HE TecMundo As the successor to RaidForums, which was seized by a coalition of law enforcement in April this year, he managed to privately interview the founder and director of BreachForums, a forum that has attracted the attention of researchers and specialist media outlets worldwide. The new community became especially famous after the announcement of an alleged database from Shanghai police containing the personal data of 1 billion Chinese.
The cybercriminal, identified by the nickname “Pompompurin”, says he started developing BreachForums before RaidForums went down. The site’s creation dates back to March 4 of this year, and it went public on the 16th of the same month. Since then, the focus has shifted to the new community as it serves as a stage for buying and selling personal and sensitive information obtained through criminal methods such as account hacking and phishing campaigns.
“I built it completely on my own,” said pompompurin, who got his nickname from the eponymous character in the Hello Kitty universe of the Japanese giant Sanrio. “I never planned to start my own forum, but when RaidForums was taken over, I quickly realized that many people would try to replace it with scams. An example was DarkNetWorld. They tricked some people and made themselves a few thousand dollars by advertising RaidForums replacements,” he explains.
“If I’m seized and arrested, I can make a copy of the site in one day.”
But there were also personal motivations for the decision. “I missed RaidForums and wanted to bring the community back together,” he says. According to the site administrator, at the time of writing, BreachForums had 13,510 topics, 159,858 posts, 56,700 users and 507 databases for download. Together, these collections hold more than 10.89 billion records; A record compared to the last RaidForums, which peaked at 10.83 billion.
exponential growth
“We are gaining users fast due to the varied media coverage of the various leaks available for sale. On average, we gain over 500 users, 200 topics and 2,300 posts per day. Speaking of traffic, our site is getting 12,000 unique visitors a day, but it’s hard to measure accurately,” explains pompompurim. The number may reach even higher levels, as the forum domain is constantly blocked in many countries.
Asked about his career in cybercrime before BreachForums was founded, the hacker admits that he was actively involved in the market to buy and sell data. “I was very well known on RaidForums as one of the main users there. I regularly leaked databases and sometimes chatted with people. I also earned the money that funded the launch of BreachForums by selling some databases on RaidForums a few months before it was confiscated,” he explains.
When asked about his decision to open the community on the surface network, he said, “Accessibility is a big factor. Allowing users to sign up via the clearnet brings in a large number of users. I’m also not afraid to suffer the same fate as RaidForums, because unlike them, there is no single person with access to everything. Our other admin also has full access and can make a copy of the site within a day if the site is caught and I am arrested.”
“I earned the money funding the startup of BreachForums by selling some databases.”
The efforts of Pompompurin’s forum to prevent it from having the same result are commendable to say the least. In his official community channel on Telegram, he constantly updates his followers on topics related to corporate attempts to take over the main space and offers emergency alternatives. “I knew from the start the site was going to be extremely fag, so I did everything I could to make it as hard to crash as possible. We have multiple backup sites, a hidden service, and other mechanisms ready to make the download difficult,” he assures.
RaidForums: a month’s work
If you’ve never heard of RaidForums, know that there is an open and easily accessible community on the surface web (any internet user can open an account) for cybercriminals to buy and sell personal and corporate data stolen through cyber attacks. Among the most notable leaks to emerge there, we can highlight the disclosure of data on 223 million Brazilians in January 2021.
The “victory” of RaidForums came to an end after its domain was seized in a joint operation by the US Department of Justice (DOJ) and other global organizations such as the FBI, the British NCA, the Portuguese Judicial Police and the European Union. Police Cooperation Agency (Europol). In addition to removing the site, authorities announced the arrest of 21-year-old Portuguese citizen Diogo Santos Coelho, who will serve as the site’s administrator under the pseudonym “Omnipotent”.
“We have multiple backup domains, a hidden service, and other mechanisms to make them harder to download.”
In the operation called Turnstile, Organlar members infiltrated not only the forum but also communication services such as Telegram and Discord for months. Thanks to this extensive exploratory work, it was possible to profile Diogo – in one message, the cracker assumed that he “only attacked things that gave him large sums of money.” Over time, Downloading also used the pseudonyms Shiza and Kevin Maradona.
While in detention, authorities formally requested information about his accounts on cryptocurrency exchange Coinbase, his favorite platform for storing earnings and money laundering. While it’s not possible to calculate the exact amount yet, it’s estimated that Omnipotent made millions of dollars in profit from the sale of stolen data, not only by selling information directly, but also by analyzing it, serving as a “middleman.” quality of databases, data and getting the percentage of traded between two or more foristas.
Order in cybercrime
BreachForums follows a very similar structure to that of RaidForums and uses an intermediary system to ensure that scammers don’t outdo them. It is also possible for you to earn badges by performing certain actions, increase your trust score by actively participating in discussion threads, and purchase credits that can be used to “unlock” published content for free. Pompompurin positions itself as a free agent.
When asked about his views on the Brazilian cybersecurity market, the manager emphasizes: “Honestly, I don’t have a formed opinion on this. I’m not familiar with the cybersecurity landscape in Brazil. I remember a lot of sales leaks in the country on RaidForums that caused the Brazilian government to go after the forum”. Indeed – in October 2021, after the actions of the national authorities, the Almighty community had to use an alternative space for several days.
Will BreachForums be the new safe haven for dark personal data exchanges, or will the site be shut down in the near future? This is a question only time can answer.
* Interview with journalist Ramon de Souza
Source: Tec Mundo
