Context
In March 2022, the FBI finally ended BreachForums, a cybercriminal marketplace, and its creator Conor Brian Fitzpatrick AKA Pompompurrin. Fitzpatrick is known for his Hello Kitty character profile picture, and his operation of BreachForums, providing a platform for cybercriminals to buy, sell, and trade hacked or stolen data and other illicit material. The stolen data included tons of personally identifying information (PII), hacking tools, breached databases, services for gaining unauthorized access to victim systems, and account login information for compromised online accounts. The forum had over 340,000 members and facilitated the theft of data belonging to millions of US citizens and hundreds of companies, organizations, and government agencies.
How Did He Get Caught?
Pompompurrin founded BreachForums after the FBI seized the infamous site RaidForums, an earlier blackhat internet forum. This allowed the FBI to access all the data and information of RaidForums' members, including messages between Omnipotent (the RaidForums founder) and Pompompurrin (the BreachForums founder).
In one conversation, they discussed a recent data breach of an app called AI.type. Pompompurrin expressed concern to Omnipotent that the data breach didn't contain all the users' personal information. He used the email "conorfitzpatrick02@gmail.com" as an example, claiming that the email was found on haveibeenpwned.com (a site that notifies if your email has been breached) but not in the actual data breach meaning the breach was incomplete. In the message, he also claimed this email wasn't his real email address in an attempt to be secretive, but it turned out to be his actual email, containing his full name.
This failed attempt of reverse psychology led the FBI to trace the email to multiple accounts on Zoom and GooglePay, revealing more of Pompompurrin's PII, including his alternate email addresses, multiple IP addresses, VPN providers used, and his phone number used to access his account on RaidForums. After discovering this information, the FBI was able to access the BreachForums SQL database revealing yet another connection between Pompompurin's non-VPN IP address accessing his BreachForums account and his personal iCloud account. Pompompurrin's biggest error here was intermingling his personal accounts with his illicit activities, making it easy for law enforcement to track him down, and also revealing his personal information in what he thought would remain a private message between him and a site owner.
What Can We Learn From This?
It's important to be mindful of the information you share and who you share it with. Even information that you believe is harmless can be used to gather more sensitive information through investigation or open-source intelligence (OSINT) tools that are easily accessible to the public. Furthermore, it's important to be aware of how companies handle your data, as data breaches can occur and expose your data at any time.
To protect yourself, it's recommended to enable two-factor authentication on your accounts and practice good password habits, such as using a password manager or regularly changing complex passwords on your accounts. You can also use resources like haveibeenpwned.com to stay informed about the latest data breaches and receive alerts if your data has been compromised. Always remember to be responsible online and stay safe!
- Elyssa
Sources:
Comments