BreachForums Admin Pleads Guilty to Hacking Charges

Written by

Conor Brian Fitzpatrick, famously known as "Pompompurin," has entered a guilty plea for hacking charges in the United States District Court for the Eastern District of Virginia, Alexandria Division. 

This comes after the US government recently seized the surface web domains linked to the notorious cybercrime marketplace, BreachForums, even though Fitzpatrick had been arrested months prior.

Read more about the arrest: BreachForums Admin Arrested in New York

The charges against Fitzpatrick revolve around conspiracy to commit access device fraud and unauthorized solicitation of unauthorized access devices, involving trafficking and using unauthorized access devices to obtain valuables worth $1000 or more. 

His involvement with BreachForums enabled cyber-criminals to trade in stolen data and other illegal activities, affecting numerous US victims and multiple breached organizations and government agencies, both domestically and internationally.

The arrest of Fitzpatrick was the culmination of an FBI investigation where he was confirmed as the owner and administrator of BreachForums, hiding behind the online alias "Pompompurin" to vouch for the legitimacy of posted data on the site. 

Notably, the Pompompurin moniker was also linked to an exploit of a law enforcement portal in 2021, resulting in the fraudulent sending of thousands of emails from an FBI address.

Despite Fitzpatrick's arrest, the authorities faced challenges in seizing the BreachForums domain, and the site's closure led to the creation of a new version.

However, the US government finally managed to take control of the domains in June 2023, displaying a notice indicating the seizure.

According to court documents, Fitzpatrick has agreed to forfeit various assets, including cryptocurrency, fiat currency, domain names, computers and electronic media that were used in or derived from the proceeds of his criminal activities.

The guilty plea also covered a separate count of possession of child pornography. This charge carries a maximum penalty of 40 years in prison, a $750,000 fine and a supervised release term ranging from five years to life.

What’s hot on Infosecurity Magazine?