Full Report
In March 2023, Conor Brian Fitzpatrick, aka “Pompompurin,” was arrested at his home in New York. As a member of the former RaidForums, and as the owner and active participant in BreachForums, he was charged with one count each of: 18 U.S.C. § 1029(b)(2) and 3559(g)(1) Conspiracy to Commit Access Device Fraud; 18 U.S.C. §... Source
Analysis Summary
# Threat Actor: Pompompurin (Conor Brian Fitzpatrick)
## Attribution & Identity
**Threat Actor:** Conor Brian Fitzpatrick, operating under the alias "Pompompurin."
**Known Aliases and Associated Groups:** Pompompurin was a member of the former **RaidForums** and was the owner and an active participant in **BreachForums**.
## Activity Summary
The article focuses not on specific intrusion campaigns, but on the legal proceedings against Pompompurin for his role in operating criminal forums. He was charged with and pleaded guilty to:
1. Conspiracy to Commit Access Device Fraud (18 U.S.C. § 1029(b)(2) and 3559(g)(1)).
2. Access Device Fraud – Unauthorized Solicitation (18 U.S.C. § 1029(a)(6) and 2).
3. Possession of Child Pornography (18 U.S.C. § 2252(a)(4)(B) and (b)(2)).
His activities centered around the operation of BreachForums, where he and co-conspirators reportedly earned nearly **$700,000**. One victim company suffered the suicide of its CEO linked to the breaches facilitated by his platforms. His initial light sentence was appealed by the government and vacated, leading to a scheduled re-sentencing hearing.
## Tactics, Techniques & Procedures
The provided text focuses on criminal enterprise and financial gain via operating an illicit marketplace, rather than typical espionage TTPs. Specific TTPs mentioned relate to the *consequences* of his role:
- Operating and owning criminal forums/marketplaces (RaidForums, BreachForums).
- Facilitating transactions related to stolen data and illegal materials.
- Financial crimes associated with unauthorized access device solicitation.
- *Note: No specific MITRE ATT&CK IDs are present in the text.*
## Targeting
- **Sectors:** The text mentions impacts on "victim company," implying businesses were targeted or affected by data breaches facilitated through his platforms.
- **Geography:** The arrest and trial occurred in the United States (New York, Fourth Circuit jurisdiction).
- **Victims:** Numerous victims suffered monetary and reputational losses. One specific impact mentioned is the suicide of a CEO of a victim company.
## Tools & Infrastructure
- **Malware families used:** Not specified in the text.
- **Infrastructure (C2, domains, IPs):** The core infrastructure mentioned is the online platforms: **RaidForums** and **BreachForums**.
- *Defanged URLs for context:*
- `databreaches.net`
- `storage.courtlistener.com`
## Implications
The case highlights the significant legal and societal impact of individuals operating online forums that facilitate cybercrime by connecting threat actors with stolen data or illicit services. The government's appeal underscores the focus on ensuring sentences reflect deterrence, punishment, and incapacitation, especially given the financial gains ($700,000) and severe human cost (victim suicide). The defense's focus on Fitzpatrick's mental health (Autism Spectrum Disorder) presents a unique challenge to sentencing guidelines.
## Mitigations
The article does not provide specific defensive mitigations against Pompompurin or his tools, but the context suggests:
- Law enforcement/judicial focus on dismantling criminal forums through disruption and prosecution of key administrators/owners.
- Need for judicial systems to balance the goals of punishment/deterrence against individual mitigating factors (mental health).