitzpatrick, is a notorious hacker who rose to fame as the owner of BreachForums, one of the largest English-speaking blackhat forums on the internet, known for facilitating the sale of countless data breaches.
What is the significance of BreachForums in the context of cybercrime?
-BreachForums is significant as it has become one of the largest platforms for English-speaking cyber criminals, particularly for the sale and distribution of data breaches through its 'leaks market'.
How did Pompompurin's rivalry with NightLion Security's Vinny Troia escalate?
-The rivalry escalated through public clashes and a multi-year troll campaign initiated by Pompompurin, including hacking Vinny's Twitter account and falsely accusing him of being a pedophile by breaching the National Center for Missing and Exploited Children's database.
What was the turning point that led to Pompompurin's arrest?
-The turning point was Pompompurin's slip-up in a private message to 'Omnipotent' on raidforums, where he mentioned an email address that the FBI later linked to his real identity, Conor Fitzpatrick.
How did the FBI identify Pompompurin's real identity?
-The FBI identified Pompompurin's real identity by analyzing a private message on raidforums where he mentioned an email address that contained his real name, Conor Fitzpatrick. Further investigation linked this email to a Google Pay account and IP addresses associated with his online activities.
What was Pompompurin's reaction when he was arrested?
-Upon his arrest, Pompompurin, also known as Conor Brian Fitzpatrick, quickly accepted that the game was over and admitted to the FBI that he was Pompompurin and the owner and admin of BreachForums.
What charges did Pompompurin face after his arrest?
-Pompompurin was charged with 'conspiracy to solicit individuals with the purpose of selling unauthorized access devices,' which refers to means of accessing accounts, such as usernames and passwords.
How did the arrest of Pompompurin impact the operations of BreachForums?
-Following Pompompurin's arrest, the second in command, 'Baphomet,' restricted his access to the site and eventually banned him. Concerns about the FBI exploiting Pompompurin's access led to the decision to shut down BreachForums.
What was the role of 'Baphomet' in the aftermath of Pompompurin's arrest?
-'Baphomet' assumed control of BreachForums, initially restricting and then banning Pompompurin's access to the site. He also monitored logs for any unauthorized access or modifications to the forum's infrastructure.
What are the implications of the FBI's access to BreachForums' database?
-The implications are significant as it suggests that the FBI could potentially de-anonymize users of the forum, similar to what happened with raidforums, which was transformed into an FBI honeypot after its seizure.
What is the future of the cyber criminal community that wasäžć on BreachForums?
-With BreachForums shutting down, the community is left without a platform. However, it is likely that a new platform will emerge to fill the void, as the quarter of a million users seek a new home for their activities.
Outlines
đ The Downfall of Pompompurin: Cyber Criminal Unmasked
Pompompurin, a notorious hacker and the owner of the prominent blackhat forum BreachForums, was apprehended by the FBI. Known for his rivalry with security researcher Vinny Troia and infamous trolling campaigns, including a spam attack from an FBI email address, Pompompurin's real identity was revealed through a slip-up in a private message on a seized forum, 'raidforums'. The FBI linked an email address mentioned in the message to a Google Pay account, which was further connected to an IP address used by Pompompurin's other online activities. This led to his arrest, where he admitted to being the administrator of BreachForums and was charged with conspiracy to solicit the selling of unauthorized access devices. Despite his young age, he faces significant prison time.
đĽ The Aftermath of BreachForums: A Community in Limbo
Following the arrest of its founder, Pompompurin, the future of BreachForums is uncertain. The forum was established after the shutdown of 'raidforums' and quickly became a hub for cybercriminal activities. With Pompompurin's arrest, the second-in-command, 'Baphomet', initially restricted and later banned the founder's access to the site. Concerns about the FBI's potential access to BreachForums' infrastructure and user data have led to the decision to shut down the forum. Baphomet has expressed intentions to collaborate with other forum administrators to create a new community, but the fate of the displaced users remains unclear. The incident highlights the risks of mixing real-life and online identities, as well as the vulnerability of such forums to law enforcement actions.
Mindmap
Keywords
đĄPompompurin
đĄBreachForums
đĄCyber Criminal
đĄNightLion Security
đĄFBI
đĄRaidForums
đĄData Breach
đĄEgo
đĄOperational Security (OpSec)
đĄGoogle Pay
đĄConspiracy
đĄHoneypot
Highlights
Pompompurin, the hacker and owner of breachforums, was arrested by the FBI.
