How Hacker PomPomPurin Got Caught (Bad OPSEC)
Vložit
- čas přidán 27. 03. 2023
- In this video I discuss the OPSEC mistakes PomPomPurin made during his blackhat hacking career that led to him getting caught by the FBI.
₿💰💵💲Help Support the Channel by Donating Crypto💲💵💰₿
Monero
45F2bNHVcRzXVBsvZ5giyvKGAgm6LFhMsjUUVPTEtdgJJ5SNyxzSNUmFSBR5qCCWLpjiUjYMkmZoX9b3cChNjvxR7kvh436
Bitcoin
3MMKHXPQrGHEsmdHaAGD59FWhKFGeUsAxV
Ethereum
0xeA4DA3F9BAb091Eb86921CA6E41712438f4E5079
Litecoin
MBfrxLJMuw26hbVi2MjCVDFkkExz8rYvUF
Dash
Xh9PXPEy5RoLJgFDGYCDjrbXdjshMaYerz
Zcash
t1aWtU5SBpxuUWBSwDKy4gTkT2T1ZwtFvrr
Chainlink
0x0f7f21D267d2C9dbae17fd8c20012eFEA3678F14
Bitcoin Cash
qz2st00dtu9e79zrq5wshsgaxsjw299n7c69th8ryp
Etherum Classic
0xeA641e59913960f578ad39A6B4d02051A5556BfC
USD Coin
0x0B045f743A693b225630862a3464B52fefE79FdB
Subscribe to my CZcams channel goo.gl/9U10Wz
and be sure to click that notification bell so you know when new videos are released. - Věda a technologie
XMR is accepted at based.win/ for those who shop with excellent OPSEC
hey man I'm sorry but crypto makes you look kinda gullible and not actually educated about technology -- it makes it so incredibly difficult to continue respecting your opinions on technology as "informed" so I'm starting to lose my reason to keep checking this channel. I don't think it's possible to simultaneously understand blockchain technology and also have faith that crypto can ever be useful or ethical.
Can you please make it so i can use the website with the LibreJs Extension
@@tuckvison Money isn't ethical. Money is just a tool.
@@tuckvison Teaching people to avoid getting caught by the FBI should be a criminal offense too.
@@johnarnold893 Ok glowie.
Massive skill issue
ikr, firstname_lastname_DOB@gmail.com gonna go register a hackerman account with that LOL
@@MentalOutlaw imagine
Bros just bad
@@MentalOutlaw this is literally a copy of the top comment on your last video on this a week ago... don't encourage reposters smh
This is where the fun begins :)
GG; and not good game lol
This is probably the funniest / dumbest opsec mistake I have ever seen
The Silkroad one is even sillier in my opinion
@@moncef2466 Ross’s situation was funny, but this was just absolutely retarded
Ulbricht will probably take the corrosive exploding cake on multiple counts for Amazingly ABYSMAL OPSEC for all time to come: czcams.com/video/eQ2OZKitRwc/video.html Why (FOR HEAVEN'S SAKE WHY?), when the FBI comes to your doorstep demanding to know why you were sent several forged IDs do you think it a good idea to hawk your illicit goods website?
SWIM is competely innocent, here is his email. Again this is totally NOT ME.
Back in... 2015. He was 12/13 lol
This really helps my imposter syndrome. If Pom can hack the fbi but fuck up this hard I can do anything.
He probably wanted to get caught or got too cocky. He's said in the past that the FBI can easily get him if they wanted to.
@@user-xw4od8kb7y He knows he's young and the example has already been made with this stuff, so he won't get much time if any at all, probably probation. But he also knows he will get fame from this and maybe even turn it into a legal revenue source. I don't think it's unlikely he wanted to be caught, but it's 50/50
@@TrevoltIV Best thing the prosecutor could do is as for 10 years at hard labour. No different than robbing a bank.
@@johnarnold893 prosecutor can lower charges and do better. I know because it happened to me. Although his case is federal so it’s a bit harder
@@TrevoltIV lol what did you do mr hackerman
They not even gonna turn him into a informant because his OPSEC is so bad 💀
Lmaooo
this, maybe he can plea his sentence down by snitching, but he ain't getting a job with the feds after
@@MentalOutlaw someone this young hacking an FBI email server is still impressive. He can hack a Chinese government mail server, OPSEC is something they can provide him with. What I'm trying to say: The three-letter agencies don't hire people based on how well they can run away, but based on how much damage they can do.
You honestly think the people that caught him have better opsec?
@@MentalOutlaw you ever seen with your own eye's the opsec of government employees lol he's good.
