BreachForums administrator detained after violating parole

Siva Ramakrishnan
The administrator behind defunct cybercrime haven BreachForums was arrested after violating his parole, according to court documents filed this week.

The administrator behind defunct cybercrime haven BreachForums was arrested after violating his parole, according to court documents filed this week.

Conor Brian Fitzpatrick was arrested on January 2 by FBI officers after officials told a judge that he had violated his parole by using a computer and VPN services without the required monitoring software enabled.

The 21-year-old originally was arrested last March at his parent’s home in Peekskill, New York, for his role in running BreachForums — one of the most visited cybercrime forums available to those looking to sell or purchase stolen data.

During his arrest, the FBI said the 21-year-old Fitzpatrick admitted to being BreachForums’ leading administrator “pompompurin,” and in July he pleaded guilty to three charges related to his operation of the site and to having child pornography on one of his devices.

He remained free on a $300,000 bond as he awaited sentencing — which was originally scheduled for November 17 but was moved to January 19. In May, Fitzpatrick attempted suicide, and his lawyers filed documents in October asking for the sentencing date to be pushed back because they wanted experts to “evaluate various aspects of Mr. Fitzpatrick’s mental health.”

When Fitzpatrick first agreed to the plea deal, the court provided a strict list of things he was not allowed to do, including accessing a computer without a computer monitoring program installed by court officials. The software both restricted access to some sites and recorded all activity on the device.

He was also banned from communicating with anyone under the age of 18 and from accessing any websites related to stolen data or hacking. He was not allowed to use VPNs, the Tor browser, or proxy services. He was allowed to travel for doctor’s visits.

On Tuesday, Fitzpatrick appeared before Magistrate Judge Judith C. McCarthy after his arrest and acknowledged the violations of his pretrial release.

“The defendant waived speedy presentment and presentment in this district and will be immediately transported to the Eastern District of Virginia by FBI agents to be presented before a United States Magistrate Judge in that district,” the court documents said.

Fitzpatrick is facing decades in prison for his years of involvement in several high-profile hacking scandals. The first two hacking charges carry a 10-year maximum sentence and the child pornography charge carries a 20-year sentence.

The plea agreement says he “knowingly possessed approximately 26 files containing visual depictions of minors engaged in sexually explicit conduct.”

All three charges come with significant fines and Fitzpatrick has agreed to forfeit his assets. While the plea agreement means Fitzpatrick will not face more charges in the Eastern District of Virginia, the agreement does not give him immunity from prosecution in other states.

If or when he is released, he will be forced to sign up for the sex offender registry.

Fitzpatrick’s plea agreement confirmed that he helped run BreachForums from March 2022 to March 15, 2023 — which in turn helped others market stolen payment card data, bank routing and account numbers, Social Security numbers, login credentials and more.

The Justice Department said BreachForums facilitated access to the sensitive personal information of millions of U.S. citizens.

The agreement references several specific cases, including a headline-grabbing post on December 18, 2022, concerning stolen information on 87,760 members of InfraGuard, a partnership between the FBI and private sector companies focused on the protection of critical infrastructure.

It also notes Fitzpatrick’s role in the sale of sensitive data stolen from Washington, D.C.’s healthcare marketplace, one used by members of Congress. He also obtained “videos depicting prepubescent minors and minors who had not attained 12 years of age engaging in sexually explicit conduct.”

The domain of BreachForums was seized last June and while other administrators tried to revive it, the effort was eventually abandoned.

CybercrimeNewsPeople
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Jonathan Greig is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

US military’s Cyber National Mission Force gets a new chief

Next Post

In AirTags stalking lawsuit, federal judge says Apple likely negligent

Related Posts

Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client

Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor to open a VPN session with that of a targeted user. The networking equipment company described the vulnerability, tracked as CVE-2024-20337 (CVSS score: 8.2), as allowing an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF
Avatar
Read More

Chinese Hackers Exploiting Ivanti VPN Flaws to Deploy New Malware

At least two different suspected China-linked cyber espionage clusters, tracked as UNC5325 and UNC3886, have been attributed to the exploitation of security flaws in Ivanti Connect Secure VPN appliances. UNC5325 abused CVE-2024-21893 to deliver a wide range of new malware called LITTLELAMB.WOOLTEA, PITSTOP, PITDOG, PITJET, and PITHOOK, as well as maintain persistent
Jason Macuray
Read More