The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN.
The BreachForums admin, Conor Fitzpatrick, was arrested on March 15th, when he openly admitted without a lawyer present that he was a threat actor known as Pompompurin, who was the admin of the defunct BreachForums hacking forum.
Pompompurin has been a well-known threat actor in a cybercriminal community devoted to breaching companies and selling or leaking stolen data through forums and social media. He was also a high-profile member of the RaidForums cybercrime forum.
After the FBI seized RaidForums in 2022, Pompompurin created a new forum named ‘BreachForums,’ which was used to continue leaking stolen data.
Fitzpatrick was charged with the theft and sale of sensitive personal information belonging to “millions of U.S. citizens and hundreds of U.S. and foreign companies, organizations, and government agencies.”
Fitzpatrick was released one day later on a $300,000 bond and under various pretrial conditions, including not visiting the BreachForums website or having contact with any BreachForums users or co-conspirators unless supervised by counsel.
Later orders by the court added additional pretrial release conditions, including:
- “The defendant shall not access a computer and/or the internet unless a computer monitoring program has been installed by the pretrial services office. The defendant shall consent to the installation of computer monitoring software on any computer to which the defendant has access. Installation shall be performed by the pretrial services officer. The software may restrict and/or record any and all activity on the computer, including the capture of keystrokes, application information, internet use history, email correspondence, and chat conversations.”
- “The defendant shall not access any websites or accounts focused on breached, leaked or stolen data, computer hackling, security research, malware, computer programming, domains, cybercrime, online Case 1:23-cr-00119-TSE Document 38 Filed 07/13/23 Page 1 of 2 PageID# 187 obfuscation, or computer networking, without prior approval of probation.”
- “The defendant shall not use any tools for obfuscating his identity, such as virtual private networks (VPNs), the onion router (Tor), or proxies.”
In a Waiver of Speedy Presentment signed by the defendant in the Southern District of New York, it was disclosed that Fitzpatrick was arrested on January 2nd for violating the conditions of his pretrial release.
“I was arrested today in connection with a Petition submitted to United States District Court Judge T.S. Ellis, III by Supervising U.S. Probation Officer Kimberly Hess,” reads the court document.
“I understand that the petition alleges certain violations of the conditions of my pretrial release, including use of a computer without the required monitoring software and access to VPN services.”
Fitzpatrick will remain in custody until presented to a court in the Eastern District of Virginia.