The Cyber Express, like five other news services, received an email on 2 April from a person under the alias Sinistery. The person’s claim was simple: BreachForums is back in a new form under the name pwnedforums.
“I am the new admin, and you can contact me at this email for interviews and other news,” the person offered.
The URL given along in the email, an amalgam of popular cybersecurity breach portal names, turned out to be inactive.
A member of the forum, who uses the alias Frost, in their Telegram channel, attributed the downtime to a possible DDoS attack. The note was posted on April 1. Sinistery confirmed it but assured that “everything is fine”.
The website was inactive at the time of publishing this report.
This was the latest in the series of BreachForums clones that popped up hours after the FBI shuttered the breached data marketplace, following the arrest of its promoter-admin Conor Brian Fitzpatrick alias ‘pompompurin’.
BreachForums and clones: Claims galore
BreachForums hosted 336,800 members at the time of folding up. Its members were frantically searching for alternatives.
Attempts to revive the forum turned futile. Meanwhile, users flocking to other cybercrime forums has evoked mixed reactions.
“Users of a Russia-linked cybercrime forum Exploit already seemed disgruntled by the sudden influx of e-migrants,” Cybernews reported.
“So now that Breached is down, a slew of skids will be joining Exploit. Admins should raise the registration price to stop the influx,” the reported cited the complaint of one Exploit user.
The Telegram Group “Breach Forums”, run by former BreachForums admin “Baphomet” currently has close to 20,000 subscribers.
A hacker claimed to be a former member of the hacktivist group Anonymous was among the earlier ones to claim to have set up a BreachForums alternative.
The ex-Anonymous hacker, who uses the Twitter handle @_pirata18, claimed on March 27 to have set up a breached data forum named kkksecforum. The website is currently inaccessible.
BF is down, kkksecforum is up.
I need someone who would like to work with me administrating the Forum.
Contact me if interested.https://t.co/dLYOZrvNae@vxunderground @YourAnonNews @LulzSec @EterSec_ #BreachForums— Pirata 🇧🇷🇩🇪🇺🇸 (@_pirata18) March 27, 2023
Pwnedforums too attracted attention quickly. Some of the aspiring members were found publicly posting doxed data. A user with the Twitter handle @solminingpunk posted a list of emails.
https://twitter.com/solminingpunk/status/1642272964195368963
“Dont be a snitch. This is free evidence for feds,” warned another user under the handle @notdan.
Pwnedforums also has to battle an issue almost all new BreachedForums alternatives had to face. They had to assure that they are not a DDoS honeytraps.
Breached data forums and honeypots
“We have recently become aware of concerns circulating among some members of our community, suggesting that our platform may be a “honeypot” operated by federal authorities,” Sinistery posted on April 1.
“We would like to address these concerns and reassure you that this is not the case.”
Sinistery claimed that pwnedforums is an “independent platform, founded and managed by a team of dedicated individuals who are passionate about creating a space for open discussion and the exchange of hacking knowledge”.
Close to the shuttering on BreachForums, UK law enforcement officials revealed that they have uncovered a network of several thousand cyber criminals involved in DDoS-for-hire schemes.
The criminals were caught attempting to attack a honeypot system, set up by law enforcement agencies to lure cyber criminals.
In a separate incident, German police recently conducted a raid on FlyHosting, a web hosting company known for providing services to cybercriminals involved in distributed denial-of-service (DDoS) attacks.
The raid, which took place in early March, was part of an ongoing investigation into cybercrime activities.
FlyHosting was allegedly involved in hosting DDoS-for-hire services and malware distribution.
The company also reportedly offered bulletproof hosting, a type of web hosting that allows illegal activities to take place without being taken down by authorities.