SlideShare a Scribd company logo

Pompompurin_storie_di_sequestri.pdf

Massimo Giaimo
Massimo Giaimo

On Friday 9 June 2023 I had the opportunity to participate as a speaker at the HackInBo Business event, one of the most important conferences on cyber security in Italy. During the talk I presented, I talked about the history of RaidForum, BreachForum and ExposedForum and the Genesis and Solomon marketplaces, recounting the seizures actions and the arrests of the founders of the various projects. I also put a particular focus on the activities that pompompurin, administrator of the BreachForum forum, has carried out and which have denoted a lack of correct OPSEC. I am happy to make the slides of the talk available to you.

Technology
1 of 27
Download to read offline
storie di sequestri! pompompurin & C.
05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 Let's start here... ▪ Name: RaidForums ▪ Launched in: 2015 ▪ Seized on: April 12, 2022 ▪ Users: 530.000 at time of shutdown (DB leaked!) ▪ Founder: Diogo Santos Coelho aka "Omnipotent" ▪ Number of dbs published: 517(*) 2 (*)https://justpaste.it/baht0 2015
Diogo Santos Coelho ▪ Name: Diogo ▪ Surname: Santos Coelho ▪ AKA: Omnipotent ▪ Date of birth: February 22, 2000 ▪ Nationality: Portugal ▪ Arrested on: January 31, 2022 3 Details about indictment against Diogo Santos Coelho are available here https://www.justice.gov/usao-edva/press-release/file/1493606/download
From RaidForums to BreachForums ▪ Name: BreachForums ▪ Launched in: March 4, 2022 ▪ Closed on: March 21, 2023 ▪ Users: 336.800 at time of shutdown ▪ Founder: "pompompurin" ▪ Number of dbs published: 879(*) 4 (*)https://justpaste.it/bc3dv 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
pompompurin – the beginning 5 ▪ First observed in the underground in December 2020 on RaidForums ▪ Was a prolific access broker and data seller on RaidForums ▪ In March 2021, he told Krebs on Security that he obtained transaction database fow WeLeakInfo ▪ In November 2021 he find an error in the FBI’s Law Enforcement Enterprise Portal that allowed to send spoofed email from the FBI’s domain ▪ Some days later pompompurin claimed credit for an attack against the financial services company Robinhood Markets Inc. These actions cause pompompurin's reputation to increase exponentially! 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
pompompurin – enemies SPOILER This is the first step in the acquisition of enemies for pompompurin 6 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
The birth of BreachForums SPOILER This is the second step in the acquisition of enemies for pompompurin 7 How the forum started: pompompurin tagged the FBI in his tweet announcing the forum. Here are all tweets from pompompurin Twitter account "@xml" archived and searchable: https://intelx.io/?did=8630eb0d-be98-4ec5-902a-f1e107baeccc 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
pompompurin – enemies SPOILER: This is the third step in the acquisition of enemies for pompompurin 8 Messages by Peter Kleissner – Intelligence X 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
What is found on these forums? 9 According to the affidavit(*), page 5: Since its inception, the FBI’s review of the BreachForums website indicates that, as with RaidForums, it operates a “Marketplace” section that is dedicated to the buying and selling of hacked or stolen data, tools for committing cybercrime, and other illicit material, including a “Leaks Market” subsection. Some of the items that are commonly sold on BreachForums include bank account information, social security numbers and other PII, and account login information for compromised online accounts, such as usernames and passwords to access accounts with service providersand merchants. (*)An affidavit is typically defined as a written declaration or statement that is sworn or affirmed before a person who has authority to administer an oath.
BreachForums – the second admin The second BreachForums administrator is first mentioned by pompompurin in an interview with the dataknight.org blog. The interview is visible at the link https://web.archive.org/web/20220317205735/https://dataknight.org/exclusive-interview-with-pompompurin/ 10 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
