The administrator behind defunct cybercrime haven BreachForums was arrested after violating his parole, according to court documents filed this week.
Conor Brian Fitzpatrick was arrested on January 2 by FBI officers after officials told a judge that he had violated his parole by using a computer and VPN services without the required monitoring software enabled.
The 21-year-old originally was arrested last March at his parent’s home in Peekskill, New York, for his role in running BreachForums — one of the most visited cybercrime forums available to those looking to sell or purchase stolen data.
During his arrest, the FBI said the 21-year-old Fitzpatrick admitted to being BreachForums’ leading administrator “pompompurin,” and in July he pleaded guilty to three charges related to his operation of the site and to having child pornography on one of his devices.
He remained free on a $300,000 bond as he awaited sentencing — which was originally scheduled for November 17 but was moved to January 19. In May, Fitzpatrick attempted suicide, and his lawyers filed documents in October asking for the sentencing date to be pushed back because they wanted experts to “evaluate various aspects of Mr. Fitzpatrick’s mental health.”
When Fitzpatrick first agreed to the plea deal, the court provided a strict list of things he was not allowed to do, including accessing a computer without a computer monitoring program installed by court officials. The software both restricted access to some sites and recorded all activity on the device.
He was also banned from communicating with anyone under the age of 18 and from accessing any websites related to stolen data or hacking. He was not allowed to use VPNs, the Tor browser, or proxy services. He was allowed to travel for doctor's visits.
On Tuesday, Fitzpatrick appeared before Magistrate Judge Judith C. McCarthy after his arrest and acknowledged the violations of his pretrial release.
“The defendant waived speedy presentment and presentment in this district and will be immediately transported to the Eastern District of Virginia by FBI agents to be presented before a United States Magistrate Judge in that district,” the court documents said.
Fitzpatrick is facing decades in prison for his years of involvement in several high-profile hacking scandals. The first two hacking charges carry a 10-year maximum sentence and the child pornography charge carries a 20-year sentence.
The plea agreement says he “knowingly possessed approximately 26 files containing visual depictions of minors engaged in sexually explicit conduct.”
All three charges come with significant fines and Fitzpatrick has agreed to forfeit his assets. While the plea agreement means Fitzpatrick will not face more charges in the Eastern District of Virginia, the agreement does not give him immunity from prosecution in other states.
If or when he is released, he will be forced to sign up for the sex offender registry.
Fitzpatrick’s plea agreement confirmed that he helped run BreachForums from March 2022 to March 15, 2023 — which in turn helped others market stolen payment card data, bank routing and account numbers, Social Security numbers, login credentials and more.
The Justice Department said BreachForums facilitated access to the sensitive personal information of millions of U.S. citizens.
The agreement references several specific cases, including a headline-grabbing post on December 18, 2022, concerning stolen information on 87,760 members of InfraGuard, a partnership between the FBI and private sector companies focused on the protection of critical infrastructure.
It also notes Fitzpatrick’s role in the sale of sensitive data stolen from Washington, D.C.’s healthcare marketplace, one used by members of Congress. He also obtained “videos depicting prepubescent minors and minors who had not attained 12 years of age engaging in sexually explicit conduct.”
The domain of BreachForums was seized last June and while other administrators tried to revive it, the effort was eventually abandoned.
Get more insights with the
Recorded Future
Intelligence Cloud.
No previous article
No new articles