If I remember correctly when the GTA6 leaker got caught Pompompurin said something along the lines "Idiot got caught from bad OPSEC" the fact he had this stupid of OPSEC I'm surprised he had the gall lol
in my opinion Purin's mistakes are even worse overall when you consider what he was doing. The GTA leaker was basically "haha! i leaked anticipated game for you guys! wait that's a crime? my fault g" whereas Purin obviously knew exactly what he was doing and how illegal it is and still made all these mistakes.
Bunch of kids cosplaying as ultra elite hackers
@@typicalmountainbiker
wait why is it not illegal when the government does it
@@sampletext9426 Ask Snowden...
At that point in time he had bad opsec but he hasn't been caught yet so he was well within his rights to trash talk the leaker 😂
Funny to think that I probably had better OPSEC than Pom as a 12 year old deciding to make an email for Roblox without my personal info in it.
Lol i laughed hard at this
to be fair, pom was ~12 or 13 at the time he DMd his email
@@sa1t938 no he wasnt
@@sa1t938 The breach took place in 2017, so he was like 14-15+
@@martini380 The conversation is from Nov 2020 though
3:21 Lmao that’s hilarious, one of the dumbest “asking for a friend” instances out there
Even though I’m not fits Gerald in any way shape or form, here is a email that wasn’t in the database!!
My name is definitely not Fitzpatrick and no way in hell is my first name Conor heheh.
I thought this wasn’t real when I first saw it… like what the hell was this dude thinking?? I’m sure the first rule of hacking is to remain anonymous. Ouch, big time!
@@Tophatjones358 it literally is! 😂 if criminals actually used their brain they wouldn’t have been caught so easily. Sending your email WITH YOUR FULL NAME is so bad
@@featheroml its not real, the feds found him with some other surveillance they cant / dont want to disclose publicly, but to arrest him they set him up with stealinf his credentials etc.
This is the e-mail equivalent of going to a store, buying something you’re embarrassed about then saying;
“… errr. This is for my… friend.”
10:12 How else are you supposed to avoid this? You get a static ip adress assigned to you by ur isp. What does he mean by same ip adress in the vpn?
No, no: "a friend", that way they will never know it's YOUR friend and therefore cannot link them to you directly. Using "a friend's friend" is usually an overkill, but provides the best Op-Sec on the planet and further. Even MiB could not have found me since '97.
Trust me, bro.
@@Criticalmaze He is saying if you connect to a VPN, then log into some l33t hackerman forum, then use the same VPN connection to access personal accounts connected to your true identity then you’re making it stupidly easy to get caught
I always wonder how much of the "bad opsec" we see in court documents is real, versus just what they submit to the court to secure an arrest warrant. If they use a backdoor or an exploit, they can more easily identify perpetrators, but they won't want to have to reveal the exploit in court. So once they've identified the person, they can monitor them until they can find some smaller crime to execute the initial warrant.
They do
I could fathom that happening; though it'd be unnecessary in this case since the FBI didn't really need any exploits to identify the dude - as they'd found his personal email within the RF leaks.
Kind of like how abc agencies would use stingray to gather info illegally, but they know they cant use it, so they use the information they gather illegally to catch them doing something lesser which they in turn use to get "legal" access to the info they rrady obtained illegally. I believe there was a case a while back where the accussed knew that they were 100% secure in their communications and the only way the agency could have the data they had was through illegal interception. So the case was dismissed. But they never stopped doing such illegal activites.
Anyone in a position of authority should have constant surveilance and total transparency around their actions. As there is far to much makebolence and corruption in gov agencies and law enforcement. These perpetrators who think they are above the law will not be able to hife their secrets forever. Their minds are sick with power.
There are truly good people out there but those in power try and rstionalize their actions by thinking, everyone else would do it too. But thats far from the case. They are afraid of letting anyone with morals into the mix. They make sure they take them to their after parties or private islands and test newcomers depravity. All while filming them to make sure they are implicated if they ever step out of line.
Its a big group and we aint in it.
I wouldn't ever want to be in it either. They don't see others the same as a normal person. They look at us as cattle. So if you think the gov will help you or feed us in times of desperation than we are hopelessly fooled. Weakened just like China wants us to be. As we were sold out as a resource a long time ago. I look at the debt clock for canada and i sure as hell have never had that much debt. Shit, my reparations of 5$ every other year hasn't had inflation accounted for in its inception. Over 100 years ago that was the price. Canada has defaulted on the payments they owe constantly. Canada was also a 99 year lease. The lease is not only up but was voided when the gov began to take control of our freedoms and try exterminate my peoples cultures by genocide and attacks on our longhouse ceremonies by the RCMP in the 50s and 60s. Then the residential schools and tearing children from their families. This wasn't all that long ago either. Rap1ng and mutilating children for their own sick n twisted desires, those are the supposed "men of god" that so many worship. Many were shipped over seas as tortutre toys for a certain famous family. Im sure we can all guess who.