pompompurin – OPSEC #FAIL! pompompurin made some mistakes during his activities (based on the affidavit): ▪ he logged into his RaidForums account from his real Verizon IP ▪ during a communication with Omnipotent, administrator of RaidForums, he revealed his old email account (conorfitzpatrick02@gmail.com) ▪ pompompurin set funmc59tm@gmail.com as the recovery email address for his new account conorfitzpatrick2002@gmail.com. Subscriber (Google) records for this account reveal that the account was registered under the name “a a,” and created on or about December 28, 2018 from the IP address 74.101.151.4. Records received from Verizon, in turn, revealed that IP address 74.101.151.4 was registered to a customer with the last name FITZPATRICK 11
pompompurin – OPSEC #FAIL! ▪ he logged into many real personal accounts and breached accounts from the same IP, multiple times. He used his personal Gmail addresses conorfitzpatrick02@gmail.com and conorfitzpatrick2002@gmail.com in a variety activities that are connected to his pompompurin persona ▪ he use the same IP to log into pompompurin RaidForums account and Purse.io cryptocurrency account ▪ records obtained from the SQL database of forum activity on BreachForums revealed that the pompompurin account on BreachForums was accessed from IP address 69.115.201.194 on or about June 27, 2022. Records received from Optimum Online, an ISP, revealed that this IP address was registered under the name of FITZPATRICK’s apparent father 12
pompompurin – OPSEC #FAIL! ▪ records received from Apple Inc. concerning an iCloud account associated with FITZPATRICK revealsthat the account was accessed approximately97 times from IP address 69.115.201.194 betweenon or about May 19, 2022 and on or about June 2, 2022, from an iPhone mobile device ▪ The FBI’s examinationof the pompompurinaccount’s posting activityon RaidForums and BreachForums further suggests that they’ve been controlled by a common user. For instance, in a post titled “Welcome & FAQ Thread”on BreachForums on or about March 16, 2022, pompompurinposted, “I’ve created this forum as an alternativeto RaidForumssince it was seized…If you used RaidForums you most likelyremember me, I was one of the more active users on there.” 13
Brian Conor Fitzpatrick ▪ Name: Brian Conor ▪ Surname: Fitzpatrick ▪ Date of birth: September 26, 2002 ▪ AKA: pompompurin ▪ Nationality: USA ▪ Arrested on: March 15, 2023 14 Other details about Brian Conor Fitzpatrick are available here https://doxbin.org/upload/pompompurin
pompompurin – enemies 15 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
pompompurin – TON OSINT 16
pompompurin – TON OSINT 17 [+] Details for number: +88803301337 ├ Owner address: 0:aba6b9763342b4e530abef0d72dd2b24fa2bd24912ac6a0e 65dcf5483530ed31 ├ Is scam: False ├ Owner name: pompompurin.ton ├ Last activity: 2023-04-24 05:32:02 ├ Balance: 24.836240878 └ ------------------------------------ https://github.com/aaarghhh/a_TON_of_privacy
pompompurin – TON OSINT 18 https://tonscan.org/address/EQCrprl2M0K05TCr7w1y3Ssk-ivSSRKsag5l3PVINTDtMSQC#nfts
pompompurin – post arrest 19 There is currently no news on the outcome.
pompompurin – post arrest 20
BreachForums – post seizure The second admin of BreachForums "Baphomet" initially claimed to move the forum to a new server, then decided to shut it down. According to him "someone logged in" to the CDN server. 21
Exposed.vc – the next one? ▪ Name: ExposedForums ▪ Launched in: 2023 ▪ Seized on: xxxx xx, xxxx ▪ Users: 4.904 at June, 5 2023 ▪ Founder: xxxx xxxx aka "Impotent" ▪ Number of GOD users: 182 at June, 5 2023 ($ 9100) 22 05/2022 04/2023 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
xxxx xxxx ▪ Name: n.a. ▪ Surname: n.a. ▪ AKA: Impotent ▪ Date of birth: n.a. ▪ Nationality: n.a. ▪ Arrested on: n.a. 23
05/2022 04/2023 Another story – Genesis Market ▪ Info stealer market place ▪ access via invite only ▪ seized on April 4, 2023 24 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
From Genesis to Solomon 25 All the links to the presented forums and marketplaces can be found within the deepdarkCTI project available here: https://github.com/fastfire/deepdarkCTI 05/2022 04/2023 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
26 C ONTACT U S www.wuerth-phoenix.com/en/contact-us info@wuerth-phoenix.com
Thank you Grazie Danke …more than software

