BreachForums: Cybercrime platform apparently back online after FBI raid
After a simple request to the domain registrar, the admin of the underground forum got his domain back - the forum is back online. However, doubts remain.
(Image: Oleksiy Mark/Shutterstock.com)
The cybercrime marketplace "BreachForums" is apparently back on the Darknet and Clearweb just a few days after being shut down by investigating authorities. This was made possible by a simple request from the administrator to the domain registrar. The registrar quickly withdrew the FBI's control over the domain, and then apparently also the authority's account.
The forum administrator with the pseudonym "ShinyHunters" forwarded an email to the news portal HackRead, which allegedly came from an FBI employee and contained the procedure for the retransfer. The domain registrar, the Hong Kong company NiceNIC, transferred all BreachForums domains back to the original owner a few hours after the seizure. In addition, the author of the email discovered that it was no longer possible to log in to the FBI's NiceNIC account – apparently the domain registrar had blocked it.
NiceNIC did not comply with the urgent request to return the domains to the FBI, nor with the request to at least give the investigators control over the relevant DNS servers – and so the forum is once again accessible under its Clearnet domain and in the Onion network.
(Image: Screenshot / heise security)
Although a Telegram account assigned to the administrator "ShinyHunters" confirmed the action, doubts remain. It could be a tactic by law enforcement officials to spy on forum members in the coming weeks and trigger further investigations.
Forum for data thieves and cyber criminals
The BreachForums are mainly used for trading stolen data – the list of members also includes well-known players from the ransomware scene. A few weeks ago, international investigators led by the FBI (Federal Bureau of Investigation) seized the domains of the cybercrime marketplace with a court order and published a corresponding report.
In addition to taking control of BreachForums' primary onion address, the investigative conglomerate had also seized the domains, the forum's Telegram channel and various accounts of the administrator "Baphomet". He was apparently arrested during the operation.
(cku)
