Breachforums Seized for the Third Time in 3 Years as Law Enforcement Cracks Down on Criminal Hacking Forums

by | May 21, 2024

Since 2021, messing with government agencies and infrastructure has proven to be a sure way to become a priority target of the FBI, DOJ and associated international partners. Despite this some underground hackers persist in poking this bear, such as BreachForums moderator IntelBroker. The hacking forum has now been raided by law enforcement for the third time since 2022, likely in no small part due to IntelBroker hitting Five Eyes and Europol within the space of a month.

Arrests made in connection with BreachForums, but key figures still at large

BreachForums is somewhat unique in that its lineage of operators has tended to be from the US or Europe, in a field of cyber crime that is generally dominated by Russia. That puts the whole hacking forum scheme at a much higher level of risk from international law enforcement than usual, something that seemingly has yet to deter its participants (despite now being on its third seizure in as many years). A UK resident was the head of RaidForums, the predecessor to BreachForums that was taken down in 2022, and the head of BreachForums arrested during the 2023 raid turned out to be a New York man.

The hacking forum is thought to have had around 340,000 users this year, and has played host to multiple tranches of stolen files from around the world since its formation in 2022. But the key incidents that likely spurred immediate action were the leaks of confidential Five Eyes information from the April breach of a third party vendor, and the open sale of information stolen from Europol just weeks ago. IntelBroker also rankled US government officials by breaking into a Washington DC health insurance provider last year and obtaining the personal information of some members of Congress and their staffers.

Hacking forum “backend files” seized

A seizure notice now greets anyone visiting the hacking forum, and the FBI and DOJ have declared that they are reviewing “backend data” that might lead to the identification of operators and clientele. A visit to the site’s Telegram channel reveals the same message, along with some private messages from operator Baphomet that appear to have been made public as proof that the seizure is legitimate.

IntelBroker remains at large, but took to social media to reveal that Baphomet has been arrested. The other organizing force behind BreachForums is the hacking group ShinyHunters, which has seen members arrested recently in separate incidents. As long as high-level participants remain at large, the seizure and regrouping of the hacking forum under a new administrator might well turn into an annual event. Authorities are certainly not about to ease up in their pursuit of IntelBroker, who has been on a streak of government agency breaches that now dates back over a year.

The big question left by this incident is exactly what is making US and European hackers so confident in openly operating data leak sites in this way. Based on previous arrests, it might simply be the inexperience and overconfidence of youth.

Recent Posts

How can we help?

4 + 12 =

× How can I help you?