Introduction
from raidforum to intelxbroker
Threat intelligence and OSINT (Open Source Intelligence) are powerful tools in identifying individuals behind online aliases or nicknames, especially within hacker forums like BreachForums. OSINT relies on the analysis of publicly available data, such as social media profiles, posts, and online interactions, to uncover hidden identities. In the case of BreachForums, investigators could track the activities of key figures, such as “pompompurin” and “IntelBroker,” using a combination of technical and social intelligence. Cross-referencing data leaks, social engineering, and monitoring online behaviors can provide valuable clues that lead to identifying the real-world individuals behind these pseudonyms.
When law enforcement targets forums like BreachForums, they often employ advanced threat intelligence techniques to trace users’ footprints, both on the surface web and the dark web. For instance, identifying “pompompurin” involved a blend of digital forensics, tracking patterns of communication, and analyzing compromised systems. The use of VPNs, encrypted chats, and aliases presents challenges, but with the right intelligence frameworks and OSINT strategies, investigators are often able to piece together enough information to pursue legal action against cybercriminals, as seen with the arrest and sentencing of Fitzpatrick.
Osint – Scope of Osint
Open Source Intelligence (OSINT) refers to the collection and analysis of information that is publicly available. It encompasses data found in public records, social media platforms, websites, news articles, and other publicly accessible sources. OSINT has become an invaluable asset in various fields, including national security, law enforcement, corporate security, and journalism.
OSINT is distinct from other intelligence-gathering methods because it relies solely on open sources of information. These sources can be broadly categorized into:
- Media :
- Newspapers, magazines
- radio, and television broadcasts.
- Internet :
- Websites, blogs, social media, and online forums.
- Public Records :
- Government reports, financial disclosures
- court records, and other official documents
- Professional and Academic Publications :
- Journals, conference papers, and research studies.
Significance of OSINT in Investigations
In a bustling city, a detective named Ana was tasked with uncovering a network of cyber criminals. Without the resources for extensive undercover operations, she turned to Open Source Intelligence (OSINT). By analyzing public social media profiles, news articles, and online forums, she pieced together the digital footprints of the suspects. This cost-effective approach not only saved time and resources but also provided real-time insights, allowing her to track the criminals’ activities and anticipate their next moves.
One day, Ana discovered a crucial lead through a seemingly innocuous blog post. Cross-referencing this with public records and other online data, she pinpointed the location of a hidden server used by the cyber criminals. This breakthrough was pivotal in dismantling the network and showcased how OSINT, with its ability to access and analyze vast amounts of public information, can be a powerful tool in modern investigations.
Role of Threat Intelligence in Investigations
Threat intelligence involves the collection, analysis, and interpretation of data about potential or current threats to an organization’s security. This information is used to understand and mitigate threats, providing a proactive defense against cyber attacks.
In investigations, threat intelligence plays a pivotal role in uncovering critical aspects of cyber threats. By analyzing threat intelligence, investigators can effectively identify and attribute cyber attacks to specific threat actors. This involves understanding their motives, methodologies, and the tools they employ. Furthermore, threat intelligence serves as a vital source of evidence, providing crucial data that supports legal and law enforcement proceedings. Beyond attribution, it offers a comprehensive view of the threat landscape, allowing investigators to connect disparate incidents and gain a deeper understanding of the broader context in which cyber threats operate. This contextual understanding enhances the effectiveness of investigations, ensuring thorough and informed responses to cyber incidents.
When investigating the notorious Pompompurin hacker, threat intelligence proved invaluable. By meticulously analyzing threat data, investigators could piece together Pompompurin’s identity, motives, and methods. This analysis revealed unique patterns and tools used by the hacker, enabling the attribution of multiple cyber attacks directly to Pompompurin. The intelligence gathered provided critical evidence, forming a solid foundation for legal action and law enforcement involvement.
