Small mistakes by the forum owner allowed the FBI to reveal his identity and gain access to the site.
The FBI has confirmed that the Bureau has access to the database of the well-known hacker forum BreachForums (Breached), after the US Department of Justice also officially announced the arrest of the forum's owner.
According to court documents, FBI Special Agent John Longmire revealed that the FBI had a Breached database that helped establish that Fitzpatrick ("pompompurin") was indeed the forum's chief administrator. The conclusions are based on the activity logs and the ISP used by Pompompurine Optimum Online (registered with via the email address "email@example.com").
Law enforcement was also easily able to identify Fitzpatrick's nickname ("pompompurin"). They found a chat between Pompompurine and the owner of RaidForums that the stolen database of the "ai.type" virtual keyboard service did not contain Fitzpatrick's old email address ( firstname.lastname@example.org ), which was shown as "leaked" in a data breach search engine Have I Been Pwned. The FBI was able to see this dialogue after taking over the RaidForums servers and databases in February 2022.
Longmire added that the FBI also found Fitzpatrick's IP address from Optimum Online (184.108.40.206) registered in the BreachForums database. The IP address came to light either because Pompompurin used it once to log into the forum (June 27, 2022), or because Fitzpatrick forgot to use Tor or turn on the VPN.
Also Fitzpatrick used the same IP address to access his iCloud account from his iPhone. Additionally, records obtained from Apple show that Fitzpatrick logged into his iCloud 97 times in nearly 2 weeks.
During his arrest, the defendant also openly admitted that he was the owner of the "pompompurin" BreachForums account. He also admitted to owning and operating BreachForums, and previously operated the "pompompurin" account on RaidForums. Fitzpatrick said he made about $1,000 a day from BreachForums and used that money to run BreachForums and buy other domains.
After the arrest of Pompompurine, one of the forum administrators under the nickname "Baphomet" took over all the powers of Fitzpatrick. The new administrator has disabled the site, moving it to a new infrastructure that is protected from possible compromise by law enforcement. At the time, Baphomet reported that the migration process was slow as the site's specialists attempted to maintain operational security (OPSEC) to prevent law enforcement from tracking their identities.
Baphomet commented on the FBI's claim that the Bureau had access to hacked servers and added that each user had to manage their own OPSEC protection.
“At this point, court documents have made clear what I have been saying all along on Breached – you should not trust anyone to run your own OPSEC,” Baphomet concluded.