Cybercrime community general thread
(featuring Breachfroums and Onniforums)
Recently there has been some interesting happenings in Cybercrime community which wasn't really discussed on kiwifarms, which is why I'm making this thread. A couple of things to note here: 1)This is not a lolcow community thread (well not yet) ; 2) While the op will be focusing on the major dramas, the thread is intended to discuss any people or website tied to cybercrime, big and small, that get involved in any notable dramas
RaidForums was a forum dedicated to a number of things. The most popular of which being selling and buying sensitive data such as customer records, proprietary source code and personal information like credit card numbers that got leaked or hacked from various companies throughout the years. It is believed that approximately 10 billion customer records have been sold through this website. The owner Diogo Santos Coelho, aka Omnipotent started this forum in 2015 when he was only 14 years old to make his own raiding platform, but as it slowly grew in size forum became home to selling, buying and leaking all sorts of data.
Portugese ID card of Diogo Santos Coelho shared by the US DoJ
Raidforums.com was one of the largest clearnet hacking forums. For instance, LinkedIn’s scraped databases containing billions of user records were leaked on Raidforums.com. Facebook’s 500 million scraped users database from 106 countries was also leaked on the same forum for free.
Raidforums.com was having connectivity issues since the beginning of 2022. On January 30th, 2022, the forum went offline and only came back online on February 12th, 2022 raising concerns if the forum had been infiltrated by law enforcement, which turns out to be true. Law enforcement used Raidforums login screen in the order to harvest data
On April 12, 2022 Raidforums domains (including backups) have been seized and displays the “This Domain Has Been Seized” notice uploaded by the Federal Bureau of Investigation (FBI). After the FBI seized domain a new challenger has emerged and his name was Conor Brian Fitzpatrick, aka Pompompurin. (Kiwifarms account:
@pomp He joined the forum to give his information about Corey Ray Barnhill, a pedophile who worked at Path and almost got Kiwifarms taken down)
Breachforums is cybercrime marketplace owned by Conor Brian Fitzpatrick, aka Pompompurin. The website as an alternative and later successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allowed for the discussion of various hacking topics and distributed data breaches, hacking tools and various other services. Before creating Breachforums Pomp was already a known member on Raidforums, which is why Breachforums was able to grew to later become the new biggest hacker forum. It's also worth noting that Pompompurin also gained notoriety and became a bit of a celebrity for his rivalries with security researchers, the most notable being his frequent and very public clashes with the owner of NightLion security,
Vinny Troia, which stems from
Vinny’s unsuccessful attempts to unmask Purin’s real identity. Purin wasn’t too happy with these attempts and responded by unleashing a multi-year long troll campaign against Vinny,
which included hacking his Twitter account, as well as breaching the National Center for Missing and Exploited children, all in an effort to put out an alert claiming Vinny is a Pedo. But by far his biggest troll was
utilising a vulnerability in the FBI website itself to send thousands of spam emails from a legit FBI email address, warning of fake cyberattacks being perpetrated by Vinny
Pomps trolling
On March 15, 2023 Breachforums admin Connor Brian Fitzpatrick, aka Pompompurin was arrested on charges of of conspiracy to commit access device fraud and bail was set at $300,000 – paid for by his parents. In the wake of Fitzpatrick’s arrest, another BreachForums administrator going by the handle “Baphomet” posted to claim they were
taking ownership of the forum in accordance with an established emergency plan — before having an apparent change of heart and
announcing they had decided to close everything down.
Baphomet said he removed pompompurin’s access to the platform's infrastructure, restricted his account and has been “constantly monitoring” logs to see if any changes have been made to BreachedForums. Pompompurin’s profile shows he last used the site on Wednesday just before 4 p.m.
Unfortunately despite the best efforts the forum was shutdown with the "Final update"
But after all of this out of nowhere on June 13, 2023 fter 3 months offline, it is revived by a hacker group called
ShinyHunters. This is was extremely confusing due to the fact that the "Last update on Breachforums" stated that it's basically over and it's shutting down
ShinyHunters are known for hacking into Microsoft, Bonobos, NitroPDF and many others – enough to get an ill fame. Being active since 2020, they quickly gained a considerable number of victims, especially for peaky guys that are not attacking everyone they see
First message on the recovered BreachForums site
When rumours arose earlier this month that Breachforums would return under new management, a lot of people were sussed out. The old breachforums domain still carries the message “Any forums claiming to be "Breached" or "BreachForums" should be used with caution. BreachForums will never return.”
As such some users are questioning whether this new site is really just an FBI controlled honeypot. The best evidence that it isn’t is that PGP signed message from Breachforums’ original admin Baphomet, but this doesn’t rule out the idea that Baphomet was somehow compromised or more likely than him being compromised, perhaps PGP key was sold to someone wanting to reboot the site.
The Data Breach
On June 19, 2023 Dkota, the owner of Onniforums.com, published a data leak of personal information belonging to more than 4,000 registered members
During a disucussion on Telegram, one of the forum’s administrators known as “Weep” confirmed the occurrence of a cyber attack. Weep addressed the members of BreachForums and attributed the data breach to a rival forum called OnniForums, which prides itself as a
dark web forum focused on security and anonymity.
Weep urged the forum members to reset their passwords and disclosed that the breach was facilitated by exploiting a zero-day vulnerability in MyBB. It is important to note that the BreachForums had been offline since the early morning of Monday, June 19th, 2023, but at the time of writing, the forum was back online.
Meanwhile, tweets allegedly from the official Twitter account of OnniForums have claimed responsibility for the attack. Another tweet from the same forum’s handle asserts their involvement in breaching another hacker forum known as “Exposed.” Notably, in May 2022, a partial database containing details of 460,000 members from the
now-seized RaidForums was leaked on ExposedForum.
The compromised information includes the following:
- Login keys
- Usernames
- Email addresses
- IP addresses
- Password hashes
- Registration dates
- Members’ last visits and posts
- Number of posts and, last activity
- Social media handles with profile links and more
Emails, IP address and other data analysed by Hackread.com
The owner of Breachforums - ShinyHunters wasn’t too happy, and was forced to post an apology to his users, and accused dkota of “Clout chasing”.
Let’s not forget, after the original Breachforums was shutdown, the FBI harnessed its database of logged ip’s to incriminate Pompompurin. You would’ve thought Breachforums 2.0 would’ve learned lessons from this, and been a bit more careful with its users opsec, but apparently not. But ShinyHunters played down the breach saying those IPs are “mostly just VPN/Tor ips”, and whilst that is technically correct - a cyber intel firm analysed the breach, showing almost a third of breachforums users do actually connect via their original IP. But in fairness, a good chunk of these people will only be visitng the site out of some kind of dark curiosity, like me!
However on June 23, 2023, the domain was actually seized by law enforcement - with it now hosting a seizure banner, and the FBI even went so far as to photoshop little handcuffs onto pompompurin that you saw at the start of the thread
