According to court documents, Pompompurin pleaded guilty of three charges: possession of child pornography, unauthorized solicitation of access device fraud, and conspiracy to commit access device fraud.
The court statement reveals that Fitzpatrick knowingly possessed and attempted to possess explicit visual depictions involving minors.
These depictions were transported using various means of interstate and foreign commerce, including computer networks.
Pompompurin pleaded guilty after the FBI amassed evidence came including the discovery of videos on his laptop that depict sexually explicit conduct by prepubescent minors and children below the age of 12.
The charges leveled against him are in direct violation of Title 18, United States Code, Sections 2252(a)(4)(8) and (b)(2).
Pompompurin pleaded guilty: From investigation to arrest
The event gained momentum in March 2023 when the U.S. Justice Department announced the arrest of Pompompurin on charges of conspiracy to commit access device fraud.
The allegations centered around his supposed facilitation of the sale and purchase of stolen data through the BreachForums platfoarm.
FBI undercover agents successfully made several purchases of stolen data, including sensitive information from various entities such as internet hosting and security services companies, investment firms, healthcare providers, and individual victims.
The charges shed light on the significant impact of cybercriminal activities on the privacy and security of millions of individuals and numerous organizations.
The investigation into Fitzpatrick’s involvement in BreachForums was a meticulous process that relied on digital tracking.
Law enforcement agencies obtained vital pieces of evidence, including IP addresses associated with Fitzpatrick’s online presence, records from Google, and information from cryptocurrency exchange Purse.io.
Collectively, these sources established a clear link between Fitzpatrick and his online persona, “Pompompurin.”
The evidence presented included IP addresses, email accounts, online registrations, and digital footprints that pointed to Fitzpatrick’s alleged participation in the forum’s operations.
Charges on Pompompurin
The ongoing event surrounding Fitzpatrick and the BreachForums platform carries substantial implications across various domains:
The case underscores the pervasive and constant threat of cybercrime to data privacy. Fitzpatrick’s arrest and subsequent guilty pleas serve as stark reminders of the need for robust cybersecurity measures to safeguard sensitive information from unauthorized access, data breaches, and exploitation.
The charges brought against Fitzpatrick for possessing and attempting to possess explicit material involving minors came as a surprise. However, several other breached data forums have also been spotted circulating explicit material.
Most importantly, the arrest and subsequent closure of BreachForums have significantly disrupted the cybercriminal underground and its networks.
While successor platforms may emerge, the law enforcement efforts to dismantle such forums act as strong deterrents and disrupt illegal activities.
BreachForums and alternatives
In mid-June, former Breached member “Baphomet” announced the launch of a new breached data forum called BreachForums.
The move came close to a significant database leak from the infamous RaidForums, which was seized in April 2022 following the arrest of its administrator, Omnipotent.
The announcement of BreachForums also coincided with the abandonment of Exposed, another forum, which publicly leaked the RaidForums’ database.
Baphomet assumed the BreachForums admin role after Fitzpatrick aka Pompompurin was arrested by the FBI.
In March 2022, the Telegram Group “Breach Forums,” administered by Baphomet, attracted close to 20,000 subscribers shortly after the arrest of Pompompurin.
Additionally, a hacker claiming to be a former Anonymous member announced a BreachForums alternative called kkksecforum, although the website is currently inaccessible.
In the meantime, BreachForums clones like Pwnedforums unsuccessfully strived to catch users, but they all were suspected to be DDoS honeytraps.
During the same period, UK law enforcement officials uncovered a network of cyber criminals involved in DDoS-for-hire schemes, caught in their attempt to attack a honeypot system.
German police also conduct a raid on FlyHosting, a web hosting company known for aiding cybercriminals in DDoS attacks and malware distribution, as part of an ongoing investigation into cybercrime activities.