The cybercriminal behind BreachForums was this week arrested for violating the terms of his pretrial release and will now be held in custody until his sentencing hearing.
He was granted pretrial release on a $300,000 bond under a number of conditions, which included not using a computer without monitoring software controlled by the pretrial services office, and using a VPN, both of which he was arrested for violating.
He will now be held in custody until he attends his separate court appearances, for breaching his pretrial agreement and his main sentencing hearing.
The other conditions of his pretrial release prevented him from any contact with minors other than his own sibling unless supervised by an adult familiar with his offense, visiting cybercrime-related websites, registering new domains or creating new websites, seeking employment, or enrolling in educational programs.
For each of his two access device fraud charges, Fitzpatrick faces a maximum prison sentence of 10 years, a fine of $250,000, full restitution for victims, and forfeiture of assets.
The latter includes proceeds generated from his crimes amounting to at least $698,714, all cryptocurrencies, property, registered domains, electronic hardware, and any owned child sex abuse material or fraud-related assets.
The child sex abuse material charge attracts a maximum sentence of 20 years in prison and a further $250,000 fine, as well as the requirement to be added to the sex offenders register.
Fitzpatrick's sentencing hearing was originally scheduled for November 17, 2023, but was pushed back at the request [PDF] of his legal representatives after a psycho-sexual expert said they were unable to complete their evaluation of Fitzpatrick in time for the hearing due to a large workload. It has now been moved to January 19 [PDF].
FBI pumps 'significant' resources into snaring data-theft crew Strangely enough, no one wants to buy a ransomware group that has cops' attention Get your very own ransomware empire on the cheap, while stocks last Cybercrim claims fresh 23andMe batch takes leaked records to 5 million.
BreachForums was created by Fitzpatrick shortly after the fall of similar site RaidForums, which was taken down by law enforcement in 2022 after six years in operation.
According to Fitzpatrick's plea deal [PDF], he controlled the BreachForums site for at least a year between March 2022 and 2023, along with other admins.
It also hosted tutorials that educated users on how to execute other types of cybercrime, and Fitzpatrick himself was said to have acted as a trusted middleman offering an escrow service to forum users wishing to exchange information for money.
According to a forum post made by Fitzpatrick in 2022, picked up by prosecutors, he claimed to have handled more than $430,000 in such escrow activities.
Among the most notable leaks hosted on BreachForums were the personal information of 200 million Twitter users, the plea deal said without naming Twitter explicitly, and the details about members of the InfraGard critical infrastructure partnership between the FBI and private sector companies in 2022.
Today, BreachForums still exists under a new domain and is thought to be run by the criminal known as Baphomet, Fitzpatrick's closest ally during the period in which he ran the forum.
Following the original takedown in 2023, a litany of copycat sites emerged attempting to piggyback off the popularity of the BreachForums brand, though many at the time were wary of them potentially being controlled by the FBI to catch additional criminals.
Authorities have been known to carry out these kinds of operations in the past, such as the case with the dark web market Hansa in 2017, which ultimately led to hundreds of arrests.
This Cyber News was published on go.theregister.com. Publication date: Fri, 05 Jan 2024 15:13:04 +0000