There is much truth to be told. Its up to us good like minded people, those with true love in our hearts to come together as the rainbow nation and prevail against those who oppress others for their own gain. Instead of all working together to lift eachother up. We can lift all of humanity to new heights of advancement where all can prosper and still maintain a 7 generation guarantee. Which means we take care of our mother earth and her resources so that 7 generations down the line mother earth will still be bountiful and all nations able to thrive together.
At the rate and state that these "world leaders" have us in now-a-days, we will be lucky to make it 3 more generations before all is poisoned beyond repair. 😢
I have faith that us people with strong morals and love in our hearts and mind can prevail. But we are going to need help from each other. Let us come together and reach our potential!!!
I think some of the Snowden revelations talk about exactly this, with some cases being dropped entirely because they didn't have any evidence that didn't reveal the existence of rogue cell towers.
Those techniques are pretty sophisticated, quite rare or even non-existent. Dude was a kid who ran a forum... That's overkill and nobody's going to risk burning that for nothing.
Can we at least agree that his hacker nickname was unironically, positively adorable
yeah, like a japanese sh
yeah I mean he was literally named after a Sanrio character xD
He really tried the "asking for a friend"
The original "in minecraft"
The hacker community might have to make a “10 OPSEC commandments” 😂
There are plenty of them on dread 😂
Dual Core - Hack Commandments
yw
@@username---------- 🤝
Just goes to show when you get involved with online crime you're playing for keeps. Everyone thinks they're the perfect one, infallible, Michael Jordan's of the internet. But everyone is capable of making elementary OPSEC errors, that leave permanent consequences. It just takes one mistake for the glowies to get you.
He honestly had one of the shortest affidavits I've read, usually they've collected a lot more information. Probably partly due to a rushed case though. Not surprised, was just a kid after all.
Holy shit? It’s the legend Crumb!
????
yeah everyone is capable of making a stupid opsec mistake, but signing into raid forums with his personal Gmail genuinely makes me wonder if Pom was lobotomized
I dunno, if i was running some forums like that id better turn into edward snowden quick af.
@@fort809 seriously can you even call that a stupid mistake at that point? Beyond regarded
.... i don't even know what he was thinking, how did he type what he typed out and think "hm yes, totally believable, I somehow pulled out an email with a full name and DOB that doesn't appear in the data breach, but I somehow found it, someway, while knowing it was in the breach. Foolproof plan."
keep in mind he is only 20 years old, he also believed putting "living in tokyo" in his bio tricked people
@@ravindur3825 20 year olds should know way better than that, imo
@@hmngghh yeah, tbh thats true. especially for him... i mean he "hacked" the FBI lmfao
Smoking that PomPom pack 🌬️ I'm glad he was so dumb.
@@ravindur3825 Age is no excuse for making such a bad mistake.
These court documents are really good at showing you how to do better opsec, and also proves (to me at least) that you're basically never gonna win.
Yeah honestly if the gov wants to give it to you they will. If your deemed "important enough" your on borrowed time.
not true, the government obviosly doesn't talk about it much but there are many smart criminals that the government can't catch. they just get the low hanging fruit like this idiot
Very unfortunate to hear about the victim's suicide where he crashed his car off the road, then dragged himself 3 miles into the woods and shot himself three times in the back of his head and a bear or Something must have taken the gun and the casings
@@kenosabi well yeah, it's a combination of good opsec and low profile.
If this guy had decent obsec they probably wouldnt have bothered, he didnt do anything too subversive
Mind boggling how poor this kids OpSec was. How long was he running breached for again? I wonder if they even give him a deal to work with the feds considering how many blunders he made.
Also, while I'm at it finally commenting on one of your videos, I want to thank you for putting out consistently high quality content for as long as you have. Without your videos, I wouldn't have found my love for Linux, and would still be using Microsoft Winblows
Pompompurin created Breached Forums around a year ago. People flocked to the site because he had been around on Raid Forums for years with a stellar reputation.
I have no idea how they didn't catch him sooner. Even among cybercriminals that has to be one of the worst blunders I've ever seen.
And he sacrificed... HIS FREEDOM!!!
