US charges 20-yr-old head of hacker site BreachForums
Stay tuned with 24 News HD Android App
The US Justice Department said Friday it had charged the founder of BreachForums, a major underground website for computer hackers that had published large amounts of data stolen from Twitter.
Conor Brian Fitzpatrick, 20, of Peekskill, New York, was charged with hacking conspiracy for running BreachForums, which the Justice Department said claimed to have more than 340,000 members.
The forum was shut down on Tuesday, just days after Fitzpatrick -- known online as pompompurin -- was arrested on March 15.
For the past year BreachForums has been one of the leading dark web hacker sites, a virtual marketplace for people to buy, sell and trade hacked or stolen data.
It had filled the role played by another such marketplace, RaidForums, seized by US authorities in April 2022.
BreachForums, like its predecessor, offered bank account information, social security numbers, other personally identifying information and means of identification, hacking tools, breached databases, login information for compromised online accounts, and hacking services for hire, the Justice Department said.
On January 4, a BreachForums user posted the names and contact information for around 200 million members of a US social network, the Justice Department said.
A number of specialist websites on computer security identified the information as having come from Twitter.
Weeks earlier, another released the details of nearly 88,000 members of InfraGuard, a partnership between private companies and the FBI focused on protecting critical infrastructure.
According to a court filing, Fitzpatrick admitted to the FBI that he owned and administered BreachForums and previously had an account on RaidForums.
He called himself a middleman and earned up to $1,000 a day, it said.
"Today, we continue our work to dismantle key players in the cybercrime ecosystem," said Deputy Attorney General Lisa Monaco in a statement.
Fitzpatrick was charged with one count of conspiracy to commit access device fraud, which can bring up to five years in prison.