High value target taken down.

Mar 20 2023

Gone Phishing Banner

Welcome to Gone Phishing, your daily newsletter that covers more scandals than Hilary Clinton.

Today’s hottest cyber security stories:

  • BreachForums breached by feds, top admin arrested
  • Another day, another Met police scandal
  • Emotet not-a-one-note malware returns via Microsoft OneNote


Good news, cybersecurity enthusiasts! We’re happy to kick the week off with a win for the good guys in the ongoing fight against the pesky cyber-scammers.

America, F*ck yeah!

In true Team America fashion, the feds came crashing through the doors of Conor Brian Fitzpatrick (pseudonym: Pomponpurin) and arrested the suspected (and self-confessed!) administrator of cybercrime marketplace BreachForums.

BreachForums is one of these now infamous scam marketplaces where cybercriminals log in via the infamous dark web and are able to buy and sell scams and info leading to heists, hacks, and crypto-jacks.

It’s one of many such websites. Others include:

  • XSS
  • Dread
  • Nulled
  • Cracked
  • Expolit

What’s the 411?

So, federal agents arrested Fitzpatrick who reportedly admitted he was the driving force behind BreachForums and was subsequently charged with “conspiracy to solicit individuals with the purpose of selling unauthorised access devices.

According to various sources today, experts speculate he could face as much as twenty years in federal prison. Lesser publications would make a ‘don’t drop the soap’ joke but here at Gone Phishing, we’re better than that.

This is a major win for law enforcement considering BreachForums is one of, if not the top cybercrime website so the fact that its top admin was tracked down and arrested will no-doubt strike fear into the hearts of scammers the world over. Hooray!

Down but not out

Incidentally, BreachForums was actually launched by Fitzpatrick as the successor to RaidForums which was shutdown by the FBI in April, 2022 during Operation TOURNIQUET (F*ck, yeah!).

In another depressing show of resilience, a user named Baphomet posted the following message to BreachForums:

Geez, take a day off!


The UK’s Met police just can’t put a foot right lately, can they? Whether it’s harbouring twisted rapists, sharing sick jokes about victims on WhatsApp groups, or general decades-old institutional racism, they are a source of constant embarrassment to this once great nation!

The latest offence isn’t quite as salacious as the above – more of a clerical error, truth be told. However, it’s always rather satisfying to see a failing institution hoisted by its own petard, shall we say?

The crime is this instance was failing to properly maintain records on organised crime groups (OGCs), resulting in inaccurate information being stored on a key database.

So yeah, we can add ‘cybercrime’ to the Met’s ever-growing list of offences. Do better, guys!

Boring stuff:

The Information Commissioner’s Office (ICO) said that London’s Metropolitan Police (MPS) infringed the Data Protection Act 2018, which states that “all reasonable steps must be taken to ensure that personal data which is inaccurate, incomplete or no longer up to date is not transmitted or made available for any of the law enforcement purposes.”

Indeed, between April and July 2020 a coding issue on the Police National Database (PND) resulted in the introduction of test data to the live system, which in turn caused some legitimate files to be rejected.

The Met failed to spot this “for a considerable amount of time,” the ICO said. Additionally, the Met apparently didn’t inform other police forces about the snafu for more than six months.

So, the classic Met combo of fuck up, followed by cover up.

Cyber-Jesus wept.


Some of our keener readers, or other forces of good in the cybersphere, may well be familiar with the notorious strain of malware known as Emotet.

Well, it’s back with a vengeance and its latest preferred mode of transport is Microsoft OneNote email attachments.

It sneaks in via these email attachments in an attempt to bypass macro-based security restrictions and compromise systems. Sneaky, sneaky!

Luckily the good guys have wised up the new trick and, as always, we are here to keep you in the know!

Like the Texas indigo snake, this naughty strain will appear dead for extended periods of time, only to strike again when the cybersphere least expects it.

As Secureworks notes in its profile of the actor: “Emotet is known for extended periods of inactivity, often occurring multiple times per year, where the botnet maintains a steady-state but does not deliver spam or malware.”

With regard to the new means of delivery, Malwarebytes explains: “The OneNote file is simple but yet effective at social engineering users with a fake notification stating that the document is protected.

“When instructed to double-click on the View button, victims will inadvertently double-click on an embedded script file instead.”

It’s getting to the point where you can’t help but wonder whether it wouldn’t be simpler to sack off email all together and return to the lost art of letter-writing. Oh wait, Royal Mail’s on strike again… Okay, homing pigeons, anyone? Smoke Signals? Anyone? Bueller?

Just kidding, keep your wits about you and listen to our stellar advice and you’ll be just fine, folks.

So long and thanks for reading all the phish!

Recent articles