@@UCp6Q6kiCeqBUSLE7IYCO35g yw mr FBI agent. We've reverse triangulated your home. 😉
@@typicalmountainbiker I'm sure they could have but the feds collect everything they can to ensure cases are essentially bulletproof. It also gives them time to monitor related activities. Imagine the feds realizing, "Oh wow this kid doesn't have a clue what he's doing... should we go get him?" "Nah, let's see what else he'll lead us to.".
Simp
Apparently, the hacker's password was 'password.' Who knew they were taking security tips from a '123456' kind of person?
"thats the code on my luggage"
If only he'd watched a channel called "Mental Outlaw" featuring videos about how to become anonymous on the internet
or "The Hated One" channel.. that guy is also top notch for this kind of content
The real reason he got caught cause he committed a crime, criminals often get overconfident after getting away, as a result they start making mistakes.
This is how most criminals get caught, besides the nowadays undercover agents are a trend, like there's one undercover cop in every city acting like a common civilian.
You would all probably do something equally stupid just this once when at your laziest / least attentive. Staying vigilant at all times is not easy.
Oh I 100% would. But that’s why I’m not out here becoming a notorious cybercriminal. If you’re going to do that type of thing, maybe you should know that you need to be that type of vigilant beforehand.
No.
I dont even use my real name/number nor my real address (I use the abandoned house at the end of the street) for grubhub deliveries
That's why you don't create an online persona if you're a cybercriminal, you're basically grouping all the stuff you've done, and when you make a mistake (because you will make a mistake) they will charge you for everything because you've already made the glowies' work for them
The safest thing you can have is a split personality
The key here is that Pompom didn't expect the private message to become non-private in his threat model. The chances are extremely low that the person he was directly talking to would try to ID him based on a hunch that conorfitzpatrick was his actual email. I'd wager that if he knew that other people would have eyes on that message he wouldn't be so lazy. He didn't expect the authorities to hack his forum and read all the records, which is the real mistake.
Yea the other guy aka the owner of RaidForums who was an even bigger moron.
There is some poetic justice in this.
He hacked the FBI / FEDs and they hacked him back.
Moments like these make me realize the world really does run on equivalent exchange rules often enough. You get what you give.
He still linked his hacker identity to a real email account, even if it's private messages, who knows who is sitting on the other end
@@qunas101 It's definitely a risk, but then again everything has a risk and/or cost. I still think that practically speaking, if we assume the message was never leaked, this would be in the realm of reasonable opsec. All security is a trade-off between security and convenience. He probably thought that the risk wasn't high enough to justify using more time and effort to find another email or ask his question in a different way. After all, he had a reason to talk about the email in the first place; he was trying to evaluate the quality of the data, which probably had significant monetary value to him.
I see what you’re saying, it makes Pom seem a bit less stupid to me. Still, any relevant person on that site should’ve instinctively known in their head “Never ever post my real name or real email on this site under any circumstance”
_"so my friend has this girl he likes"_
Hackers get decision fatigue like everyone else it seems
@Andai "Hello sir.
It has come to our attention that you have been a very naughty boy online. We have thus planned your next butt whooping session.
Kind Regards
Your local law enforcement institution"
Between pirates and hackermen, I can't tell who has worst opsec. I still remember when KAT got taken down because the admin was logging into his account via the same IP he used for Facebook and iTunes.
Proper pirates don't deal with torrents and the opsec is much better.
@@incremental_failure >don't deal with torrents
What? What do they use?
@@afinelad3673 they live in third world countries where they can't worry about piracy
@@afinelad3673 the retail employee who smokes behind the store
@@afinelad3673 chests laden with booty
And yet... we still are unable to capture the elusive hacker known as 4chan !
Are we?
I'm sure the strategy they drive with 4chan is just more cost-efficient.
Have the place fully diluted with BBC (not the media company) and c(d)uck pron posts.
Also 4chan is interesting because it represents a sort of hive mind that has weaponization potential.
I'm pretty sure they could have shut it down a long time ago. They don't because it's a hot bed for social engineering and experimentation.
They also take some inspiration from it for spreadability of messaging. I have recently seen a lot of advertizement following imageboard meme schematics.
@@Mayhzon Yes, I meant the original statement in pure jest, since a lot of coverage on them has been taking a stance against them that seems more serious than they actually are, 4chan when compared to RAID or Breach are nowhere near as damaging (to someone's privacy, security, etc) but they pretty much consist of radical members of society who aren't necessarily the best hackers, but have been proven to be relentless when they want to.
When can we finally sleep in peace again 😔
I always looked at "have I been pwned" as being something where I can enter my info, and expect it to be pwned shortly after.
sometimes
when you think you are at the top
you begin to assume there is nowhere else to go but down.