Moreover, threat intelligence offered a comprehensive understanding of the broader threat landscape. It allowed investigators to connect seemingly unrelated incidents, uncovering the intricate web of activities linked to Pompompurin. This contextual awareness was crucial in mapping out the hacker’s network, ensuring that no stone was left unturned in the quest to bring Pompompurin to justice.
Background of Breachforum
RaidForums, one of the most prominent underground forums for trading stolen data, was founded by a cybercriminal known as “Omnipotent.” The platform gained popularity for hosting leaked databases, hacking tools, and illicit services. However, in early 2022, after years of investigation, law enforcement agencies, including the FBI, successfully seized RaidForums. Omnipotent was arrested and sentenced to jail, marking a significant victory for cybersecurity professionals and law enforcement. The operation that led to the forum’s takedown was a major example of collaboration between global authorities using Open Source Intelligence (OSINT) and Threat Intelligence to track the activities and individuals involved in such platforms.
After the RaidForums takedown, another infamous cybercriminal, known as Pompompurin, quickly responded to the void in the dark web by creating BreachForums. In a tweet, Pompompurin invited hackers and former RaidForums users to join BreachForums, positioning it as the successor to the now-defunct platform. BreachForums quickly gained traction as the new go-to hub for cybercriminals to trade stolen data and engage in illicit activities. However, in early 2023, the FBI once again intervened, seizing BreachForums as part of an ongoing crackdown on dark web marketplaces. This action led to the arrest of Pompompurin, halting the forum’s operations temporarily.
Following Pompompurin’s arrest, another user known as “Baphomet” resumed the activity of BreachForums under a new domain. Baphomet’s efforts helped maintain the forum’s operations for a short period, but the forum was eventually terminated under its old top-level domain (TLD) after facing increasing pressure from law enforcement.
Despite the forum’s termination, the user “IntelBroker” began boasting about the activity and continuity of BreachForums, hinting that the cybercriminal community would continue operating despite the disruptions. This series of events highlights the constant evolution of cybercriminal forums and the ongoing struggle between law enforcement and dark web actors.
Investigation of Pompompurin
Pompompurin, whose real name is Conor Brian Fitzpatrick, was the administrator of BreachForums, a prominent dark web forum where cyber criminals bought and sold stolen data. The investigation into Pompompurin was a major undertaking by law enforcement agencies worldwide to dismantle this illicit marketplace and protect victims of data breaches.
- Disrupting a Cybercrime Hub: The goal was to shut down BreachForums, which served as a hub for sharing stolen data, hacking techniques, and planning attacks.
- Bringing a Major Player to Justice: Pompompurin was a key figure in the dark web criminal ecosystem, responsible for numerous data breaches and the exploitation of vulnerable individuals and businesses.
- International Cooperation: The investigation required collaboration between the FBI and international law enforcement agencies due to the global nature of cybercrime.International Cooperation:
Data Collection Techniques
- Web Scraping
- Methods and tools used for gathering data from websites and social media
- Public Records Analysis
- Leveraging publicly available documents and records for information
- Tracking social media platforms for relevant conversations and trends
Leak intelligence plays a pivotal role in modern threat investigations, particularly when it comes to identifying and tracking cybercriminals. Tools like OSIVE (Open Source Intelligence Visualization Engine) and platforms such as OSINTLeak provide investigators with critical insights by analyzing data leaks and compromised databases. OSIVE, available through OSINTLeak, helps investigators aggregate and visualize leaked intelligence, such as email addresses, passwords, and other personal information found in dark web forums or underground marketplaces. Using these tools, threat intelligence analysts can map relationships, track digital identities, and correlate data across multiple leaks to gain a better understanding of threat actors’ behaviors and networks.
