BreachForums says it will shut down following owner's arrest

(Image credit: Pixabay)

It seems as if Breach Forums is going down with its captain, after all. The administrator that succeeded their now-arrested predecessor confirmed that they would be shutting the site down and starting from scratch. The decision was made after they suspected law enforcement accessed the founder’s device, practically compromising the entire operation.

Last week, the FBI arrested a person suspected to be “Pompompurin”, the founder and super-admin of Breached Forums, an underground forum where hackers and cybercriminals shared intelligence, malware, and spoils of their craft. The person, legal name Conor Brian Fitzpatrick, is currently out on bail, pending trial. He has been accused of conspiracy to commit access device fraud.

In the meantime, a person with the alias “Baphomet” took over the forums. The initial idea was to keep the site operational. However, in their final update on Telegram, Baphomet explained that someone accessed Pompompurin’s device and thus gained access to a lot of sensitive information. That made it impossible to continue:

Final update

“Please consider this the final update for Breached,” a person with the alias “Baphomet,” wrote on Telegram, according to TechCrunch. “I will be taking down the forum, as I believe we can assume that nothing is safe anymore. I know that everyone wants the forum up, but there is no value in short term gain for what will likely be a long term loss by propping up Breached as it is.”

While they were migrating the forum’s servers, Baphomet explained, they discovered evidence of someone logging in before they did.

“Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless,” Baphomet wrote. “This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.”

While this does mean the end for Breached Forums, it doesn’t mean it’s the end for hacker gatherings: 

“I want to make it clear, that while this initial announcement is not positive, it’s not the end. I’m going to setup another Telegram group for those who want to see what follows. You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all,” Baphomet wrote. “Give me 24 hours to get some rest and give thought to how we move on from here. I will be back online after that, and we will talk. I am going nowhere.”

What lies in the future, remains to be seen. Baphomet has also considered joining forces with competing forums, too.

“While the community of Breached will die, I’m going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I’m hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.”

Via: TechCrunch

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.