Thats when you get cocky and start acting a few levels below yourself.
Almost wondering if deep down, you SHOULD get caught.
corny
this reads like a bad haiku
Very true to real life unfortunately. I've experienced this first hand.
Love how pompom tried to use the strategy of hiding in the light, by using his real email and saying it is someone's email he found. It did fail though.
Would've worked if he just PGP encrypted his messages lmao! Still absurdly retarded though.
I would argue 80% of all 'hackers' aka script kiddies, have mostly bad to no OPSEC. It takes a lot of effort and awareness to continuously live two entirely separate lives. It's also extremely easy to get complacent with these things. Without any warning or obvious signs to get your attention once you've fucked up, you start to feel affirmed that your blunder will just fade off into the ether. "Oh well, data retention sucks for a lot of companies, that shits probably long gone by now...". Proper OPSEC is a livelihood, a lifestyle, a way of life. You don't just practice good OPSEC, you fucking LIVE good OPSEC. You separate your public life from your OPSEC life 100% top to bottom with no compromises. If you slip up, it's time to go scorched earth and deactivate for a long time.
It's very draining to switch back and forth. Laziness is OPSEC's worst enemy.
I really had to fight the urge from saying "he got caught because he wasn't careful" when reading the title. However, as I keep watching the video I kept thinking "I'll take The Most Reckless Hacker for 500, Alex!" JEEZ
Penguins need HUGS
Im not even a criminal but have better opsec than pom
"Im not even a criminal" sounds like what a criminal would say
@no-name 1.6 You might've even caught Bahamut himself!
@@aboyaser5608 The FBI are already on that one dw
my opsec is as bad as pom but im not crimal lol
@@no-name1.612 I would never ever commit b&nking fr&ud, wtf yt filtered my comment
These are my favorite kind of videos you make. Great "what not to do" guides
This guy really did the asking for my friend meme. I'm glad the FBI can actually perform these investigations. This was a really informative video. Learned a lot more about OpSec. Good reminder that using a VPN all the time to have two different identities is a weakness.
The PomPomPurin saga has been my favorite anime in a long time.
If only he had known grep has trouble with unreadable characters. He should have run the file through strings first.
Why would there be some invisible characters within an email address?
@@mskiptr within the text file
@@planetjanet3845 yeah, but if you're grepping for part of an email address, it will be in a continuous chunk of that file, right?
@@planetjanet3845 So, I did the following experiment:
for i in {0..255}
printf \\$(printf '%03o' $i) >>file.txt
echo -n FoobarBaz >>file.txt
for i in {0..255}
printf \\$(printf '%03o' $i) >>file.txt
grep -i bar file.txt
grep: file.txt: binary file matches
So even when the text you're looking for surrounded by all possible ASCII characters, grep still works.
I won't claim it does every single time, but I still don't see any reason why it shouldn't.
@@mskiptr I just know from experience, grep won't be able to find text I know to be present in a file unless I run it through strings first. I'm not sure what makes it give up, whether it's a certain quantity of unreadable characters or only certain specific characters.
Reminds me of how most car accidents happen close to home because people let their guard down after getting used to driving the same path everyday.
to me he deserves his jail sentence like all the hackers on his forum that steal people's data
It would be interesting to hear your take on how he should have acted in order to minimize the risk of being caught. Of course he shouldn’t have used his own email as an example in the first place but apart from that a walkthrough of each opsec error linked to what he should have done, eg. using different IP’s, Tor etc, would be quite interesting imho. Great video as always! 👍
well for starters he should have gone and bought a buner phone with cash from something like craigslist and then used burner SIM cards to activate ..but the key is to never take the burner phone home nor have it by your personal phone at all.. this will give you 2 seperate identities that would be very hard to link if done right
So it's impossible thanks
@@jayl3840 yeah but the phone isnt that important here tho 🤷♂🤷♂
Go to jail for criminal stupidity.
Poms opsec is probably on par with Ross and most other extremely dumbass mistakes people make in cyber security, it's entirely attributed to ego, especiallly black hats. Infosec and opsec go hand in hand. As someone in cyber security (the blue team) I like baiting pentesters, black hats, asking my friends to hack me lol etc (as counter intuitive as it sounds it really helps people understand computers not just for pentesters but for me analysing vulnrabilities software or hardware, it helps us both improve, but this is extremely hilarious for so many reasons to me.