One of the key databases used to find information about Pompompurin is the BreachForums database, which is accessible through platforms like Breach.vip. When Pompompurin became a target of law enforcement, his involvement in BreachForums, where hackers traded massive amounts of stolen data, made him vulnerable to leak intelligence investigations. By cross-referencing user activity, leaked credentials, and other metadata from BreachForums’ archives, OSINT investigators are able to trace patterns that lead back to Pompompurin. Even after the initial takedown of BreachForums, the availability of its database provides a wealth of information for continued investigations. The integration of OSINT tools like OSIVE and access to databases like BreachForums offers crucial capabilities for mapping out the networks of cybercriminals and revealing their identities, as investigators attempt to unmask high-profile figures like Pompompurin.
conflict between RaidForums and BreachForums with Peter Kleissner
The conflict between BreachForum, RaidForum, and the owner of IntelX, Peter Kleissner, is emblematic of the growing tension between dark web communities and open-source intelligence (OSINT) platforms. Kleissner, an Austrian cybersecurity expert and founder of IntelX, offers services that provide deep searches into leaked databases, exposing sensitive information from data breaches. This has put him at odds with members of underground forums like BreachForum and RaidForum, who viewed his work as a direct threat to their anonymity and operations.
BreachForum, led by Pompompurin, and RaidForum, previously run by Omnipotent, became notorious for facilitating the exchange of hacked data, personal information, and illicit services. As IntelX allowed users to search historical data breaches, it became a powerful tool for OSINT investigations, aiding law enforcement and private sector investigators in tracking cybercriminals. This led to significant hostility from dark web forum users, who saw Kleissner’s platform as a gateway for authorities to trace their digital footprints.
Members of these forums retaliated by doxxing Peter Kleissner, leaking his personal information, such as addresses, phone numbers, and family details, across their platforms. These actions were intended to intimidate and discredit him, positioning him as a target within the cybercriminal community. The doxxing was part of a broader effort to resist OSINT platforms like IntelX, which undermined the anonymity that dark web users relied on to evade detection.
The conflict highlights the fundamental divide between platforms like IntelX, which aim to shed light on illegal activities, and dark web forums that thrive on secrecy and data exploitation. As law enforcement continues to crack down on these underground marketplaces, the role of OSINT providers like IntelX becomes increasingly critical, further escalating tensions between cybercriminals and intelligence professionals.
https://t.me/intelxio/238
https://t.me/intelxio/260
Analysis Methods
- Data correlation
- Techniques for correlating collected data to identify patterns and connections
- Sentiment Analysis
- Using natural language processing (NLP) to gauge public sentiment and reactions
- Network Analysis
- Mapping relationships and interactions within the data to uncover networks
Step 1: Identity Verification and Background Check
Key Data Points:
- Name: Conor Brian Fitzpatrick
- DOB: 26th September 2002
- SSN: 081-92-4399
- Driver’s License: 507274801
- Address: 531 Union Ave, Peekskill, NY 10566
- Phone Numbers: +1 9146423144, +1 9144025399, +1 9146999668
Tools & Methods:
- Public Records Search:
- Use public records search engines like Whitepages, Spokeo, or Pipl to verify the identity and cross-check details like the address, SSN, and DOB.
- Driver’s License Lookup (depending on local regulations, some websites offer vehicle registration or license checks).
- Address Verification:
- Use Google Maps with the provided link to confirm the physical location at 531 Union Ave, Peekskill, NY. Street view and address information will help identify the residence visually.
- Phone Number Lookup:
- Use reverse phone lookup services such as TrueCaller, NumLookup, or SpyDialer to determine if the provided phone numbers are valid and registered to the person. Cross-check the service providers like Verizon Wireless and Cablevision Lightpath.
Step 2: Social Media and Online Footprint Analysis
Key Data Points:
- Emails: pom@pompur.in
- Twitter: https://twitter.com/xml
- Telegram: https://t.me/paste
Tools & Methods:
- Email Tracing:
- Use email lookup tools such as Hunter.io, EmailRep, or HaveIBeenPwned to identify whether the email pom@pompur.in is linked to any public data breaches or other online services. You can also determine which services this email is registered on.
- Twitter Analysis:
- Perform a Twitter handle analysis using tools like Twitonomy or TweetBeaver. This helps map out tweet patterns, connections, followers, and any tweet history that could reveal personal or illegal activities.
