Administrator of BreachForums pleads guilty and faces up to 30 years in prison

BreachForums Administrator

This week, Conor Brian Fitzpatrick, a renowned former administrator of the infamous cybercrime forum BreachForums, conceded to three charges associated with the site’s operation, placing him in jeopardy of a maximum incarceration period of thirty years.

Fitzpatrick, concurrently one of the founders of the BreachForums, was responsible for the design and construction of its fundamental infrastructure. He hired a dedicated team and registered dozens of domains for this purpose. Fitzpatrick also served as an intermediary in transactions, holding funds in an escrow-like manner, facilitating trades, and verifying purloined data between the parties involved. Reportedly, their operation of the site yielded a minimum of $698,714.

Prior to its shutdown by the FBI, BreachForums was recognized as the world’s largest English-language data leak forum, boasting over 333,000 members, 888 databases, and 14 billion personal records.

Fitzpatrick was apprehended by the FBI at his home in New York in March this year. The 21-year-old hacker admitted his role as the principal administrator of BreachForums, “pompompurin.” The latest court documents revealed that Fitzpatrick eventually admitted to conspiring to commit access device fraud, instigation for the purpose of providing access devices, and possession of child pornography. The first two charges could entail a maximum sentence of ten years each, while the charge involving child pornography could lead to a maximum of twenty years. Each charge also entails a substantial fine.

Fitzpatrick inked a guilty plea agreement on July 10, the statement of which reads: Between March 2022 and March 15, 2023, Fitzpatrick facilitated the operation of BreachForums, thus aiding others in selling a variety of stolen accounts and credentials.

The purpose of BreachForums, and Fitzpatrick’s intent in operating the forum, was to commit and aid and abet the trafficking of stolen or hacked databases containing, among other things, access devices, and the posting of solicitations to offer databases containing access devices,” the plea agreement said.

In particular, Fitzpatrick intentionally ran BreachForums in a manner that made it an attractive marketplace for cybercriminals to frequent in an effort to buy, sell, or trade stolen or hacked access devices. At all relevant times, Fitzpatrick knew and understood that the access devices that BreachForums possessed and helped to traffic were stolen or obtained with the intent to defraud.

Furthermore, while rumors circulate that the hacker forum might be relaunched, the administrator succeeding Fitzpatrick has expressed their intentions to permanently shutter the site, due to concerns about the law enforcement’s deep infiltration.