When I saw him trolling "vinny" and beefing with cyber security experts (looool) it was only a matter of time before he got caught, that's not how you act if your doing something illegal, in summary, he was an idiot. Regardless, it's extremely hard to have good opsec in any 14 eyes, if 1. you live there 2. target the people associated within them, even if you didn't and commited enough big of a cyber crime uncle sam will kidnap you out of Iran, they don't care
Vinny from vinesauce?
How so? Ross Ulbricht was only connected to his real name through a single slip up years before Silk Road was popular where he made a forum post “advertising” the site. The FBI found the very first mention of it online, and that lead to his arrest. This is 20x the amount of information leaked in a very short amount of time, with multiple different forms of ID.
@@MarioGoatse Ross legit went on the clearnet promoting the site silkroad (extremely conspicuously even that would be an understatement) which is what got him on the alphabet boys radar to begin with, using his real name on an email, what makes his opsec possibly even worse is that they were able to estabilish a very concrete link to the point even aristotle would've walked out the courtroom.
@@superdanyal2009 He made a single forum post way before a site like Silk Road was even considered possible to be successful. It was a massive shot in the dark, so I can understand a young guy that isn’t a hacker so doesn’t have the best OPSEC yet, making a forum post to ask if anyone knew anything about “this new website”. Compared to this dude who should have already been on extremely high alert due to being a hacker and having been a former user of raidforums that had been taken over by the authorities. There’s a bit of a difference between the two as Ross could not have predicted that Silk Road would have been as popular as it was, whilst Fitzpatrick was actively hacking sites and wasn’t even using a VPN. Ross messed up once early on. Fitzpatrick messed up consistently and continuously. That’s the point I was trying to make.
@@superdanyal2009In ross’ defense, he literally made the first Bitcoin darknet market in history, he had no idea how big it would become or how much attention it would attract from the feds, there was no precedent for him to learn from. in the beginning he probably saw it as an obscure secret drug market for geeks and thought the boomer feds might not even catch onto it. Plus he didn’t advertise Silk Road with his real name email in the post, he used the username altoid which they linked to another post that had his real name email. His opsec was bad but Pom’s was just ridiculously bad, especially with the 100x extra knowledge of opsec you’d expect a cybercriminal to have compared to back then
It makes you think how people like this don't get caught sooner
Because the feds monitor them after finding out to stack up evidence. It's not like they raid them a day or even a week after figuring their real info out.
I’m sure the FBI has to build a case, and also a hub for this activity really routes traffic to an east to monitor place for the fbi. I’m sure they let this stay up strategically.
@@kahok5ownage I just said that
It's a combination of both incompetence (in some cases) and Strategical waiting in other cases, as feds will never pro-actively get (or stop) the offender during a crime (or even a series/multiples of them). They'll wait till a stack of crimes have been committed before they then bust ya.
its all a psyops
As an average racercar jonnie, even I was AMAZED that my boy did this. That's a pretty bad mess up.
First I was like "15mins? ain't nobody has time for that" and here I am grinning throughout the whole video not even feeling the time. Great job, thanks for the video!
In these trying times, yacht rock provides an escape from all that.
SAIIIIIILIN’ TAKES ME AWAAAAAAY
I love yacht rock on sirusxm
He is a cyber criminal not a hacker, it's not the same
Goes to show that pom pom won't be useful to the FBI at all 🤣
Man do I love the bad OPSEC videos. I'm no expert but they are funny as hell.
kudos for another great video! If you don't mind sharing, how do you keep always so up to date with the latest tech-related news? Do you have any newspaper/blog/news website to share? I think this could also be a cool topic for a video.
I've never understood why people wouldn't take advantage of the anonymity of email and NOT use personally identifying information RIGHT IN THE USERNAME.
These kids have probably never even heard of Kevin Mitnick.
Was wondering how someone seemingly so skilled could get caught by the feds, he might as well just sent them a formal email admitting to his crimes
If I had to guess, bro had an off day.
If you doing shit like this tho, you can’t afford an off day
New sub, enjoying the content, cheers good sir!
Bro. I love pompompurin (the Sanrio character) to the point I have a tattoo of him. I also work in cybersecurity. Finding out about Pompompurin is one of the wildest crossovers to me
Please do a video on RESTRICT act. It needs to be known, and everybody just thinks of it as "the bill that bans tiktok"
Whenever somebody on Breached would scam somebody Pom would often post the scammers IP address, which always made me suspicious of Breached OPSEC. It meant that he kept some kind of log, and turns out to have been true.