Pompompurin's rise to fame in the cybercriminal underworld through breachforums.
The leaks market on breachforums as a major source of data breaches.
Pompompurin's public rivalries with security researchers, particularly with Vinny Troia.
Pompompurin's multi-year troll campaign against Vinny Troia, including hacking his Twitter account.
The misuse of an FBI website vulnerability to send spam emails warning of fake cyberattacks by Vinny.
Pompompurin's downfall due to his ego and the attention it drew from the FBI.
The FBI's discovery of Pompompurin's real identity through a private message on raidforums.
The revelation of Pompompurin's real email address in a conversation with raidforum's owner 'Omnipotent'.
The FBI's use of Google warrants to link the email address to a Google Pay account and further to Pompompurin's identity.
Pompompurin's arrest and admission to the FBI that he was the owner of BreachForums.
The charge against Pompompurin for conspiracy to solicit individuals to sell unauthorized access devices.
The bail set for Pompompurin and its payment by his parents, revealing his age as 20.
The immediate actions taken by BreachForums' second in command 'Baphomet' after Pompompurin's arrest.
The decision to shut down BreachForums due to the potential FBI access to its infrastructure.
The transformation of raidforums into an FBI honeypot post-seizure.
Baphomet's plans to build a new community with the help of competitor forum admins.
The future uncertainty for the 250,000 users of BreachForums as they become 'internet refugees'.
Transcripts
Pompompurin, the infamous hacker and owner of breachforums was recently arrested, Â
and the FBI has just revealed exactly how they tracked him down. But, before we get to that Â
how did this guy, who brands himself using a hellokitty character rise to become one of the Â
most famous personalities in the cyber criminal underworld? Well - owning breachforums certainly Â
played a part, itâs become one of the largest English speaking blackhat forums on the internetÂ
the most famous section being the leaks market which has facilitated the sale of Â
countless data breaches Iâd say maybe even most of the leaks weâve looked at on this channel Â
over the past year, came from breachforums. Aside from being a cyber criminal King Pin, Â
Pompompurin also gained notoriety and became a bit of a celebrity for his rivalries with Â
security researchers, the most notable being his frequent and very public clashes with the owner of Â
NightLion security, Vinny Troia, which stems from Vinnyâs unsuccessful attempts to unmask Â
Purinâs real identity. Purin wasnât too happy with these attempts and responded by unleashing Â
a multi-year long troll campaign against Vinny, which included hacking his Twitter account, as Â
well as breaching the National Center for Missing and Exploited children, all in an effort to put Â
out an alert claiming Vinny is a Pedo. But by far his biggest troll was utilising a vulnerability in Â
the FBI website itself to send thousands of spam emails from a legit FBI email address, warning of Â
fake cyberattacks being perpetrated by Vinny. But arguably Pompomâs biggest enemy was his Â
ego - which is by no means unique among cyber criminals. Whilst attracting so much attention Â
made him a celebrity amongst his peers, it painted a large target on his back in the eyes of the FBI, Â
which has just revealed exactly how they hunted him down. For this story we have to go back to the Â
days of raidforums, a now seized blackhat site that Purin was a regular user of. When the FBI Â
shut the site down last year they obtained its database which included the private messages of Â
all the forumsâ members. One such conversation between Pompompurin and raidforumâs owner Â
âOmnipotentâ, is of particular interest. They were discussing a data leak pertaining to the keyboard Â
app AI.type, over 30 million userâs details were leaked, and the database was of course posted on Â
raidforums - the database was said to include all the appâs users. However Purin messaged Â
Omnipotent, saying the leaked database could not have contained all the appâs users, because his Â
email wasnât included in the dump. He says âNot messaging to ask for credits back or anything, Â
because I wanted it anyways, I just wanted to let you know that it doesnât seem to be the Â
full amount of data" Omnipotent responds âWhat email did you look up and how?â âI donât want Â
to share my actual email for obvious reasons, but this email seems to have the same case as mine):â Â
â[email protected]â. Pompompurin no doubt thought he was being real smart when Â
he told Omnipotent this wasnât his email, but not only was it his real email, but it contains Â
Purinâs real name âConor Fitzpatrickâ - Whilst Omnipotent didnât figure this out - the FBI did.Â
After the FBI served Google warrants, they found that this email was linked to a google pay Â
