“We have established the community once again, at BreachForums This is our only domain, no other domains should be trusted,” said letter by ‘Baphomet’, posted on Telegram.
The individual who used the alibi Baphomet had assumed the Breached admin post following the arrest of Conor Brian Fitzpatrick, also known as ‘Pompompurin’.
BreachForums: Work goes ahead as planned
In the recent letter, Baphomet sought to clarify the situation and reaffirm the legitimacy of the revived BreachForums.
Addressing the discrediting attempts, Baphomet points out that the old domains were taken over shortly after Pompompurin’s arrest and are now under the control of a different group.
Baphomet asserted that neither they nor Pompompurin have access to these domains at present. The timing of the disinformation campaign was noted as suspicious, with Baphomet suggesting a deliberate attempt to undermine the credibility of the revived community.
“The old PGP-signed message – where I say the forum won’t be coming back is a bit out of context,” claimed Baphomet.
“That was sent out a week after Pom’s arrest, and I was worried about a situation similar to RF where the site comes back under the same domain and attempts to trick users into entering their information or setting up some type of honeypot.”
Baphomet clarified that circumstances have changed since then, and recent collaboration with an individual named Shiny prompted the revival of BreachForums.
While the revived BreachForums presents a promising opportunity for its loyal users, Baphomet continued warning against an “ongoing campaign against the community” and a “disinformation campaign” without giving the details.
BreachForums and Breached alternatives
After the arrest of Conor Brian Fitzpatrick, also known as ‘Pompompurin,’ BreachForums, which had 336,800 members, shut down, leaving users to find alternative platforms.
However, efforts to revive the forum yielded little results, resulting in mixed reactions among users who migrated to other cybercrime forums.
One of those forums, Exploit, saw disgruntled members expressing their dissatisfaction with the influx of “e-migrants” from BreachForums.
Following Pompompurin’s arrest, the Telegram Group “Breach Forums,” managed by Baphomet, gained nearly 20,000 subscribers in March 2022.
Moreover, a hacker claiming to be a former member of the hacktivist group Anonymous, using the Twitter handle @_pirata18, announced the creation of an alternative to BreachForums called kkksecforum on March 27, although the website is currently inaccessible.
Another platform called Pwnedforums quickly gained attention, with some aspiring members publicly sharing doxed data.
A Twitter user with the handle @solminingpunk posted a list of emails, while another user named @notdan warned against reporting, suggesting that the doxed data could serve as useful evidence for federal authorities.
Similar to other new alternatives to BreachForums, Pwnedforums faced the challenge of proving that it was not a DDoS honeytrap.
A person under the alias ‘Sinistery’, claiming to be Pwnedforums admins, addressed these concerns in a post on April 1, emphasizing that Pwnedforums was an independent platform to “foster open discussion” and the “exchange of hacking knowledge”.
Around the time of BreachForums’ closure, UK law enforcement officials discovered a network of thousands of cyber criminals involved in DDoS-for-hire schemes.
These criminals were apprehended while attempting to attack a honeypot system set up by law enforcement agencies as a trap for cyber criminals.
In a separate incident, German police conducted a raid on FlyHosting, a web hosting company known for providing services to cybercriminals engaged in DDoS attacks and malware distribution.
The raid, carried out in early March, was part of an ongoing investigation into cybercrime activities. FlyHosting was allegedly involved in offering bulletproof hosting, which enables illegal activities to persist without being taken down by authorities.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
