{"id":13860,"date":"2023-03-20T16:25:06","date_gmt":"2023-03-20T16:25:06","guid":{"rendered":"https:\/\/gridinsoft.com\/blogs\/?p=13860"},"modified":"2023-03-22T03:10:53","modified_gmt":"2023-03-22T03:10:53","slug":"breachforums-shutdown","status":"publish","type":"post","link":"https:\/\/gridinsoft.com\/blogs\/breachforums-shutdown\/","title":{"rendered":"BreachForums is down. Things got worse?"},"content":{"rendered":"

Recently, one of BreachForums administrators nicknamed PomPomPurin was arrested by the FBI. That event took place on March 17, 2023<\/strong>, and since then, another administrator of that forum assured that BreachForums activity will not be interrupted or influenced. However, since 19:00 GMT of March 19, the page is not available<\/strong>.<\/p>\n

What is BreachForums and who is PomPomPurin?<\/h2>\n

BreachForums is one of the biggest online communities dedicated to hacking, data leaks, malware and so forth. It goes deeply beyond the boundaries of legitimacy and is considered one of the Darknet markets<\/a>. It contains numerous offers of leaked data for sale \u2013 mainly from corporations and government organisations<\/strong>. BreachForums also was a place to post bids for access to corporate networks and databases with data of specific groups of people. Despite such illegal content, it was available from the surface Web, yet some sections were Darknet-only<\/a>. The fact that the FBI is interested in stirring this snake ball is estimated.<\/p>\n

On March 17, 2023, one of the administrators of BreachForums, PomPomPurin a.k.a Conor Brian Fitzpatrick was detained<\/strong>. The FBI arrested him in his house<\/a> in Peekskill, NY. That fact was approved by another \u201cchief\u201d of the forum, nicknamed Baphomet. He noticed that Pom did not appear online for over a day without any warning. After that, he banned both the forum account and server infrastructure access of the detainee. Baphomet additionally pointed out that BreachForums’ work will not be interrupted<\/strong>, as he has enough access to maintain the servers. As it turned out, something went wrong.<\/p>\n

\"PomPomPurin
Blocked account that belonged to PomPomPurin<\/figcaption><\/figure>\n

BreachForums website is not available<\/h2>\n

On March 19, 2023, users noticed that BreachForums is not accessible. When trying to access the surface Web version, the server returns 502 error code. It also says \u201cLooks like we have got an invalid response from the upstream server. That\u2019s all we know\u201d<\/strong>. The Darknet version shows an Onionsite Not Found<\/strong> error, which generally stands for the situation when servers that were holding the website<\/a> are not operating. At a glance, it looks like the FBI proceeded from PomPomPurin detainment to seizing the servers.<\/p>\n

\"Breached
Error returned by the Onion version of BreachForums<\/figcaption><\/figure>\n

Baphomet claimed that there is no danger of the FBI taking over the infrastructure, both physically and technically. Nonetheless, after the BreachForums shutdown, he reappeared with another message. It says that currently Baph does his best to migrate the servers and reconfigure everything<\/strong> as quickly as possible. He also tries to give no chance for law enforcement to reveal it.<\/p>\n

\"BreachForums
Baphomet message regarding ongoing works<\/figcaption><\/figure>\n

That contrasts with his claims in the forum post, where he says about doing constant monitoring of logs to uncover anything that may be a sign of infrastructure compromise. If he suddenly decided to migrate the infrastructure \u2013 probably the FBI found a way to access it despite the blocks deployed by Baphomet<\/strong>. Another possible cause is that Pompompurin was pretty talkative, especially considering the possible softening of punishment for cooperation.<\/p>\n

\"Baphomet
Message that Baphomet posted as soon as the information about the detainment appeared<\/figcaption><\/figure>\n

This or another way, BreachForums is likely entering troubled times. Even if the migration ends up successful, law enforcement may still be on the trail. Possibly, Baphomet is the next to face nice men in uniform<\/strong> \u2013 just because of his decision to take over the forum controls. Still, nothing points to the impossibility of the Breached Forums returning and running in a usual manner \u2013 as if nothing happened.<\/p>\n