account, which another gmail account shared the same details to. The FBI investigated this second Â
email and found it was accessed using the same IP address as a zoom account which was registered to Â
the email address â[email protected]â - which is the exact same email that Purin used to log Â
into raidforums. Regardless of whether Purin used VPNs or TOR, he had committed the deadly sin of Â
mixing his irl and online identities, firstly when he sent Omnipotent that fateful message, Â
and secondly when he mixed the IPs he was using for his irl and Pompompurin identities. Oh and Â
those Google pay accounts, were linked to Pompomâs home address, so tracking him down was simple.Â
Court documents show that when Pompompurin, also known by his much less catchy name âConor Brian Â
Fitzpatrickâ was arrested he quickly accepted the game was over, admitting to the FBI that Â
he was Pompompurin and âthe owner and admin of BreachForumsâ. Conor was charged with âconspiracy Â
to solicit individuals with the purpose of selling unauthorized access devicesâ. âAccess devicesâ Â
simply being a fancy term for a means of accessing an account, like usernames and passwords. Â
His bail was set at $300 thousand dollars, which was promptly paid by his parents - because the Â
guy is apparently only 20 years old - and under sentencing guidelines he could be Â
facing the next 20 years of his life in prison. BreachForumsâ second in command, an admin going Â
by âBaphometâ posted an announcement in the early hours of Purinâs arrest. Saying he Â
assumed the worst after just 24 hours of Purin being afk - which really puts into perspective Â
just how glued Purin was to his criminal enterprise. During this initial 24 hours, Â
Baphomet â[removed] his access to all important infrastructure and restricted his forum account Â
[so he could] still login but not carry out any administrator actions.â. Heâs also been monitoring Â
â[logs] to see [if thereâs been] any access or modifications to [Breachforums infrastructure]â. Â
Which brings us to the next act in this saga, the future, or lack thereof, of breachforums.Â
Breachforums was born out of the downfall of raidforums, an almost identical site, Â
hosting a community dedicated to cyber crime, with sales of hacking tools, Â
a leaks market, and so on. After 8 years on the internet, raidforums was - well, Â
raided themselves by the FBI, with its owner âOmnipotentâ arrested - to Â
this day the 21 year old behind it is still fighting extradition to the US.Â
The shutdown of raidforums left its half a million registered users homeless, Â
but Pompompurin, a user of the site with a good reputation soon stepped in to fill the void, Â
creating breachforums. The new site was pretty much a continuation of raidforums, just under new Â
management, so much so that Purin even let users keep the ranks they had gained on raidforums.Â
However barely 12 months after breach was set up, with Purin now sitting in a jail Â
cell. Admin Baphomet has been forced to not only restrict Purinâs access to the site he founded, Â
but ban him altogether, after all itâs clear at this point he just ainât coming back, Â
and fear runs high that the FBI could in some way exploit Purinâs access to Â
breachforums in order to deanonymise itâs users. Letâs not forget, after raidforumsâ seizure, Â
it was transformed into an FBI honeypot, every page on the site redirected to a login page that Â
law enforcement was using in order to grab user credentials. After banning Purin, Admin Baphomet Â
vowed to takeover the site and keep it alive long term by migrating to new infrastructure.Â
However this pledge didnât last long, he soon released an update saying he was going to shut Â
down breachforums for good - reason being that logs showed someone (presumably the FBI) had Â
exploited Purinâs credentials to access breached infrastructure shortly after his arrest, meaning Â
in his words ânothing can be assumed safe, whether its our configs, source code, or information about Â
our users - the list is endless. This means that I can't confirm the forum is safeâ,Â
His fears were confirmed in the last day or so, when newly published court documents revealed Â
Pompompurinâs other opsec mistakes. Like the time he forgot to use a VPN when logging into Â
breachforums, but rather using an IP registered to his real home address. The fact the FBI even know Â
this confirms they have access to breachforumâs database, just as they did with raidforums.Â
What happens now? Well - Baphomet says heâs having conversations with competitor forum admins, Â
âhoping to work with some of those people to build a new communityâ. Whether that happens or not, the Â
void will be filled one way or another, with its quarter of a million users now internet refugees.Â
As always thanks for watching, and Iâll see you in the next video, have a good one!
Browse More Related Video
5.0 / 5 (0 votes)