The mastermind behind the cybercriminal site BreachForums was arrested last week for violating the terms of his pretrial release, including using a VPN when not permitted to do so.
Conor Brian Fitzpatrick, who was known by the alias Pompompurin, was arrested in March of last year, and in July, he pled guilty to three charges related to the operation of BreachForums.
Those charges were for conspiracy to commit access device fraud, access device fraud (unauthorised solicitation), and possession of child sex abuse material.
Violation of Pretrial Release Conditions: The Use of VPN and Other Charges
He created BreachForums in 2022, shortly after the collapse of RaidForums, which was taken down by law enforcement agencies after six years of operation.
A British man, Diogo Santos Coelho, who was also known by the alias Omnipotent, is currently awaiting extradition to the US in relation to that site.
BreachForums was created as a successor site, and Fitzpatrick has admitted that he ran the site for at least a year and in such a way that it became an “attractive marketplace for cybercriminals” to buy and sell stolen data and to facilitate cybercrime.
It was BreachForums that hosted data leaks such as the personal information of 200 million Twitter users and also the details of members of the InfraGard critical infrastructure partnership which existed between the FBI and private sector companies.
As well as being a marketplace, BreachForums also hosted cybercrime tutorials, and Fitzpatrick even acted as a middleman “offering an escrow service to forum users wishing to exchange information for money”, according to The Register.
Fitzpatrick was released on a US$300,000 bond with various conditions attached. One of these was that he would not use a computer without monitoring software being installed to oversee what he was doing online. Another was that he would not use a VPN.
Consequences and Pending Sentencing: Fitzpatrick’s Legal Battles
He has been arrested and returned to jail on January 2nd after being found to have broken both of those conditions. He will be held in jail until his sentencing, which is scheduled for January 19th 2024.
This was due to take place in November but was delayed at the request of his legal representatives after a psycho-sexual expert was unable to complete an evaluation of Fitzpatrick in time.
Fitzpatrick is facing a long spell in prison. His access device fraud charges carry a maximum sentence of 10 years of incarceration as well as sizable financial penalties and the forfeiture of assets.
The child sex materials charges carry a maximum sentence of 20 years in prison, a fine of US$250,000, and a requirement to register as a sex offender.
It remains to be seen how long Fitzpatrick has to spend behind bars. But, because of his use of a VPN in violation of the terms of his bail, that period will be at least a couple of weeks longer than it needed to be.