Recommended

Space Invaders Paris XVIII
Space Invaders Paris XVIIISpace Invaders Paris XVIII
Space Invaders Paris XVIII
Prénom RVLEB
 
Discreteheat
DiscreteheatDiscreteheat
Discreteheat
Tony Campbell
 
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
Service Design Network
 
How to Make Money With Your Photoshop Editing Skills
How to Make Money With Your Photoshop Editing SkillsHow to Make Money With Your Photoshop Editing Skills
How to Make Money With Your Photoshop Editing Skills
Fiverr
 
Literary essay - The Picture of Dorian Gray
Literary essay - The Picture of Dorian GrayLiterary essay - The Picture of Dorian Gray
Literary essay - The Picture of Dorian Gray
Shreshtha Ramsout
 
introduzione_a_pfSense
introduzione_a_pfSenseintroduzione_a_pfSense
introduzione_a_pfSense
Massimo Giaimo
 
La (in)sicurezza nell'era della IoT
La (in)sicurezza nell'era della IoTLa (in)sicurezza nell'era della IoT
La (in)sicurezza nell'era della IoT
Massimo Giaimo
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 

Recommended

Space Invaders Paris XVIII
Space Invaders Paris XVIIISpace Invaders Paris XVIII
Space Invaders Paris XVIII
Prénom RVLEB
 
Discreteheat
DiscreteheatDiscreteheat
Discreteheat
Tony Campbell
 
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
SDNC13 -Day2- Methods of Design Synthesis: Learn to Synthesise Research into ...
Service Design Network
 
How to Make Money With Your Photoshop Editing Skills
How to Make Money With Your Photoshop Editing SkillsHow to Make Money With Your Photoshop Editing Skills
How to Make Money With Your Photoshop Editing Skills
Fiverr
 
Literary essay - The Picture of Dorian Gray
Literary essay - The Picture of Dorian GrayLiterary essay - The Picture of Dorian Gray
Literary essay - The Picture of Dorian Gray
Shreshtha Ramsout
 
introduzione_a_pfSense
introduzione_a_pfSenseintroduzione_a_pfSense
introduzione_a_pfSense
Massimo Giaimo
 
La (in)sicurezza nell'era della IoT
La (in)sicurezza nell'era della IoTLa (in)sicurezza nell'era della IoT
La (in)sicurezza nell'era della IoT
Massimo Giaimo
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Katpro Technologies
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
hans926745
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
praypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
wesley chun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
Results
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
Michael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
wesley chun
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
naman860154
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
Pixlogix Infotech
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 

More Related Content

Recently uploaded

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
Malak Abu Hammad
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
Delhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
Enterprise Knowledge
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
giselly40
 

Recently uploaded (20)

The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 

Featured

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Applitools
 

Featured (20)

Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 

Pompompurin_storie_di_sequestri.pdf

  • 2. 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 Let's start here... ▪ Name: RaidForums ▪ Launched in: 2015 ▪ Seized on: April 12, 2022 ▪ Users: 530.000 at time of shutdown (DB leaked!) ▪ Founder: Diogo Santos Coelho aka "Omnipotent" ▪ Number of dbs published: 517(*) 2 (*)https://justpaste.it/baht0 2015
  • 3. Diogo Santos Coelho ▪ Name: Diogo ▪ Surname: Santos Coelho ▪ AKA: Omnipotent ▪ Date of birth: February 22, 2000 ▪ Nationality: Portugal ▪ Arrested on: January 31, 2022 3 Details about indictment against Diogo Santos Coelho are available here https://www.justice.gov/usao-edva/press-release/file/1493606/download
  • 4. From RaidForums to BreachForums ▪ Name: BreachForums ▪ Launched in: March 4, 2022 ▪ Closed on: March 21, 2023 ▪ Users: 336.800 at time of shutdown ▪ Founder: "pompompurin" ▪ Number of dbs published: 879(*) 4 (*)https://justpaste.it/bc3dv 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 5. pompompurin – the beginning 5 ▪ First observed in the underground in December 2020 on RaidForums ▪ Was a prolific access broker and data seller on RaidForums ▪ In March 2021, he told Krebs on Security that he obtained transaction database fow WeLeakInfo ▪ In November 2021 he find an error in the FBI’s Law Enforcement Enterprise Portal that allowed to send spoofed email from the FBI’s domain ▪ Some days later pompompurin claimed credit for an attack against the financial services company Robinhood Markets Inc. These actions cause pompompurin's reputation to increase exponentially! 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 6. pompompurin – enemies SPOILER This is the first step in the acquisition of enemies for pompompurin 6 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 7. The birth of BreachForums SPOILER This is the second step in the acquisition of enemies for pompompurin 7 How the forum started: pompompurin tagged the FBI in his tweet announcing the forum. Here are all tweets from pompompurin Twitter account "@xml" archived and searchable: https://intelx.io/?did=8630eb0d-be98-4ec5-902a-f1e107baeccc 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 8. pompompurin – enemies SPOILER: This is the third step in the acquisition of enemies for pompompurin 8 Messages by Peter Kleissner – Intelligence X 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 9. What is found on these forums? 9 According to the affidavit(*), page 5: Since its inception, the FBI’s review of the BreachForums website indicates that, as with RaidForums, it operates a “Marketplace” section that is dedicated to the buying and selling of hacked or stolen data, tools for committing cybercrime, and other illicit material, including a “Leaks Market” subsection. Some of the items that are commonly sold on BreachForums include bank account information, social security numbers and other PII, and account login information for compromised online accounts, such as usernames and passwords to access accounts with service providersand merchants. (*)An affidavit is typically defined as a written declaration or statement that is sworn or affirmed before a person who has authority to administer an oath.
  • 10. BreachForums – the second admin The second BreachForums administrator is first mentioned by pompompurin in an interview with the dataknight.org blog. The interview is visible at the link https://web.archive.org/web/20220317205735/https://dataknight.org/exclusive-interview-with-pompompurin/ 10 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021 03/2022 2015
  • 11. pompompurin – OPSEC #FAIL! pompompurin made some mistakes during his activities (based on the affidavit): ▪ he logged into his RaidForums account from his real Verizon IP ▪ during a communication with Omnipotent, administrator of RaidForums, he revealed his old email account (conorfitzpatrick02@gmail.com) ▪ pompompurin set funmc59tm@gmail.com as the recovery email address for his new account conorfitzpatrick2002@gmail.com. Subscriber (Google) records for this account reveal that the account was registered under the name “a a,” and created on or about December 28, 2018 from the IP address 74.101.151.4. Records received from Verizon, in turn, revealed that IP address 74.101.151.4 was registered to a customer with the last name FITZPATRICK 11
  • 12. pompompurin – OPSEC #FAIL! ▪ he logged into many real personal accounts and breached accounts from the same IP, multiple times. He used his personal Gmail addresses conorfitzpatrick02@gmail.com and conorfitzpatrick2002@gmail.com in a variety activities that are connected to his pompompurin persona ▪ he use the same IP to log into pompompurin RaidForums account and Purse.io cryptocurrency account ▪ records obtained from the SQL database of forum activity on BreachForums revealed that the pompompurin account on BreachForums was accessed from IP address 69.115.201.194 on or about June 27, 2022. Records received from Optimum Online, an ISP, revealed that this IP address was registered under the name of FITZPATRICK’s apparent father 12
  • 13. pompompurin – OPSEC #FAIL! ▪ records received from Apple Inc. concerning an iCloud account associated with FITZPATRICK revealsthat the account was accessed approximately97 times from IP address 69.115.201.194 betweenon or about May 19, 2022 and on or about June 2, 2022, from an iPhone mobile device ▪ The FBI’s examinationof the pompompurinaccount’s posting activityon RaidForums and BreachForums further suggests that they’ve been controlled by a common user. For instance, in a post titled “Welcome & FAQ Thread”on BreachForums on or about March 16, 2022, pompompurinposted, “I’ve created this forum as an alternativeto RaidForumssince it was seized…If you used RaidForums you most likelyremember me, I was one of the more active users on there.” 13
  • 14. Brian Conor Fitzpatrick ▪ Name: Brian Conor ▪ Surname: Fitzpatrick ▪ Date of birth: September 26, 2002 ▪ AKA: pompompurin ▪ Nationality: USA ▪ Arrested on: March 15, 2023 14 Other details about Brian Conor Fitzpatrick are available here https://doxbin.org/upload/pompompurin
  • 17. pompompurin – TON OSINT 17 [+] Details for number: +88803301337 ├ Owner address: 0:aba6b9763342b4e530abef0d72dd2b24fa2bd24912ac6a0e 65dcf5483530ed31 ├ Is scam: False ├ Owner name: pompompurin.ton ├ Last activity: 2023-04-24 05:32:02 ├ Balance: 24.836240878 └ ------------------------------------ https://github.com/aaarghhh/a_TON_of_privacy
  • 18. pompompurin – TON OSINT 18 https://tonscan.org/address/EQCrprl2M0K05TCr7w1y3Ssk-ivSSRKsag5l3PVINTDtMSQC#nfts
  • 19. pompompurin – post arrest 19 There is currently no news on the outcome.
  • 20. pompompurin – post arrest 20
  • 21. BreachForums – post seizure The second admin of BreachForums "Baphomet" initially claimed to move the forum to a new server, then decided to shut it down. According to him "someone logged in" to the CDN server. 21
  • 22. Exposed.vc – the next one? ▪ Name: ExposedForums ▪ Launched in: 2023 ▪ Seized on: xxxx xx, xxxx ▪ Users: 4.904 at June, 5 2023 ▪ Founder: xxxx xxxx aka "Impotent" ▪ Number of GOD users: 182 at June, 5 2023 ($ 9100) 22 05/2022 04/2023 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
  • 23. xxxx xxxx ▪ Name: n.a. ▪ Surname: n.a. ▪ AKA: Impotent ▪ Date of birth: n.a. ▪ Nationality: n.a. ▪ Arrested on: n.a. 23
  • 24. 05/2022 04/2023 Another story – Genesis Market ▪ Info stealer market place ▪ access via invite only ▪ seized on April 4, 2023 24 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
  • 25. From Genesis to Solomon 25 All the links to the presented forums and marketplaces can be found within the deepdarkCTI project available here: https://github.com/fastfire/deepdarkCTI 05/2022 04/2023 05/2023 01,03/2023 03/2022 05/2022 04/2022 08/2021 2020,2021
  • 26. 26 C ONTACT U S www.wuerth-phoenix.com/en/contact-us info@wuerth-phoenix.com