BreachForums
First of all what the hell is breachForums. BreachForums is a “Hacking” (well not exactly hacking but you get it lol) Forum really similliar to RaidForums who also got shutdown by the FBI, who's admin also similarly got caught because of bad OpSec.
Remember that “bjorka” debacle yeah they sell the hacked databases on BreachForum
OpSec
Soo what the hell is OpSec? Well lets ask ChatGPT about it.
OpSec stands for Operational Security. It is the process of identifying and protecting sensitive information, operations, and assets from being compromised by potential threats.
basically you prevent the spreading of the sensitive information, in this case you preventing the spreading of your personal information cause you know.. you can get doxxed and stuff
How does Pompompurin got cought
For someone running a hacking forum you must thinking he must be a professional or at least have some OpSec skills right. Well, The recent document was released.. its high likely Pompompurin had no opsec at all, lets go through the critical parts of it.
1. Logging in with his real IP
Anyway the document shows that he logged in to RaidForums as well as BreachForums with his own IP Without using any kind of proxy/VPN.. which is very critical
50. In reviewing the RaidForums logs, the FBI determined that the pompompurin user
account was accessed from the following IP addresses that resolve to Verizon Communications:
— -
51. Records received from Verizon, in turn, revealed that at least nine of the above IP addresses3 used to access the pompompurin account on RaidForums were, at the time, associated with the following mobile devices registered to “Conor Fitzpatrick” at the UNION PREMISES
with a cell phone number ending in 3144 (“the 3144 Verizon Telephone Number”).
— -
2. Using the same email address everywhere
you know if u using the same email adress everywhere, people will eventually found out right? well thats exactly what it is
On RaidForums the registered email adress of Pompompurin’s was “pompompurin@riseup.net”. Well He also used the same email address to register to a Zoom account lol.
64. For instance, on or about March 7, 2022, records received from Google showed that the conorfitzpatrick2002@gmail.com Google account was accessed from IP address 89.187.181.117 on or about March 7, 2022. IP address 89.187.181.117 was owned by Datacamp Limited.
However, a query of this IP address on Spur.us, in turn, revealed that this IP address was actually used by the VPN provider IVPN at the time. According to records from Zoom, this IP address was used the following day, on or about March 8, 2022, to log into a Zoom account under the name of “pompompurin” with an e-mail address of pompompurin@riseup.net.
The pompompurin@riseup.net email address is notable because, at the time of the Zoom account’s creation, it served as pompompurin’s registration email address on RaidForums, per records obtained by the FBI in that investigation.
3. Using his real name and email address while talking with RaidForums Administrator
Another blunders he did was in a conversation between him and “omnipotent” on point 52 states:
52. The RaidForums records also contained the following communication between pompompurin and omnipotent on or about November 28, 2020, in which pompompurin specifically mentions to omnipotent that he had searched for the e-mail address conorfitzpatrick02@gmail.com and name “conorfitzpatrick” within a database of breached data from “ai.type”
The original conversation mentioned in the document is as follows:
[Quoting “pompompurin”:]
Hello, I’m sorry to bother you with this but I noticed recently that the ai.type databreach post doesn’t seem to include every user (?) at least to my understanding. Looking up one of my old emails on HIBP, I come up as in it, but I cannot locate myself in the file provided at https://raidforums.com/Thread-ai-type-Database-Leaked-Download ExclusiveIt seems that maybe it is only a partial amount of data from it? I was under the impression that it was the full amount of data from looking at the thread as I didn’t see any mention of it only being “some” of the data from the breach.
Not messaging to ask for credits back or anything, because I wanted it anyways, I just wanted to let you know that it doesn’t seem to be the full amount of data and that the thread doesn’t seem to communicate that it isn’t the full one. Thanks ;)
[Quoting “Omnipotent”:]
What email did you look up and how?[Quoting “pompompurin:]
Apologies for late reply, here is another email that I found to be present on HIBP, but not inside of the file provided on the thread ( I don’t want to share my actual email for obvious reasons, but this email seems to have the same case as mine): conorfitzpatrick02@gmail.com
https://a.pomf.cat/vvxevp.png (backup: https://archive.is/uYiTq )
That’s actually funny. He said “I don’t want to share my email” and yet proceeds on giving out a very critical information about himself.
For anyone wanting to read the whole document, here’s the link
https://storage.courtlistener.com/recap/gov.uscourts.vaed.535542/gov.uscourts.vaed.535542.2.0.pdf
orr just read it from dread.
