The FBI has arrested the alleged founder of a popular cybercriminal forum that touted data stolen in a hack affecting members of Congress and thousands of others and took down the website, the Justice Department said Friday. .
The website – known as BreachForums – trafficked in the stolen data of millions of Americans until the FBI recently took it offline, the department said in a press release.
The alleged administrator of BreachForums, a 20-year-old New Yorker named Conor Brian Fitzpatrick, was arrested last week, according to the Department of Justice. Fitzpatrick was charged with conspiracy to commit access device fraud, which carries a five-year prison sentence, the department said in the statement.
The forum gained further notoriety this month when a hacker posted data he claimed was stolen from a DC health insurance department — an incident that rocked Capitol Hill and exposed the personal data of tens of thousands of people from different walks of life. House of Representatives officials said hundreds of employees were affected by the incident. The number of lawmakers affected is believed to be less than two dozen, a source familiar with CNN earlier this month.
Other victims of Fitzpatrick’s alleged hack-related activities include a US electronic healthcare company, a US internet service provider and a US-based investment firm, according to an affidavit filed with the US District Court. of the Eastern District of Virginia. The affidavit did not name the companies.
Fitzpatrick made his first appearance in federal court on Friday, the Justice Department said. Fitzpatrick was released on $300,000 bail, according to court documents, which were co-signed by family members.
A judge ordered Fitzpatrick not to contact any victims or co-conspirators in the investigation, open new cryptocurrency lines, or possess the personally identifying information of others.
Nina Ginsberg, an attorney listed for Fitzpatrick in court records, declined to comment. Fitzpatrick has yet to enter a formal plea.
It is the latest move in a sustained international law enforcement effort to disrupt cybercriminal organizations that cost American businesses and residents billions of dollars a year. More than $10 billion in losses from online scams were reported to the FBI in 2022, the highest annual loss in the past five years, according to a recent FBI report.
BreachForums emerged last year after US and international law enforcement shut down a similar forum, RaidForums, and arrested its alleged founder in the UK.
Despite the law enforcement crackdown, there are still several other online forums where criminals can peddle stolen data. And new illicit markets will likely emerge, experts say.
“While BreachForums is likely to be permanently offline, it will invariably be replaced by something else,” Brett Callow, threat analyst at cybersecurity firm Emsisoft, told CNN. “Whether something is a Telegram channel or another Breach-style forum is yet to be determined.”
US law enforcement has become increasingly adept at quietly infiltrating cybercriminal forums and collecting intelligence to fuel indictments or arrests.
During RaidForums’ disappearance, US authorities had access to the website’s IT infrastructure for several months before the seizure was announced, a law enforcement official familiar with the matter previously told CNN. .
The latest takedown of the forum is welcome news, but “the resilience of the underground ecosystem as a whole remains virtually intact as criminal demand for illicit assets continues to rise,” said Michael DeBolt, the company’s chief intelligence officer. Intel Security 471, to CNN.