Suspected Owner of BreachForums Data Breach Website Arrested in the US

ImmuniWeb
3 min readMar 24, 2023

--

Read also: Major crypto ATM manufacturer hacked, a phone scam gang that prayed on elderly Americans dismantled, and more.

Alleged BreachForums’ operator Pompompurin arrested in New York

The US Federal Bureau of Investigation has arrested a suspected operator of BreachForums, a popular dark web platform for cybercriminals to buy and sell information obtained through data breaches. The suspect, Conor Brian Fitzpatrick also known as “Pompompurin,” was arrested at his home in New York on March 15, 2023.

BreachForums was created as a substitute for RaidForums, another well-known data breach website shut down by the law enforcement authorities in April 2022.

Besides BreachForums, Pompompurin is also said to have been involved in the hacks of FBI’s Law Enforcement Enterprise Portal (LEEP) and InfraGard outreach program in 2021 and 2022 respectively.

Following Pompompurin’s arrest BreachForums’ current admin who goes online as “Baphomet” decided to shut down the site over the fears that secure servers may have been hijacked by the police.

OneCoin crypto scam associate faces up to 40 years in prison

US authorities have charged Irina Dilkinska, a Bulgarian women, for her alleged involvement in a massive OneCoin cryptocurrency fraud scheme that conned victims worldwide out of over $4 billion. Sofia-based OneCoin sold a fraudulent cryptocurrency by the same name through a global multi-level-marketing (“MLM”) network.

Dilkinska, who served as OneCoin’s head of legal and compliance, allegedly helped OneCoin lawyer Mark Scott launder about $400 million in proceeds and destroyed incriminating documents after Scott’s arrest.

Dilkinska was extradited to the United States on March 20 and charged with conspiracy to commit wire fraud and money laundering. If found guilty, she could face a prison sentence of up to 40 years.

Major crypto ATM manufacturer hacked, at least $1.5M stolen

Major Bitcoin ATM maker General Bytes was hit with a cyber-attack, where threat actors stole over $1.5 million in cryptocurrency from the company’s hot wallets through a previously unknown software vulnerability.

The company said that the security breach occurred on March 17–18, 2023, with the attacker using the zero-day bug to remotely upload a malicious Java application via master service interface and gain access to the database and hot wallets. Following the hack the company shut down its cloud service.

Users are strongly advised to keep their crypto application servers (CASs) behind a firewall and VPN and rotate all users’ passwords, and API keys to exchanges and hot wallets.

US, Thai police dismantle phone scam gang that stole $87 million from American seniors

US and Thai authorities have announced the arrest of 21 suspected members of an international cybercrime syndicate that operated Thailand-based call centers to deceive Americans (mostly elderly) into sending them money, causing over 3 billion baht ($87 million) in losses.

Under the guise of law enforcement officers investigating money laundering the crooks told victims that their funds were suspicious so needed to be transferred to them to be verified. In some cases the scammers also hacked victims’ computers, the police said.

As part of the operation, the police officers seized 162 bank accounts, more than 60 mobile phones, cars, weapons, and multiple real estate properties.

A cybercrime gang netted over €1 million via online phishing

Romanian and Dutch police have detained four individuals believed to be members of a cybercrime gang that conned almost 1,000 people into providing their bank details.

The group is said to have stolen more than €1 million from their victims via phishing schemes on online marketplaces. Based on reports from a number of major banks in the Netherlands the police were able to link a suspicious phone number to multiple cyber fraud cases, which ultimately led to the arrests.

Full story:
https://www.immuniweb.com/blog/suspected-owner-of-breachforums-data-breach-website-arrested-in-the-us.html

--

--

ImmuniWeb

Award-winning AI-enabled Application Penetration Testing, Dark Web and Attack Surface Monitoring