News: 1716921910

  ARM Give a man a fire and he's warm for a day, but set fire to him and he's warm for the rest of his life (Terry Pratchett, Jingo)

BreachForums returns just weeks after FBI-led takedown

(2024/05/28)


BreachForums is back online just weeks after the notorious dark-web marketplace for stolen data was seized by law enforcement.

Online threat hunters [1]spotted the bazaar's resurgence, now seemingly under the control of ShinyHunters - one of the earlier BreachForums admins. The marketplace [2]opened for registration on Tuesday.

The BreachForums website and Telegram channel [3]takedown happened on May 15 with both [4]displaying warnings that they were now "under the control of the FBI." Additionally, the souk, where ransomware operators and other miscreants trade pilfered information, showed profile pics of admins Baphomet and ShinyHunters behind bars, which several infosec spectators took to mean that both had been cuffed.

[5]

While Baphomet's Telegram channel was also [6]seized , and that site administrator was reportedly arrested, the ShinyHunters crew claimed to escape unscathed, [7]bragging that none of its members were arrested.

[8]

[9]

ShinyHunters reportedly [10]regained access to the crime market's site and a new dark-web domain just a day after the FBI takedown, according to Hackread.com, which interviewed ShinyHunters and [11]published their account of wrestling control of the domains back from law enforcement.

Meanwhile, there has been no official statement from the US Department of Justice or the FBI about the takedown — which is unusual, compared to other high-profile [12]cybercrime busts over the past couple of years. The FBI declined to comment about the earlier seizures, or the reemergence of BreachForums.

[13]First LockBit, now BreachForums: Are cops winning the war or just a few battles?

[14]FBI takes down BreachForums ransomware website and Telegram channel

[15]Stolen-data market RaidForums taken down in domain seizure

[16]Auction house Christie's confirms criminals stole some client data

This particular dark-web souk has been an ongoing thorn in the side for police over the past couple of years, with BreachForums taking over after a similar operation [17]shut down RaidForums in 2022.

Cops seized an earlier version of BreachForums in June 2023. Its former admin Conor Brian Fitzpatrick (aka "Pompourin") was [18]arrested and then [19]sentenced to 20 years of supervised release in January. Still, the site returned, this time with different admins, but again acting as a ransomware brokerage.

[20]

"The reconstitution of Breach Forums is not surprising," said Austin Berglas, also a former FBI agent who now works as global head of professional services at BlueVoyant.

"Complete dismantlement of an online, organized criminal group is extremely difficult. Ensuring that all personnel with access are in custody and offline, identifying and seizing critical infrastructure to include the removal of the entire financial, technical, and communication network is necessary to dismantle and severely limit the ability to reconstitute," he told The Register .

Berglas is a former assistant special agent in charge of the FBI's New York Office Cyber Branch, and [21]during his tenure the bureau dismantled LulzSec, a group linked to Anonymous, and arrested its leader Sabu in June 2011.

[22]

He was also involved in the FBI's shutdown of the [23]Silk Road drug market in 2013.

"Although law enforcement may seize the primary domain(s) and related servers, there may be unidentified backup servers and domains which can be operationalized if needed, or previously unidentified individuals that may have administrative or technical access that can be used after a seizure or takedown," Berglas added.

However, the earlier action against BreachForums is "still a success," he opined. "Disrupting a major illegal forum for any period of time should serve as a significant deterrent to cyber criminals and demonstrate that, given the appropriate time and resources, organized crime perpetrated against citizens can be uncovered and will be addressed."

How much of a disruption — and how much a hit to the criminals' ability to profit from pilfered data and extortion attempts — remains to be seen. ®

Get our [24]Tech Resources



[1] https://x.com/BrettCallow/status/1795242964438184010

[2] https://x.com/DarkWebInformer/status/1795465659511345270

[3] https://t.me/s/BreachForums

[4] https://www.theregister.com/2024/05/15/fbi_breachforums_ransomware/

[5] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZlZUAhcu22yZfvU05E3UUQAAAEo&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0

[6] https://t.me/s/OfficialBaphomet

[7] https://x.com/H4ckManac/status/1791021424099852769

[8] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZlZUAhcu22yZfvU05E3UUQAAAEo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZlZUAhcu22yZfvU05E3UUQAAAEo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[10] https://www.hackread.com/breach-forums-shinyhunters-domain-reclaim-fbi/

[11] https://www.hackread.com/breach-forums-return-clearnet-dark-web-fbi-seizure/

[12] https://www.theregister.com/2023/01/26/fbi_hive_ransomware/

[13] https://www.theregister.com/2024/05/17/cops_crime_winning/

[14] https://www.theregister.com/2024/05/15/fbi_breachforums_ransomware/

[15] https://www.theregister.com/2022/04/12/raidforums_market_arrest/

[16] https://www.theregister.com/2024/05/28/christies_confirms_cybercriminals_stole_client/

[17] https://www.theregister.com/2022/04/12/raidforums_market_arrest/

[18] https://www.theregister.com/2024/01/05/breachforums_admin_arrested_again/

[19] https://www.theregister.com/2024/01/05/breachforums_admin_arrested_again/

[20] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZlZUAhcu22yZfvU05E3UUQAAAEo&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0

[21] https://www.theregister.com/2024/05/17/cops_crime_winning/

[22] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZlZUAhcu22yZfvU05E3UUQAAAEo&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0

[23] https://www.theregister.com/2013/10/02/silk_road_shutdown/

[24] https://whitepapers.theregister.com/



Hahaha wow

Zibob

It appears the original owners got in contact with NiceNIC and asked for the accounts back and to disable the FBI accounts.

Reading the HackRead article is hilarious. There's an email at the bottom from the FBI asking for their access back, they never got it back. Its pretty pitiful in its reading. Defeating the FBI sounds easy, just ask.

stiine

"...the removal of the entire financial, technical, and communication network is necessary..."

Really, I never would have guessed. Oh, look, they're online again...

I guess its true that they do have law enforcement personel on their payroll.

Clippit Charged With Attempted Murder

Microsoft's Dancing Paper Clip turned violent last week and nearly killed
a university student testing a new Windows-based human-computer interface.
The victim is expected to make a full recovery, although psychiatrists
warn that the incident may scar him emotionally for life. "You can bet
this kid won't be using Windows or Office ever again," said one shrink.

The victim had been alpha-testing CHUG (Computer-Human Unencumbered
Groupware), a new interface in which the user controls the computer with
force-feedback gloves and voice activation.

"I was trying to write a term paper in Word," he said from his hospital
bed. "But then that damned Dancing Paper Clip came up and started annoying
me. I gave it the middle finger. It reacted by deleting my document, at
which point I screamed at it and threatened to pull the power cord. I
didn't get a chance; the force-feedback gloves started choking me."

"We told Clippit it had the right to remain silent, and so on," said a
campus police officer. "The paperclip responded, 'Hi, I'm Clippit, the
Office Assistant. Would you like to create a letter?' I said, 'Look here,
Mr. Paperclip. You're being charged with attempted murder.' At that point
the computer bluescreened."