So how does a big fish in cybercrime get caught?
A few hours ago, the administrator of BreachForum was caught by the FBI in the US. The story is not as crazy as it seems. But first, what is BreachForum?
BreachForum? #
It is one of the largest pirate forums. There is no need to use TOR to access it, as the site is accessible on the clear web. On it, you can find numerous offers for pirate services as well as a thriving marketplace offering the purchase of data leaks to forum members. It is a well-established ecosystem, with data authenticity verification by the moderation team and a reputation system. In short, it is far from being a small amateur site. Welcome to the cybercrime ecosystem 💰
Off the Rails #
Okay, but what happened for it to come to this?
The administrator in question used the pseudonym pompompurin. Like you and me, he also leaves traces on the internet. IP addresses when he connects, email addresses to create accounts, payment methods, etc. He’s still a human being.
However, despite the famous belief that pseudonymity is a very protective armor, everyone is identifiable. It’s only a matter of time before the information that will shatter your cover leaks out. For several months, pompompurin was using the services of IntelligenceX. To summarize, it’s a powerful specialized search engine that allows you to browse through public data leaks. Handy when you want to verify the authenticity of stolen data, right 😏? But it’s not just the blue team that uses it. Fortunately, IntelligenceX monitors abuse of the platform and eventually discovered that the administrator was sharing links from the service on the forum.
https://twitter.com/_IntelligenceX/status/1597411367744851969
The Czech company quickly reacted and collected the pirate’s traces to hand them over to the FBI. One month later, the individual recreated a new account with another one of their email addresses that was under surveillance.
https://twitter.com/_IntelligenceX/status/1610302930069889024 https://twitter.com/_IntelligenceX/status/1610405167337193474
Once again, contact was made with the FBI and Binance, as the account was funded using a cryptocurrency based on the BNB blockchain.
Finally, on March 15, 2023, they were arrested in a house in New York.
What’s the future for the forum? #
Despite the arrest of its main administrator, the forum is still online. Since the FBI seized their computer equipment, it is easy to imagine the agency attempting to recover access and secrets related to the forum’s technical infrastructure.
An administrator of the forum, Baphomet, has spoken out about this arrest. He claims to take over the forum and wants to keep it going. He assures that he has the necessary access to maintain the infrastructure and has already deactivated pompompurin’s old accounts.
As often is the case, the hydra has many heads but dies only with difficulty.
