September 29, 2023

The previous administrator of a well-liked cybercrime discussion board pleaded responsible this week to a few costs associated to his operation of the positioning and to having little one pornography on one in all his units.

Conor Brian Fitzpatrick was arrested at his house in Peekskill, New York in March by the FBI for his position in working BreachForums – probably the most visited cybercrime boards obtainable to these seeking to promote or buy stolen information.

Throughout his arrest, the FBI stated the 21-year-old Fitzpatrick admitted to being BreachForums’ main administrator “pompompurin,” and he was finally charged with one rely of conspiracy to solicit people with the aim of promoting unauthorized entry units.

First reported by DataBreaches.web, the court docket paperwork filed on Thursday present Fitzpatrick ended up pleading responsible to conspiracy to commit entry gadget fraud, solicitation for the aim of providing entry units and possession of kid pornography. The primary two costs carry a 10-year most sentence and the kid pornography cost carries a 20-year sentence.

The plea settlement, which Fitzpatrick and his lawyer signed, says he “knowingly possessed roughly 26 recordsdata containing visible depictions of minors engaged in sexually express conduct.”

All three costs include vital fines and Fitzpatrick has agreed to forfeit his belongings. Whereas the plea settlement means Fitzpatrick won’t face extra costs within the Jap District of Virginia, the settlement doesn’t give him immunity from prosecution in different states.

If or when he’s launched, he will likely be compelled to join the intercourse offender registry.

Fitzpatrick signed the settlement on July 10 and prosecutors signed it on Thursday.

Working BreachForums

Fitzpatrick’s plea settlement says he helped run BreachForums from March 2022 to March 15, 2023 – which in flip helped others market stolen fee card information, financial institution routing and account numbers, Social Safety numbers, login credentials and extra.

“The aim of BreachForums, and Fitzpatrick’s intent in working the discussion board, was to commit and assist and abet the trafficking of stolen or hacked databases containing, amongst different issues, entry units, and the posting of solicitations to supply databases containing entry units,” the plea settlement stated.

“Particularly, Fitzpatrick deliberately ran BreachForums in a fashion that made it a lovely market for cybercriminals to frequent in an effort to purchase, promote, or commerce stolen or hacked entry units. In any respect related occasions, Fitzpatrick knew and understood that the entry units that BreachForums possessed and helped to site visitors had been stolen or obtained with the intent to defraud.”

As founder and administrator, Fitzpatrick was answerable for designing the web site and creating the infrastructure round it. He employed a staff of staffers to assist him with this and registered dozens of domains beneath pretend names and proxies. Fitzpatrick and his staff made at the least $698,714 by their working of the positioning.

In complete, prosecutors discovered 888 databases consisting of 14 billion particular person data as of March 7. The positioning had greater than 333,000 members and was thought of the most important English-language information breach discussion board of its type earlier than it was taken offline by the FBI.

Fitzpatrick was not solely a hacker and administrator but additionally served as a intermediary, holding funds in an escrow-like system as hackers bartered and verified stolen information.

The doc references a number of particular instances, together with a headline-grabbing put up on December 18, 2022 regarding stolen info on 87,760 members of InfraGuard, a partnership between the FBI and personal sector firms centered on the safety of crucial infrastructure.

A January 4 assault on an unnamed social media web site can be referenced because of the dimension of the posting. The hacker behind it claimed to have contact info for about 200 million customers of the social media web site.

The settlement notes Fitzpatrick’s position within the sale of delicate information stolen from Washington D.C.’s healthcare market, one utilized by members of Congress.

He additionally obtained “movies depicting prepubescent minors and minors who had not attained 12 years of age participating in sexually express conduct.”

For the kid pornography, prosecutors stated Fitzpatrick saved the recordsdata in folders named “14yo,” “15yo,” and “Hebephilia.” Not less than one file saved in February was named “13y-fully-nude” and contained graphic photographs.

The computer systems the place the recordsdata had been discovered belonged to him and had been solely utilized by him.

“The Assertion of Details embrace these information essential to help the defendant’s responsible plea. It doesn’t embrace every reality recognized to the defendant or to the federal government and it isn’t supposed to be a full enumeration of all of the information surrounding the defendant’s case,” prosecutors stated.

Regardless of claims that the platform could be restarted, the administrator who took over for Fitzpatrick stated they plan to close down the positioning over considerations that it had been infiltrated too deeply by regulation enforcement.

Get extra insights with the

Recorded Future

Intelligence Cloud.

Study extra.

Jonathan Greig

Jonathan Greig is a Breaking Information Reporter at Recorded Future Information. Jonathan has labored throughout the globe as a journalist since 2014. Earlier than transferring again to New York Metropolis, he labored for information shops in South Africa, Jordan and Cambodia. He beforehand lined cybersecurity at ZDNet and TechRepublic.