Conor Brian Fitzpatrickthe owner of the now-defunct BreachForums website, has pleaded guilty to charges related to operating a cybercrime forum as well as possessing child pornographic images.
Development, first time reported by DataBreaches.net last week, comes nearly four months after Fitzpatrick (aka Pompompurin) was formally charged in the US with conspiracy to commit fraudulent access devices and possession of child pornography.
BreachForums, launched in March 2022, operates as an illegal marketplace that allows its members to trade hacked or stolen databases, allowing other criminals to gain unauthorized access to target systems. It closed in March 2023 shortly after Fitzpatrick’s arrest in New York.
An estimated 888 databases consisting of 14 billion individual records have been discovered in total. The forum had more than 333,000 members before being deleted.
“BreachForums’ purpose, and Fitzpatrick’s intention in operating the forum, was to commit and aid and abet in the trading of stolen or hacked databases containing, inter alia, access devices, and posting solicitations to offer databases containing access devices,” according to court documents .
The 20-year-old man faces a maximum jail sentence of up to 40 years, with a fine of $750,000. He is scheduled to be sentenced on November 17, 2023.
News of Fitzpatrick’s plea agreement comes as the Spanish National Police caught a Ukrainian citizen is wanted internationally for his involvement in the fraud scare operation spanning from 2006 to 2011 and evading arrest for over a decade.
It also follows the sentencing of Ashley Liles, a 28-year-old former IT security analyst, to three years and seven months in prison for trying to extort her employer during a ransomware attack in 2018.
Protecting Against Insider Threats: SaaS Master Security Posture Management
Worried about insider threats? We are here to help you! Join this webinar to explore practical strategies and secrets to proactive security with SaaS Security Posture Management.
Liles, from Hertfordshire, is said to have altered the original ransom email and changed the payment address provided by the original attacker in an attempt to divert the ransom payment to himself. He previously pleaded guilty in April 2023.
“Liles and others are working closely with the police to investigate the incident,” said the South East Regional Organized Crime Unit (SEROCU). said in a press release.
“Using the information he learned from this, Liles initiated a secondary attack against the company. He accessed a senior board member’s email more than 300 times and changed the attacker’s original email address to a nearly identical email address.”