UPDATED 18:38 EST / MAY 28 2024

SECURITY

After FBI takedown, hacking site BreachForums returns using original domain

Infamous hacking site BreachForums is back online some two weeks after being taken down by the U.S. Federal Bureau of Investigation and Department of Justice — and to add insult to injury, it’s using the same domain name that was seized by the FBI.

BreachForums was taken offline on May 15, with a message on the main BreachForums site reading that it had been taken down by the FBI and DOJ with assistance from international partners. The notice stated that the site’s backend data is being reviewed and that anyone who has information about cybercriminal activity on BreachForums should contact the FBI or the Internet Crime Complaint Center.

However, the seizure statement didn’t remain on the site long. It’s now back up and running, although notably, an account is required to access the forums. The return of BreachForums was first reported by Threat Analyst Brett Callow on X Inc. and was found by SiliconANGLE to be easily accessible on the regular internet (pictured).

It comes as no surprise that BreachForums has returned. The site itself was a direct successor to a previous hacking site called RaidForums, which the Justice Department took down in April 2022. But what comes next could be a first: BreachForums managed to seize control of its main domain from the domain registrar, hich had given it to the FBI.

According to Hackread, ShinyHunters, one of the most prolific groups on BreachForums, claims that it was able to regain control of the .st domain name from domain registrar NiceNIC Group Co. Ltd. Making matters even more interesting, ShinyHunters claims to have managed to get the FBI’s NiceNIC account suspended in the process.

The report claims that since then, the FBI has apparently been appealing to NiceNIC, claiming that the site breaches its terms of service. Whether NiceNIC has responded is not clear, but BreachForums is up and running the domain as of the time of writing, indicating that, for whatever reason, NiceNIC is not playing nicely with the FBI.

NiceNIC is registered and based in Hong Kong and though there are certain international law enforcement agreements between China, Hong Kong and the U.S., given current geopolitical tensions between China and the U.S., cooperation between local authorities in forcing NiceNIC’s hand is far from assured.

HackRead claims that the situation is embarrassing for the FBI and that is one way to look at it. On the other hand, whether the .st domain name had been returned or not, it was always inevitable that BreachForums or a successor site would appear at some point after the latest “takedown” by law enforcement.

Image: BreachForums/SiliconANGLE

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU