The day BreachForums went down, I was logged in.
It was just another scroll through the usual: freshly dumped data, stolen credentials, drama between low-tier skids and ego-filled “veterans,” and whispers of big leaks coming soon. The forum had become a weird digital blend of marketplace, flex zone, and intelligence source. But underneath all the posturing, it was a pulse—one you learned to feel when you spent enough time watching the flow of stolen data from breach to sale. And then… silence.
No splashy deface. No drawn-out farewell post. No FBI seizure page. At least not now anyway.
This is awkward.
This wasn’t the first time I experienced a BreachForums seizure. In the world of dark web research, I am in the “National Guard” of website search and seizures. It comes with the job description. All you need to do is follow a few simple rules, don’t be stupid, and you will be fine if a seizure happens. Speaking of seizures, I need to first tell you what BreachForums is and what it isn’t. Strap in, grab your favorite drink and get ready to hear some wild sh*t.
Instead of the red pill, I took the sketchy-looking blue one.
What was BreachForums? I am glad you asked, you curious little monkey you. BreachForums, sometimes referred to as Breached, is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools, and various other services.
On March 21, 2023, BreachForums was shut down following the arrest of the forum's owner, Conor Brian Fitzpatrick. The forum was later reopened under the ownership of the hacking group ShinyHunters and the previous BreachForums administrator "Baphomet". Fitzpatrick was later sentenced to 20 years’ supervised release. The site was again shut down and the domain seized on May 15, 2024, though the domain was back under the owner's control just hours later.
Something else that is suspicious is that BreachForums, along with other dark web forums, uses DDoS-Guard or Cloudflare for its web hosting services. You don’t believe me? Say hello to my little friend.
I know it’s not impressive to find DNS records, but doesn’t it make you question how legitimate businesses protect websites like BreachForums, Doxbin, etc.? But that is for another article I am writing. Keep in mind, this wasn’t the first seizure of BreachForums and will not be the last.
First Seizure:
On June 23, 2023, three months after shutting down, the clearnet domains for BreachForums were seized by the Federal Bureau of Investigation, U.S. Department of Health and Human Services, Office of Inspector General, and the Department of Justice in accordance with a seizure warrant issued by the U.S. District Court for Eastern Virginia.
Second seizure? Once wasn’t good enough?
On May 15, 2024, the FBI seized the most recent BreachForums clearnet site along with its onion site and the associated Telegram. The seizure followed a significant data leak involving Europol's portal. The forum briefly displayed an FBI seizure notice, highlighting cooperation with international partners. The FBI is examining the forum's backend data, which may lead to identifying members and advancing investigations. The forum administrator, Baphomet, was arrested according to ShinyHunters. The site came back online on May 29, 2024.
What could you find on BreachForums?
To a dark web researcher, BreachForums was a melting pot of information on stolen data. You could literally watch the “Shout box” as threat actors discuss current or future data breaches. Having said that, it was one of the best places to go if you were looking for stolen data. Items such as:
- 2024 Cisco data breach
- 2024 Geospatial intelligence firm Space-Eyes
- 2024 Ford Motor Company
- 2024 Europol data breach and many more.
Data breaches were not the only items that were for sale or on display. If you were someone who wanted to disappear or gain initial access to a company, it was the place to go. All items were either for sale on Escrow, or you can purchase with credits from the forum. The one thing that BreachForums was good at was variety.
Even though BreachFrorums was successful in being able to stay operational through all the seizures, it did have a lot of issues, but from within itself. Its own users and staff.
The kids are not alright.
You would think in the criminal underground of ill repute, it would be a free-for-all with no rules. You would be wrong. You would also think that a group of criminals who all have one thing in common would get along. You would also be wrong. Being a member of BreachForums is a lot like having an older brother or being in a fraternity. It’s messy, annoying, and like seeing your favorite Disney character in real life….disappointing.
Paranoia was the main flavor when it came to BreachFroums. You might have well been a “Fed” because you would be accused of it more time than anything. Rightfully so because the rumor was, the feds were running the website after the first or second take down. Talk about pressure. Yet knowing this, the criminals were still active on the forum and selling stolen data like the very first “Thigh master”.
It would also not be outlandish to see outrageous claims in the forums. I can’t count how many times I would see things that I didn’t believe, and coming from someone on a shady forum, it should be taken lightly. From a supposed DNC server attack to continued back-and-forth banter was the set tone most days on the forum.
There was also the part when a criminal would brag about how they breached a company. I always knew they were talkative, but not at this level. Can you imagine watching someone tell you how they committed a crime with no strings attached? It would be a good time to wear your brown pants.
Catching smoke with your hands.
Since the forum’s takedown, there have been riddles in the dark and chatter about the arrest of IntelBroker. For those of you who don’t know, IntelBroker was one of the key players of the breach forum. If the rumors are true, it would be a huge win for the Justice Department. If it is not true, it will be embarrassing because this is the third takedown without anyone being arrested as IntelBroker.
What do I know about IntelBroker? Not much. I never met him and only spoke to him once on the forum. It was for a ban appeal over “Leeching,”…which is exactly what I was doing anyway. That is all. He is someone who makes me wish I had multiple middle fingers. He was the first cybercriminal I have been following in hopes of helping bring to justice. I know I don’t know more than the FBI, but I have to help. Here is what I know so far:
It’s not enough to help anyone, but that is how dark web research works. It’s a lot like fishing. You go out in hopes of catching something great, but sometimes, it doesn’t always go to plan. At least you show up, right?
This is the end?
Now, there’s just fragmentation. Scattered chatter across platforms. More noise, less signal. The takedown didn’t kill the trade—it just pushed it into darker, quieter corners of the web. So, where was I when the world shut down? I was on BreachForums. Watching a chapter of internet history collapse in real time. Watching a torch fall—but knowing someone else would pick it up. Because in the world of breaches, nothing truly disappears. It just moves. Evolves. Hides better. And I’ll be there. Watching. Waiting. Writing.
Tidak ada komentar:
Posting Komentar