{"id":1472,"date":"2023-07-07T20:13:36","date_gmt":"2023-07-07T20:13:36","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=75292"},"modified":"2023-07-07T20:13:36","modified_gmt":"2023-07-07T20:13:36","slug":"breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/07\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils\/","title":{"rendered":"BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils"},"content":{"rendered":"<p><head> <meta charset=\"UTF-8\"> <meta name=\"viewport\" content=\"width=device-width, initial-scale=1\"> <meta name=\"robots\" content=\"index, follow, max-image-preview:large, max-snippet:-1, max-video-preview:-1\"> <!-- This site is optimized with the Yoast SEO Premium plugin v20.5 (Yoast SEO v20.5) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ --> <title>BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils | CyberScoop<\/title> <meta name=\"description\" content=\"The rise, fall, and subsequent rebirth of BreachForums underscores the difficulty of battling cybercrime.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/breachforums-return-criminal-hackers\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils\"> <meta property=\"og:description\" content=\"The rise, fall, and subsequent rebirth of BreachForums underscores the difficulty of battling cybercrime.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/breachforums-return-criminal-hackers\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-07-07T20:13:36+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\"> <!-- \/ Yoast SEO Premium plugin. --> <link rel=\"dns-prefetch\" href=\"\/\/cdn.parsely.com\">\n<link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-0\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1687285576g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1685471931g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-4\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1687962474g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=172264176d4de0f97962\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/75292\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<link rel=\"wlwmanifest\" type=\"application\/wlwmanifest+xml\" href=\"https:\/\/cyberscoop.com\/wp-includes\/wlwmanifest.xml\">\n<meta name=\"generator\" content=\"WordPress 6.2.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=75292\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbreachforums-return-criminal-hackers%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fbreachforums-return-criminal-hackers%2F&amp;format=xml\">\n<meta name=\"parsely-title\" content=\"BreachForums replacement emerges as robust forum for criminal hackers to trade their spoils\"><br \/>\n<meta name=\"parsely-link\" content=\"http:\/\/cyberscoop.com\/breachforums-return-criminal-hackers\/\"><br \/>\n<meta name=\"parsely-type\" content=\"post\"><br \/>\n<meta name=\"parsely-image-url\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?w=150&amp;h=150&amp;crop=1\"><br \/>\n<meta name=\"parsely-pub-date\" content=\"2023-07-07T20:13:36Z\"><br \/>\n<meta name=\"parsely-section\" content=\"Cybercrime\"><br \/>\n<meta name=\"parsely-tags\" content=\"breachforum,cybercrime,fbi,hacking\"><br \/>\n<meta name=\"parsely-author\" content=\"AJ Vicens\"> <!-- Google Tag Manager --> <!-- End Google Tag Manager --> <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-75292 single-format-standard\" id=\"readabilityBody\"> <svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-dark-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncG type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncB type=\"table\" tableValues=\"0 0.49803921568627\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-grayscale\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.54901960784314 0.98823529411765\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.71764705882353 0.25490196078431\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-red\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.27843137254902\" \/><feFuncB type=\"table\" tableValues=\"0.5921568627451 0.27843137254902\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-midnight\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0 0\" \/><feFuncG type=\"table\" tableValues=\"0 0.64705882352941\" \/><feFuncB type=\"table\" tableValues=\"0 1\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-magenta-yellow\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.78039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.94901960784314\" \/><feFuncB type=\"table\" tableValues=\"0.35294117647059 0.47058823529412\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-purple-green\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.65098039215686 0.40392156862745\" \/><feFuncG type=\"table\" tableValues=\"0 1\" \/><feFuncB type=\"table\" tableValues=\"0.44705882352941 0.4\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg><svg viewBox=\"0 0 0 0\" width=\"0\" height=\"0\" focusable=\"false\" role=\"none\"><defs><filter id=\"wp-duotone-blue-orange\"><feColorMatrix color-interpolation-filters=\"sRGB\" type=\"matrix\" values=\" .