- Telegram Group Scraping:
- Use Telegago or Telegram OSINT Tool to investigate the user’s Telegram activity. Look for group memberships, shared files, or possible links to dark web forums or criminal communities.
Step 3: Relatives and Family Connections
Key Data Points:
- Mother: Mary McCarra Fitzpatrick (DOB: 1967)
- Father: Mark E. Fitzpatrick (DOB: 1961)
- Younger Brother: Brendan Fitzpatrick
- Severely Autistic Brother: Aiden Fitzpatrick
Tools & Methods:
- Family Search Tools:
- Use genealogy websites like FamilyTreeNow or Ancestry.com to trace family history and validate the relationships provided. This helps confirm personal connections and may reveal additional relatives.
- Social Media Search:
- Search for family members on Facebook, LinkedIn, or Instagram using their full names and dates of birth. This can help you map out the family’s social connections, habits, and any visible ties to the target’s activities.
- Public Record Verification:
- Use services like MyHeritage or PeopleFinders to search for addresses, phone numbers, or any previous criminal records linked to family members.
Step 4: Legal Documents and Court Records
Key Data Points:
- Name: Conor Brian Fitzpatrick
- FBI Arrest: Related to computer crimes, likely due to BreachForums operation.
Tools & Methods:
- Court Document Search:
- Search public court documents using CourtListener, PACER (Public Access to Court Electronic Records), or Justia Dockets. These platforms can provide access to legal filings, indictments, and related case materials.
- Example: Searching for records related to the FBI arrest might reveal the exact charges, court proceedings, and sentencing.
- Media Reports:
- Use tools like Google News and Factiva to gather media reports related to Conor Brian Fitzpatrick’s arrest. Articles from reputable sources like Krebs on Security or Bloomberg (as linked earlier) offer detailed insights into criminal activities and investigations.
Step 5: Dark Web and Underground Forums Search
Key Data Points:
- Aliases/Username: Pompompurin
- Online Presence: Admin of BreachForums, Skidbin, and other dark web communities.
Tools & Methods:
- Dark Web Monitoring:
- Use OSINT tools like DarkOwl, IntelX, or Recorded Future to monitor dark web forums and marketplaces for mentions of “Pompompurin” or other linked aliases. These platforms often index dark web activity and can provide a wealth of information.
- Forum Analysis:
- Investigate BreachForums and any remaining Skidbin archives to locate posts made by Pompompurin. Use forum scraping techniques or custom queries to extract data related to illegal activities.
- Pay attention to underground connections and potential ties to other cybercriminals.
Step 6: Data Breach Search and Financial Information
Key Data Points:
- SSN: 081-92-4399
- Emails and Other Accounts
Tools & Methods:
- HaveIBeenPwned:
- Use this tool to see if the SSN, email, or any related accounts have been leaked in past data breaches. This helps determine if the person’s data is compromised.
- Financial Tracking:
- You can use services like BeenVerified or LexisNexis to conduct background checks that include financial history, potential bankruptcy records, and asset ownership related to the target.
Findings & Threat Intelligence
In a recent turn of events, the cybersecurity landscape has been shaken by the FBI’s decisive raids on Breach Forum, a notorious hub for illicit activities on the dark web. The aftermath revealed a complex web of exploits, compromised credentials, and unexpected vulnerabilities, shedding light on the inner workings of cyber criminal networks.
gov.uscourts.vaed.535542.2.0.pdf
- Findings and Threat Intelligence – Carie
- Identified Threats
- Summary of potential threats uncovered during the investigation
- Attribution and Source Verification
- Methods for verifying the credibility and origin of collected data
- Risk Assessment
- Evaluating the potential impact and likelihood of identified threats
- Reporting and Recommendations – Carie
- Reporting Findings
- Best practices for compiling and presenting the investigation results
- Mitigation Strategies
- Recommended actions to address and mitigate identified threats
- Future Monitoring
- Establishing ongoing monitoring processes to prevent future issues