The U.S. Federal Bureau of Investigation arrested a New York man on Wednesday on suspicion of running BreachForums, the popular internet forum that has become a favorite among hackers to share their exploits on the regular internet.

Conor Brian Fitzpatrick, known online as “Pompompurin” or “Pom” has been a reasonably high-profile hacker who has been on the radar of authorities for several years. Before allegedly founding BreachForums in 2022, Fitzpatrick, under the name of Pompompurin, took credit for an attack on an FBI server in November 2021.

In the 2021 attack, Fitzpatrick allegedly gained access to an FBI server and sent thousands of fake cybersecurity emails from the eims@is.fbi.gov address. The emails, which contained the subject line of “threat actor in systems,” claimed that “our intelligence monitoring indicates exfiltration of several of your virtualized clusters in a sophisticated chain attack.”

Forward to April 2022, and RaidForums, then the most popular regular internet forum for hackers, was taken down in a joint operation between U.S. and European law enforcement agencies. Fitzpatrick was a regular member of the forum and, with its demise, is alleged to have then founded BreachForums, which became the most popular successor site to RaidForums.

Since its founding, BreachForums has been linked to or mentioned in countless hacking stories, since it quickly became a leading destination to sell stolen data, particularly among independent hackers and others not linked to ransomware gangs.

Footage of BreachedForum administrator Pompompurin's home being raided by the FBI. pic.twitter.com/vR6Kq4tcrS

— vx-underground (@vxunderground) March 17, 2023

An affidavit shared by Bleeping Computer from an FBI special agent claims, among other things, that Fitzpatrick confessed to him that he was known as Pompompurin online and that he was the owner and administrator of BreachForums.

Fitzpatrick has since been released on a $300,000 bond and is scheduled to make his first court appearance in the District Court of the Eastern District of Virginia on March 24. So far he has been charged with only a single count of conspiracy to commit access device fraud.

Since Fitzpatrick has been on the FBI’s radar for years, the question that has been raised is: Why go after him now? One argument is that perhaps the FBI has taken years to line up all its ducks in a row before going after him, but as DataBreaches.net noted today, the arrest feels rushed, particularly given that only one charge so far has been laid.

The why, as suggested by DataBreaches.net, could have been related to the DC Health Link data breach that involved personally identifiable information belonging to members of Congress earlier this month. The stolen data was advertised for sale on BreachForums.

Although Fitzpatrick is not accused of hacking DC Health Link, that BreachForums was hosting the sale of the data may have been the driving factor behind his arrest.

“Those listings alone would have been enough to put the FBI and law enforcement into high gear because not only were members of Congress making a big stink about the leak but [BreachForums user] Denfur revealed that other data would be leaked at some point,” DataBreaches.net wrote. “From what DataBreaches was subsequently told, [Fitzpatrick] either had those data or would be getting those to act as a middleman.”

Photo: Wikimedia Commons