The founder of BreachForums made his initial appearance on March 24 in the Eastern District of Virginia on a criminal charge related to his alleged creation and administration of a major hacking forum and marketplace for cybercriminals that claimed to have more than 340,000 members as of last week.
Article continues below
In parallel with his arrest on March 15, the FBI and Department of Health and Human Services Office of Inspector General (HHS-OIG) have conducted a disruption operation that caused BreachForums to go offline.
According to court documents, Conor Brian Fitzpatrick, 20, of Peekskill, New York, allegedly operated BreachForums as a marketplace for cybercriminals to buy, sell, and trade hacked or stolen data and other contraband since March 2022.
Among the stolen items commonly sold on the platform were bank account information, social security numbers, other personally identifying information (PII), means of identification, hacking tools, breached databases, services for gaining unauthorized access to victim systems, and account login information for compromised online accounts with service providers and merchants.
Fitzpatrick’s alleged victims have included millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies.
Some of the stolen datasets contained the sensitive information of customers at telecommunication, social media, investment, health care services, and internet service providers.
For instance, on January 4, a BreachForums user posted the names and contact information for approximately 200 million users of a major U.S.-based social networking site.
Further, on December 18, 2022, another BreachForums user posted details of approximately 87,760 members of InfraGard, a partnership between the FBI and private sector companies focused on the protection of critical infrastructure.
As part of the scheme, Fitzpatrick allegedly supported the activities of cybercriminals by creating and operating a “Leaks Market†subsection that was dedicated to buying and selling hacked or stolen data, tools for committing cybercrime, and other illicit material.
To facilitate transactions on the forum, Fitzpatrick allegedly offered to act as a trusted middleman, or escrow service, between individuals on the website who sought to conduct these types of illicit transactions.
In addition, Fitzpatrick allegedly managed an “Official†databases section through which BreachForums directly sold access to verified hacked databases through a “credits†system administered by the platform.
As of January 11, the Official database section purported to contain 888 datasets, consisting of over 14 billion individual records. These databases belong to a wide variety of both U.S. and foreign companies, organizations, and government agencies.
Fitzpatrick allegedly profited from the scheme by charging for forum credits and membership fees.
The BreachForums website has supported additional sections in which users discuss tools and techniques for hacking and exploiting hacked or stolen information, including in the “Cracking,†“Leaks,†and “Tutorials†sections.
The BreachForums website also includes a “Staff†section that appears to be operated by the BreachForums administrators and moderators.
Fitzpatrick is charged with conspiracy to commit access device fraud. If convicted, he faces a maximum penalty of five years in prison.
Fitzpatrick’s arrest and the disruption of BreachForums comes nearly a year after the Department of Justice announced the seizure of a predecessor hacking marketplace, Raidforums, and unsealed criminal charges against RaidForums’ founder and chief administrator, who is the subject of extradition proceedings in the United Kingdom.
The law enforcement actions against Fitzpatrick and BreachForums are the result of an ongoing criminal investigation by the FBI Washington Field Office, FBI San Francisco Division, and HHS-OIG, with assistance provided by the U.S. Secret Service, Homeland Security Investigations New York Field Office, New York Police Department, U.S. Postal Inspection Service, and Peekskill Police Department.
The U.S. Attorneys’ Office for the Northern District of California, the District of Maryland, and the Southern District of New York have also provided assistance in this matter.
The Justice Department’s Office of International Affairs is handling the extradition.
The Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Carina A. Cuellar for the Eastern District of Virginia are prosecuting the case. ■