BreachForums, a key English-language cybercrime forum, seized by the FBI
The FBI, the Department of Justice and a range of international law enforcement agencies seized on Wednesday a notorious website used to buy and sell stolen and hacked data.
The operation to seize BreachForums is the second time in the past year that authorities have seized the site. A previous iteration was seized in June 2023, after U.S. authorities arrested Conor Fitzpatrick, the creator and administrator of the site where cybercriminals bought and sold hacked and stolen data, compromised credentials, and more. Within a month of the seizure, BreachForums was reconstituted and has been operational ever since.
A seizure notice posted to the site Wednesday said the site had been seized by the FBI and the DOJ, along with enforcement agencies in the U.K., New Zealand, Australia, Switzerland, Ukraine and Iceland.
Paul Foster, the director of threat leadership at the U.K.’s National Crime Agency, told CyberScoop in a statement Thursday that the NCA “assisted an FBI investigation into BreachForums,” and that “intelligence development and domain takedown assistance was provided.”
“Such criminal marketplaces are a key enabler of the cybercrime ecosystem, providing a means for threat actors to advertise their services,” Foster said. “The NCA and its international partners will continue to collaborate on this type of activity, using the full range of law enforcement tools available to maximise disruptive impact against this threat,” he said.
The seizure includes BreachForums’ Telegram channel, as well as the channel operated by a persona known as Baphomet, a BreachForums admin under Fitzpatrick prior to his arrest, and the one who led the site’s resurgence.
It’s not clear whether the operation only involves the seizure of just the site and Telegram channels, or whether there have also been any arrests.
The FBI also set up a reporting form asking for information related to BreachForums in any of its iterations.
“From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services,” the form reads.
The FBI did not immediately respond to a request for comment Wednesday.
Updated May 16, 2024: This article has been updated with a statement from the National Crime Agency.