Update for 21.03.2023<\/h2>\n

A message in the BreachForums Telegram channel appeared, claiming that Breached Forums will not be continued<\/strong>. The channel that most likely belongs to the aforementioned Baphomet, posted the following message:<\/p>\n

\"Baphomet
Baphomet’s post in Telegram community<\/figcaption><\/figure>\n

“I will be taking down the forum, as I believe we can assume that nothing is safe anymore”<\/strong>. That already says a lot regarding what happened to Breached Forums after the PomPompurin detainment. Though Baphomet still has a bit of hope, saying that he will establish another Telegram group, where he will notify about possible betterment.<\/p>\n

Even more interesting details appear in the text file that Baph offers to download. It finally sheds light on the FBI\u2019s part in this action. It says that Baph detected login activity on one of the non-essential servers on March 19, 2023<\/strong> \u2013 two days after Pom\u2019s arrest. Thus it is logical to assume that law enforcement succeeded at taking over PomPomPurin’s computer and accessing it. The server contained enough information to compromise source code, user information, configurations and other things<\/strong>.<\/p>\n

\"Baphomet
Baphomet’s final statement regarding BreachForums<\/figcaption><\/figure>\n

BreachForums epitaph<\/h2>\n

It is not completely clear whether Baphomet will use assets from BreachForums or not. He states that a number of other hacker forums\u2019 admins and representatives contacted him, offering certain deals. Baph promises \u201cto build a new community that will have the best features of Breached\u201d. Yet, by these words, the actor confirms that BreachForums are completely ceased, with no chance to return<\/strong>.<\/p>\n

Breached Forums saw their major boost after the RaidForums shutdown back in April 2022. A huge community of hackers was seeking another place to communicate, and exchange experiences and stolen data. Pom\u2019s brainchild was first on hand<\/strong>. Moreover, he was brave enough to post an offer to join his forum right under the FBI\u2019s Twitter post regarding the RaidForums shutdown.<\/p>\n

\"Pompompurin<\/p>\n

Will the hacker community suffer because of such a loss? Most probably, other hacker sites will witness a spike in activity \u2013 nature always abhors a vacuum<\/strong>. Another edge of the “problem” is a slowdown in hacker operations: there is no usual place to sell the stolen and buy the needed access or applications. Nonetheless, they will definitely adapt to the situation, and we will see the outcome in the near future.<\/p>\n

\"BreachForums<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Recently, one of BreachForums administrators nicknamed PomPomPurin was arrested by the FBI. That event took place on March 17, 2023, and since then, another administrator of that forum assured that BreachForums activity will not be interrupted or influenced. However, since 19:00 GMT of March 19, the page is not available. What is BreachForums and who […]<\/p>\n","protected":false},"author":7,"featured_media":13861,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"content-type":"","_sitemap_exclude":false,"_sitemap_priority":"","_sitemap_frequency":"","footnotes":""},"categories":[15],"tags":[1221,619,416,123],"class_list":{"0":"post-13860","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security-news","8":"tag-breachforums","9":"tag-cybersecurity","10":"tag-darknet","11":"tag-fbi"},"featured_image_src":"https:\/\/gridinsoft.com\/blogs\/wp-content\/uploads\/2023\/03\/breachedforums-shutdown.webp","author_info":{"display_name":"Stephanie Adlam","author_link":"https:\/\/gridinsoft.com\/blogs\/author\/adlam\/"},"_links":{"self":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/13860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/comments?post=13860"}],"version-history":[{"count":6,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/13860\/revisions"}],"predecessor-version":[{"id":13889,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/posts\/13860\/revisions\/13889"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media\/13861"}],"wp:attachment":[{"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/media?parent=13860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/categories?post=13860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/gridinsoft.com\/blogs\/wp-json\/wp\/v2\/tags?post=13860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}