BreachForums shuts down ... but the RaidForums cybercrime universe will likely spawn a trilogy
Admins decide reviving crime-mart is dangerous, hint at new chapter
BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.
A second admin declared the forum and stolen-data-mart is not "safe," and shuttered it, in a Telegram message on the BreachForums channel posted on March 21, the administrator named "baphomet" also teased a sucessor:
I want to make it clear, that while this initial announcement is not positive, it's not the end. I'm going to set up another Telegram group for those who want to see what follows. You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all.
BreachForums appeared on the dark web shortly after the demise of a similar stolen-data bazaar, RaidForums. The site quickly grew in popularity until the FBI and Department of Homeland Security swooped in to arrest Conor Brian Fitzpatrick, aka pompompurin, last week.
According to court documents [PDF], Fitzpatrick confessed to running the illicit souk.
Initially baphomet – whose identity is not known – had indicated they planned to migrate BreachForums to new infrastructure to keep it running.
Crims do good backups! Who knew?
However, in Tuesday's "final update" the site's admins wrote they "confirmed that the glowies [slang for government agents – ed.] likely have access to Pom's machine" and shutting down the site is the only option.
"I now feel like I'm put into a position where nothing can be assumed safe, whether it's our configs, source code, or information about our users the list is endless," baphomet wrote. "This means that I can't confirm the forum is safe, which has been a major goal from the start of this shitshow."
- Police pounce on 'pompompurin' – alleged mastermind of BreachForums
- BreachForums booms on the back of billion-record Chinese data leak
- FBI and international cops catch a NetWire RAT
- Acer confirms server intrusion after miscreant offers 160GB cache of stolen files
In a Tuesday blog post, Flashpoint security researchers described the site shutdown as a "short-term disruption," but noted it remains unclear what the new forum will look like.
"Baphomet's latest message indicated that the forum will likely relaunch in another format, though it remains to be seen whether this will continue in the spirit of Raid or Breach, or be something new entirely," according to Flashpoint.
"Threat actors will likely continue to have an appetite for breached databases, and it remains to be seen if this can be through an alternative venue, or requires a new forum entirely," it continued.
When asked who or what would likely replace BreachForums, Emsisoft threat analyst Brett Callow told The Register: "I have no idea what will replace BreachForums, but you can bet your bottom dollar that it will be replaced." ®