How the Rise and Fall of BreachForums Impacts Cybersecurity – Security Intelligence

admin on May 10, 2023 Leave a Comment

In mid-March 2022, the underground cyber forum BreachForums quietly made its debut. Within a year, the platform became one of the most prolific cyber crime forums in history.

According to the FBI, BreachForums illegally posted hacked data pertaining to nearly 14 billion people globally. It hosted breaches that included data related to 7 million Robinhood customers, 23 terabytes of Shanghai National Police data and, more recently, 56,000 records from the D.C. Health Benefit Exchange Authority. The D.C.-based hack exposed the personal details of Congress members, their families, staff and tens of thousands of other Washington area residents.

The meteoric rise of BreachForums came to an abrupt halt on March 15th with the arrest of Conor Fitzpatrick, 20, of Peekskill, New York. From his parents house, Fitzpatrick allegedly operated the forum and went by the username pompompurin.

Now that BreachForums is down, what will take its place and when?

According to a DOJ press release, BreachForums was a marketplace for cyber criminals to buy, sell and trade hacked or stolen data and other contraband. Data commonly sold on the platform included bank account information, social security numbers, other personally identifying information (PII), hacking tools, breached databases, services for gaining unauthorized access to victim systems and account login information for compromised online accounts.

The BreachForums operator, Conor Fitzpatrick has been accused of victimizing millions of U.S. citizens and both domestic and foreign entities, including companies, organizations and government agencies. Among the stolen data sets were ones that contained sensitive information belonging to customers of telecommunication, social media, investment, health care and internet service providers.

In one instance, a user on BreachForums uploaded the personal details and contact information of around 200 million Twitter users. Another leak disclosed information on 87,760 members of InfraGard, which is a partnership between private sector firms and the FBI aimed at protecting critical infrastructure.

BreachForums predecessor was RaidForums, which launched in 2015 and was shut down in April 2022 with the arrest of its founder and administrator. According to threat intelligence, RaidForums contained more than 530,000 registered members and was a powerful tool for low to mid-level cyber criminals. RaidForums attackers bought and sold information stolen from UK companies related to credit cards, bank accounts, usernames and passwords.

The RaidForums lifespan ran from 2015 to April 2022. Meanwhile, BreachForums started operations in March 2022.

According to CyberScoop, BreachForums started out slow. But after about six months, the forum built a vibrant community, and posters developed known personalities and brands. BreachForums entrenched itself as a mid-tier source of stolen data in the global cyber crime ecosystem. The forum initially struggled to gain traction, but within months it became the largest English-speaking hacked data broker forum anywhere.

While the takedown of BreachForums is welcome news, its dramatic rise to success tells us something important. News of RaidForums demise was still fresh when BreachForums debuted. Within a year, the new forum exposed 14 billion peoples data.

Its not unusual for law enforcement to be aware of illicit criminal activity but not act upon it right away. If they shut things down too fast, the big fish perpetrators might get away. Imagine if the feds infiltrated BreachForums, and then one day posted that the platform was under surveillance. Everybody would scatter, and the operators might not be apprehended.

Theres no doubt that threat intelligence was monitoring the forum since thats what they do. However, law enforcement was lurking until it could identify and locate the forums operator.

An FBI affidavit cites Fitzpatricks alleged involvement in data leaks himself. It also highlights his role as a middleman for transactions in the sale of data involving an undercover FBI employee. The affidavit also details security blunders that tied Fitzpatrick to running the site, including data such as IP addresses associated with Fitzpatricks phone and his house, and a personal Gmail address.

How long the feds had this info on Fitzpatrick is anybodys guess. An expert cited by CyberScoop speculated that the D.C. leak involving Congress members personal data may have been the straw that broke the camels back.

Why doesnt someone else just pick up where pompompurin left off? In the wake of Fitzpatricks arrest, Baphomet, a BreachForums staff member, posted a series of statements urging calm, as per CyberScoop. Baphomet claimed the site would continue on. But on March 19, Baphomet said hed seen signs of someone using Fitzpatricks admin accounts to log into a content delivery server after Fitzpatricks arrest. This suggested that nothing can be assumed safe, whether its our configs, source code or information about our users the list is endless. Therefore, BreachForums was shut down forever.

Some security experts predict that cyber actors will be scrambling to find a new home now that BreachForums has been taken down. But if it evolved so quickly and had such a wide-ranging impact, whats to prevent another forum from taking BreachForums place within months? It would not be a surprise if one is already in the works.

Nevertheless, the dramatic fall of BreachForums will have a major impact on the cyber crime community. Threat actors looking to sell data will have to find a new marketplace. And threat researchers who track illicit activity will have to cast new nets looking for risk patterns. Part of threat intelligence includes curating information from darknet forums to know what threat actors are talking about.

The BreachForums story underlines the need for solid threat intelligence. Underground cyber forums arent going away soon. Meanwhile, threat intelligence drills into understanding how threat actors think, strategize and strike. This knowledge then enables prevention, detection, response and recovery strategies.

Freelance Technology Writer

Jonathan Reed is a freelance technology writer. For the last decade, he has written about a wide range of topics including cybersecurity, Industry 4.0, AI/ML...

Continue Reading

More here:
How the Rise and Fall of BreachForums Impacts Cybersecurity - Security Intelligence

Related Posts
Posted in Internet Security

Comments are closed.