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 .299 .587 .114 0 0 \" \/><feComponentTransfer color-interpolation-filters=\"sRGB\"><feFuncR type=\"table\" tableValues=\"0.098039215686275 1\" \/><feFuncG type=\"table\" tableValues=\"0 0.66274509803922\" \/><feFuncB type=\"table\" tableValues=\"0.84705882352941 0.41960784313725\" \/><feFuncA type=\"table\" tableValues=\"1 1\" \/><\/feComponentTransfer><feComposite in2=\"SourceGraphic\" operator=\"in\" \/><\/filter><\/defs><\/svg> <a href=\"https:\/\/cyberscoop.com\/breachforums-return-criminal-hackers\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.384615384615\">\n<div class=\"single-article__header-content\" readability=\"32.15811965812\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> The rise, fall, and subsequent rebirth of BreachForums underscores the difficulty of battling cybercrime. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils.jpg?resize=640%2C426&#038;ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/07\/breachforums-replacement-emerges-as-robust-forum-for-criminal-hackers-to-trade-their-spoils-1.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Getty Images <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"73.862841774989\"><body readability=\"148.3925346177\"><\/p>\n<p>Even before the FBI seized domains related to BreachForums, the notorious online bazaar where cybercriminals bought and sold hacked or stolen data, a replacement marketplace was taking shape. <\/p>\n<p>Now, less than a month after that high-profile takedown on June 23 involving a consortium of U.S. and law enforcement agencies, the new version of BreachForums is active, growing and facilitating illicit trade in the most sensitive information about millions of individuals and hundreds of organizations in the U.S. and around the world.<\/p>\n<p>\u201cIt is expected that more cybercriminals, old-timers and new ones, will join the new forum, which is more likely to lead to various high-profile leaks, publications and sales of various databases,\u201d said Oleg Dyorov, head of the cybercrime investigation team within the cybersecurity firm Group-IB\u2019s threat intelligence unit.<\/p>\n<p>The quick return of the new BreachForums is a testament to the resilience of the cybercrime ecosystem, but it also demonstrates the difficulty for law enforcement agencies in preventing this kind of criminal activity. \u201cIt appears that arrests and forum takedowns do not deter the majority of the community from continuing their illicit activities,\u201d Dyorov said.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The <a href=\"https:\/\/cyberscoop.com\/breachforums-arrest-cybercrime-underground\/\" target=\"_blank\" rel=\"noreferrer noopener\">FBI arrested Conor Fitzpatrick<\/a>, the alleged administrator of the original BreachForums, in March at his family home in New York, months before <a href=\"https:\/\/techcrunch.com\/2023\/06\/23\/feds-seize-notorious-and-shuttered-hacking-site-breachforums\/\" target=\"_blank\" rel=\"noreferrer noopener\">seizing the site\u2019s infrastructure<\/a>. And the efforts to develop a replacement began almost as soon as Fitzpatrick was in custody. A flurry of forums \u2014&nbsp;some new, some old \u2014&nbsp;<a href=\"https:\/\/www.databreaches.net\/the-reincarnation-of-breachforums-a-cyberdrama-in-three-acts\/\" target=\"_blank\" rel=\"noreferrer noopener\">jostled for position<\/a> and attention since Fitzpatrick\u2019s arrest and questions about the safety and reliability of BreachForums. The competition led to rival operators hacking into competitors\u2019 forums and leaking user databases. <\/p>\n<p>Fitzpatrick\u2019s heir apparent soon appeared to be a persona known as Baphomet, one of the administrators of the previous incarnation of BreachForums, a site well known as <a href=\"https:\/\/www.justice.gov\/opa\/pr\/justice-department-announces-arrest-founder-one-world-s-largest-hacker-forums-and-disruption\" target=\"_blank\" rel=\"noreferrer noopener\">a marketplace for stolen data<\/a>, promised in the days after Fitzpatrick\u2019s arrest to get the site back up and running. But less than two weeks after the arrest, Baphomet posted a message to Telegram saying that it was clear the FBI had access to the site\u2019s database, and that he was <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/breached-hacking-forum-shuts-down-fears-its-not-safe-from-fbi\/\" target=\"_blank\" rel=\"noreferrer noopener\">shutting it down for good<\/a>.<\/p>\n<p>That wasn\u2019t actually the case, though. Baphomet, along with <a href=\"https:\/\/intel471.com\/blog\/shinyhunters-data-breach-mitre-attack\" target=\"_blank\" rel=\"noreferrer noopener\">ShinyHunters<\/a>, another well-known cybercrime group, relaunched BreachForums June 12, and their presence is the main point researchers say it likely maintain top status going forward despite an initial scramble among competing forums.<\/p>\n<p>Alexander Leslie, a threat intelligence analyst with the cybersecurity firm Recorded Future, said the post-BreachForums seizure period was reminiscent of the weeks after <a href=\"https:\/\/cyberscoop.com\/raidforums-seized-doj\/\" target=\"_blank\" rel=\"noreferrer noopener\">the April 2022 U.S. law enforcement takedown of RaidForums<\/a>, a long-running and popular database and cybercrime forum with as many as 500,000 users at its peak. After that operation, Fitzpatrick, who was active on RaidForums and known by the handle \u201cPompompurin,\u201d <a href=\"https:\/\/socradar.io\/dark-web-threat-profile-pompompurin\/\" target=\"_blank\" rel=\"noreferrer noopener\">wrote<\/a> that he was sick of \u201call the stupid people trying to take the empty spot RaidForums once filled,\u201d and started BreachForums.