This kid is pretty good at customer service. Good on em. Hope he finds a passion in business
man i really like your channel, thx
let's be real, if they had some kind of back door they're not going to just say "we found it from a back door" they would make a fake story like this
nah they would just redadact how they did it or say they used special techniques or something like that .. this was flt out just lazy and bad OPSEC
@@jayl3840
Yep. They would take the chance to brag a little.
After all they already have agents on the Joe Rogan podcast doing so.
"Look at this amazing power we wield and what we can do with it."
They must have been pretty disappointed in how they caught up to this Pompom guy. Easy pickings, didn't even have to start up any of their high profile software tools.
We always have this romanticized idea in our heads that hackers are these brilliant computer geniuses that can never be caught and if they do it's like you said, the FBI must've had to dedicated a mountain of resources and time to finding this super evasive, super smart hacker.
But no....more often than not...not at all.
It's interesting as well because as you sift through the evidence you see pompom become a little better at what he is doing but his old mistakes are basically a permanent footprint.
just like Al Capone, it is always easier to get criminals on the small/dumb stuff than the big stuff.
You should make a video about computer opsec and phone opsec set ups like a “how to build a gaming pc” video but with cyber security.
its funny because the first video i ever saw from you was the one explaining how tor users got deanonymized because of bad opsec
high iq opsec moment
I am glad i never went to any of these forums. Who would of figured the opsec on a hacker site is less than kindergarten level. Damn i got a separate computer and vpn just for watching movies i don't even do hackerman type activities anymore and haven't in 20+ years
Beautiful breakdown
Hey man, you are one of my favorite content creator's 💙 👌 thx
Baph and Pom's opsec seem to be worlds apart, so whatever comes to replace BreachForums will likely be much harder to take down
FBI really said: "this you?"
you should cover the new restrict act, its hilarious
Most intelligent Windows user right here. Spends a paragraph explaining how he's confident that the grep command indeed works. Good stuff lol
This did make me laugh, but thinking about the digital footprint I left on the internet as a teenager is pretty concerned... am I permanently screwed?
Damn...laziness I can get, not everyone wants to bother with using five different email addresses, multiple phones, VPN and all that. But come on man, you were the leader of THE biggest hacker forum on the internet...at this point I think the guy had just no self-preservance, given that he admitted everything to the cops as well XD
the worst part is that he was using Apple shit, he was asking to get caught.
@@LucasCunhaRocha Should have used Tails OS...XD
We need an Intro to Opsec course lol. Teach all the youngsters what they need to do
I think this would make for a good spin off video on best practices for OPSEC not for hackers but just for Privacy advocates and people sick of Google and Apple and Big Brother spying on you 24/7. I think this would be interesting and make for a cool video!
omg he really tried the "asking for a friend" strat.
People gets comfortable...
It's same with tools... once you're not scared of getting hurt... you're getting screwed
Please make more Good OPSEC videos! If "hackers" lack having them then awareness about it is vital for all... like that epic OPSEC Bible 2022 video you made... not for criminal activities but any average joe who does not want a 3lettered private part up in his privacy... and again PLEASE message me MO, I need to get a hold of you and there doesnt seem to be a way.
I got a question. How is this different than MS or google scanning your emails, stealing your password, and then unencrypting your files with it? I never authorized them to steal my passwords or unencrypt my documents with them. Are they selling passwords too? Seems no different than what they were doing on the forums.
It seems that it's inevitable that a hacker would be caught, because when learning or doing "beginner hits", of course his OPSEC wouldn't be perfect, so even if he became very good in due time, he would still leave behind him a trail of mistakes from when he was less experienced?
What am I overlooking? I'm a Windows peasant so I don't know anything, so tell me.
You're right. That's why it's important to keep making new and separate sandboxed accounts
@@pleonexia4772 what are new sandboxed accounts?
@@popcornto6032basically the rule is to never create a trace by always using a throwaway account or preferably never appearing (unless you need to make transactions, which is very risky)
@popcornto : sandboxed means isolated and separate. It makes it a lot harder to screw up by accident.
@@halcyonacoustic7366 how does a separate account make it more difficult to screw up?
Or do you mean a new seperate account for everything regularly such that old mistakes can't be linked to new ones?
I know I asked about this on the comments of the last video but please make a video about what isn't bad opsec; is it possible to have a life and still have good opsec?
How can you keep your personal and "work" life separate when you don't live alone (i.e. live with relatives or are married)?
Who can you trust (if at all, since in an investigation folk can be easily manipulated into saying something that can be useful to the glowies)?
You mentioned creating faraday cages with aluminium foil, but what if someone finds out you do that? Are they not a security vulnerability?
