The FBI has arrested the alleged founder of a popular cybercriminal forum that touted data stolen in a hack affecting members of Congress and thousands of other people and taken the website down, the Justice Department said Friday.
The website – known as BreachForums – trafficked in the stolen data of millions of Americans until the FBI recently took it offline, the department said in a news release.
The alleged administrator of BreachForums, a 20-year-old New York man named Conor Brian Fitzpatrick, was arrested last week, according to the Justice Department. Fitzpatrick has been charged with conspiracy to commit access device fraud, which carries a sentence of five years in prison, the department said in the release.
The forum gained greater notoriety this month when a hacker posted data they claimed was stolen from a DC health insurance service – an incident that roiled Capitol Hill and exposed the personal data of tens of thousands of people from different walks of life. House of Representatives officials have said hundreds of staff were affected by the incident. The number of lawmakers affected is believed to be less than two dozen, a source familiar told CNN earlier this month.
Among the other victims of Fitzpatrick’s alleged hacking-related activities are a US electronic health care firm, a US internet services provider and a US-based investment firm, according to an affidavit filed in the US District Court for the Eastern District of Virginia. The affidavit did not name the companies.
Fitzpatrick made his initial appearance in federal court on Friday, the Justice Department said. Fitzpatrick was released on a $300,000 bail, according to court documents, which was cosigned by members of his family.
A judge ordered Fitzpatrick not to contact any victims or co-conspirators in the investigation, open any new lines of cryptocurrency nor possess the personal identification information of others.
Nina Ginsberg, an attorney listed for Fitzpatrick in court records, declined to comment. Fitzpatrick has not yet entered a formal plea.
It’s the latest move in a sustained international law enforcement effort to disrupt cybercriminal organizations that cost American business and residents billions of dollars a year. More than $10 billion in losses from online scams were reported to the FBI in 2022, the highest annual loss in the last five years, according to a recent FBI report.
BreachForums emerged last year after US and international law enforcement agencies shut down a similar forum, RaidForums, and arrested its alleged founder in the United Kingdom.
Despite the law enforcement crackdown, there are still several other online forums where criminals can hawk stolen data. And new illicit marketplaces will likely emerge, according to experts.
“While BreachForums is likely permanently offline, it will invariably be replaced by something else,” Brett Callow, threat analyst at cybersecurity firm Emsisoft, told CNN. “Whether that something is a Telegram channel or another Breach-style forum remains to be seen.”
US law enforcement agents have gotten increasingly adept at quietly infiltrating cybercriminal forums and collecting intelligence to feed indictments or arrests.
In the demise of RaidForums, US authorities had access to the website’s computer infrastructure for several months before the seizure was announced, a law enforcement official familiar with the matter previously told CNN.
The latest forum takedown is welcome news but “the resilience of the underground ecosystem as a whole remains mostly untouched as the criminal demand for illicit goods continues to rise,” Michael DeBolt, chief intelligence officer at security firm Intel 471, told CNN.