<\/p>\n<p>\u201cThe thing about the new BreachForums that makes it a little more credible than all these other random ones is we don\u2019t really know who the administrators [of the others] are,\u201d Leslie said. \u201cThey\u2019re kind of random, likely inexperienced kids who are trying to capitalize on the popularity and try to fill that power vacuum.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Baphomet, who did not respond to inquires from CyberScoop, also has one thing going for them in cybercrime circles. And that\u2019s a level of trust among people familiar with the original BreachForums, said one researcher who spoke with CyberScoop on the condition of anonymity for safety reasons. <\/p>\n<p>\u201cThey have to be one anonymous enough to not get caught by future law enforcement efforts,\u201d the researcher said. \u201cAnd then be credible enough and well liked enough and socially connected enough for [people to] take this person seriously. And one attribute takes away from the other. So it\u2019ll be interesting to see what shakes out here, if law enforcement can apply more pressure, we might not see a clear winner.\u201d<\/p>\n<p>Fitzpatrick, for example, was able to <a href=\"https:\/\/socradar.io\/wp-content\/uploads\/2022\/07\/pompompurin-3.png\">quickly establish the original BreachForums<\/a> because people in those spaces knew who he was, the researcher said. Without that, \u201cno one would ever join his forum, because no one knows him and no one trusts him. And if, if you were to go in there with a totally anonymous alias, and start talking to people, they\u2019re gonna start accusing you of being a fed, because you have no history.\u201d<\/p>\n<p>Leslie from Recorded Future said the new BreachForums launched with many of the old stolen databases that had been there previously, and some users were reposting previously shared high-profile breaches, such as the <a href=\"https:\/\/krebsonsecurity.com\/2022\/12\/fbis-vetted-info-sharing-network-infragard-hacked\/\">December 2022 leak from the FBI\u2019s InfraGard program<\/a>, or the more recent <a href=\"https:\/\/cyberscoop.com\/tag\/dc-health-link\/\">DC Health Link<\/a> breach in early March, which preceded Fitzpatrick\u2019s arrest by only a few days. But more recently, Leslie said, users on the site have posted newer and more unique data, even as they feel out whether the site is reliable.<\/p>\n<p>\u201cRelative to its competitors, the new BreachForums absolutely not only has higher quality of sources, it has more unique sources,\u201d Leslie said. \u201cAnd overall the volume is much higher than any of its competitors.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Leslie added that the takedown didn\u2019t seem to have any impact on the non-English speaking forums, that traffic in other aspects of the cybercrime ecosystem, such as ransomware affiliate recruiting, initial access brokering and other kinds of activities.<\/p>\n<p>\u201cIt seems like they are just generally unfazed,\u201d Leslie said. \u201cThere is little active acknowledgement on Russian language sources of the new BreachForums, which tells me that just they will maintain their popularity, they will maintain their user base. These Russian language forums are well established, they\u2019ve been established for a very long time, they have maintained a constant cadence of sales of leaks, for at some cases over a decade. I don\u2019t see that changing.\u201d<\/p>\n<p>Dyorov from Group-IB told CyberScoop that after the downfall of BreachForums, many members just bided their time. \u201cWhile some small-scale database sellers started shifting to different forums, including LeakBase, the core of the BreachedForums chose to wait for the new full-scale Breached\u2019s successor to appear,\u201d he said. \u201cThe new forum has already amassed over 7,700 registered users, including active threat actors previously operating on [RaidForums] and [the previous BreachForums].\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\">\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p> <!-- .popular-stories__stories --> <\/div>\n<p><!-- .popular-stories__inner -->\n<\/div>\n<p><!-- .popular-stories --> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p> <!-- Start of HubSpot Embed Code --> <!-- End of HubSpot Embed Code --> <\/body> <a href=\"https:\/\/cyberscoop.com\/breachforums-return-criminal-hackers\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>BreachForums replacement emerges as robust forum for criminal hackers to<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[584,282,273,281],"tags":[585,286,279,285],"class_list":["post-1472","post","type-post","status-publish","format-standard","hentry","category-breachforum","category-cybercrime","category-fbi","category-hacking","tag-breachforum","tag-cybercrime","tag-fbi","tag-hacking"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/breachforum\/\" rel=\"category tag\">BreachForum<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fbi\/\" rel=\"category tag\">FBI<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/hacking\/\" rel=\"category tag\">hacking<\/a>","tag_info":"hacking","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1472","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=1472"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/1472\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=1472"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=1472"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=1472"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}