Please check my comment on your last video, it's a lot more complete in what I am really asking
check out the OpSec Bible for 2022 (or sth like that), it's another video of his that basically covers everything you asked for, and then some. Search on his channel and I think you'll find it. :)
If you don't even have your own place, I think you can forget about navigating the "seven seas" 😂
Why don't you watch Darknet OPSEC Bible 20022 Edition........... You might learn something
Good opsec would be keeping everything separate and reducing vectors for attack.
You have one machine you use for accessing ordinary life. Another machine everything else. This second machine should run a custom linux build tailor-made for your usage by handpicking the things you need. It should not use Intel chipset technology (all three, Intel hardware, Windows and Apple software are compromised by the American Hegemony).
Furthermore, everything to your second persona has to use separate e-mail accounts, connect through VPNs from off-continental influence zones and use as little of your personal data as humanly possible.
No checking reallife stuff with this second setup or vice versa. Mix-ups straight forbidden.
This way you reduce attack vectors. As with everything, 100% security does not exist and never will.
This communication technology we all use was granted us by the higher powers and thus they came up with it and know how to control it. So it's a matter of Risk + Effort vs Reward + Priority.
If what you do is low value, nobody will bother checking your stuff or bother putting together a court case.
If you are of high prolific criminal activity like Pompom, dumb enough to piss off papa government on purpose (hacking their agencies, constantly disparaging their efforts somehow) or are of geopolitical significance, no amount of security will be enough to save your sorry hide from the eventual consequences indefinitely.
Hey man. Can you make a video on the restrict act? The ban ticktock bill? It’s very anti privacy
Confidence boost I needed today
So perhaps he wasn't a hacker after all but just discord mod.
They say we need cops, and yet we have criminals doing shit like this.
Oh so you think the fbi deserves it's security? B-b-bootlicker 🤡
What kind of backwards logic is that?? It was the cops (Feds) who worked out what this criminal was doing, so maybe you do need the cops if you want to arrest people like him. Your logic would make sense if it wasn’t the police that found out all this information.
Brainlet moment
It's somewhat insane to think how many hacker types still hold onto their hacker alias even after having used it on a compromised platform.
Both PomPom and Baphomet held onto their previous ID after Raid Forum, just hoping that there was not a trace of their irl identities attached to the platform?
Subscribed for the hip hop references
When this new law passes, just attempting to have privacy will be punishable with 20 years.
Ahh yes the RESTRICT ACT - that shit is terrifying
I have no words. If you're doing illegal shit, don't get lazy.
lol funny earlier this month I was thinking about registering for fb, but I guess that's out the water now
When I started using a VPN I at first had a bit of a guilty feeling accessing Google, CZcams, etc from the VPN's IP for having established a theoretical connection between my identity and other things I look at on the internet. But I'm not wanted by the FBI for having ran illegal websites or anything, but damn, to have such a shitty OpSec, all while having so many glowing enemies AND living in the United States? You'd expect more from a hacker this famous. Like at least routing everything through TOR and having a separate device or at least a VM that is only for his anonymous activities.
PomPompurin had C.P. charges too. Not cool.
jeez that's a rare tag how much did you buy it for?
Curious question as i'm goin to study OPSEC at university next semester. COuld he have done better with a dual os and hwid/macspoofing, even if he used the same ip from the vpn provider? (One For private use and one sanitized for breached)
That biggie smalls analogy was perfect haha fire song too
the bladee song lmao
the second i saw that my brain went off
Crazy how much data they were able to get to trace back to him
There are a lot of developed tools by the glowies that we have no idea about
@@deordered. This doesn't even use them lol.
@@EricLopushansky lol
When the feds come for you, they usually have unbreakable proof 😭
11:50 lmaoo, great summary. Never backdoored CPUs. Always just the low hanging fruit 😂
Btw, I wonder, if glowies have access to history of internet connections, can't they trace back a VPN user / TOR user, by the amount of traffic that they are sending on exit and on entry node, as you do not create a new bridge for every packet?
Well,PomPomPurin is 20-yers old (today is 2023)
He reveals his email on forum at 2020 (17 y. old)
What are you waiting from a teenager ? of course he did so idiotic mistakes,many of them,because of lack of experience and knowledge on his dangerous way on the dark side of internet that requires paranoiac caution
imagine trolling the fbi and having a terrible opsec, funniest shit rip bozo
I'd generally consider trolling your local security agency as bad idea. If someone could not resist the temptation, he should at least be annoying for security agency from different a continent.
This has the same feeling as the "I am asking for a friend" sentence 😂
lmao drain gang always shows up in the funniest places
fr
Average bladee enjoyer