管理员Baphomet接管了该网站后,在发现其中一台CDN服务器被执法部门访问后,经历数天的思想挣扎,出于安全考虑,决定关闭该论坛,并考虑建立新的社区。
BreachForums(违规论坛)的管理员”Pompompurin“于3月15日在纽约的家中被美国联邦警察逮捕后,一个新的管理员“Baphomet”接管了该网站,在经历数天的思想挣扎后,在发现其中一台CDN服务器被执法部门访问后,出于安全考虑,Baphomet决定关闭该论坛。鉴于BreachForums目前已经无法在暗网与明网正常访问,“暗网下/AWX”梳理了Baphomet在其网站更新的经过PGP签名的信息。
更新一:pomupdate.txt
Baphomet表示将接管BreachForums论坛,并称他有大部分必要的权限来保护BF的基础设施和用户,并称正在为论坛的应急计划做下一步的工作。。
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512Although I had already suspected it to be the case, its now been confirmed that Pom has been arrested:
https://news.bloomberglaw.com/privacy-and-data-security/dark-web-breachforums-operator-charged-with-computer-crimeI think it’s safe to assume he won’t be coming back, so I’ll be taking ownership of the forum. I have most, if not all the access necessary to protect BF infrastructure and users.
I pretty much already assumed the worst at nearly 24 hours of inactivity. It’s not often Pom is gone an extended period of time, and he’s always let me know ahead of time if that would be the case. He’s also never been inactive this long on both Telegram, Element and the forum at the same time. At that point I decided to remove his access to all important infrastructure and restricted his forum account to still login but not to carry out any administrator actions. I also since that point have been constantly monitoring everything and going through every log to see any access or modifications to Breached infra. So far nothing like that has been seen.
I can’t respond to everyone at this point, as I am working through the next steps of the emergency plan for the forum. Please be patient, and try not to lose your minds.
My only response to LE, or any media outlet is that I have no concerns for myself at the moment. OPSEC has been my focus from day one, and thankfully I don’t think any mountain lions will be attacking me in my little fishing boat.
– Baphomet
—–BEGIN PGP SIGNATURE—–iQIzBAEBCgAdFiEEwjntiyso/csN4SiV9wumY4m0ToYFAmQU7RQACgkQ9wumY4m0
ToZefxAAgUd8QEFfrJVOManZjuEMU7XBHRmBO7NcsER1PJiiUuSoddSeDuFt400d
uM6f9F1mHNHFJma1yoHLR32S9L8fWTqIKwe0uT8GOFvcH7DECUBngDo4sEc9TFYw
IGgg+A1D4Gz9Gq5y+mJltJNTbCo6BotJ3jN12HSK4K0v0pe6oCEMeW/PKD/4F09/
sJ+BHhfELfElKxTe2Kg00TaXmEgaaRrxo+lVK6Ye0NO14I19RuKROJGQSd6PWVoN
bfEFUsW36zwM1u07+IZTYNPImy7jRgL9aoYTeKxRY+YZEg6QYZ1CnmpiXvzTTz9C
rOqod5nWjamzKjXMIMcHJNLWRO3xaY9rOcrctiDQA0cGDwJhdaCGtfzbk87ssGxH
omL7IzOL/m/OzMuW4fCDU6X2kKo4jrW0pN1r2b+EFEY+86SAUxdprBKt7+6vLMX/
AgnWAQi0WwX7dm2B+z++OOlYgZASSMsDHpFP0AiakVtvYcSQTzLIxxR0It8Z16li
dWhmkvs99LN+z6At+J47HYVuvCrAjoUZtH7MW2YeZOCHpWxX/jAgms/6J+bQZdp6
507s5ksQbL/iygGst9DUF9xuNiGlf124lGTl5Rs5fQfcPKax3zm2hIN/PqAozgiY
yk5RNFRcHuneRNvsuT3x1FaVzlzE/zKZHNB7ZY4zgKbcVtQ4dgM=
=1TO+
—–END PGP SIGNATURE—–
虽然我已经怀疑是这种情况,但现在已经证实,Pom已经被逮捕。
我想可以肯定的是,他不会再回来了,所以我将接管这个论坛的所有权。我有大部分,甚至是所有必要的权限来保护BF的基础设施和用户。
在将近24小时不活动的情况下,我几乎已经做出了最坏的打算。Pom不经常长时间离开,而且他总是提前让我知道是否会出现这种情况。他也从来没有在Telegram、Element和论坛上同时不活动这么长时间。在那个时候,我决定取消他对所有重要基础设施的访问,并限制他的论坛账户仍然可以登录,但不能进行任何管理员操作。从那时起,我也一直在不断地监控一切,并通过每条日志来查看任何对被破坏的基础设施的访问或修改。到目前为止,还没有看到类似的情况。
我现在不能给每个人答复,因为我正在为论坛的应急计划做下一步的工作。请耐心等待,并尽量不要失去理智。
我对LE或任何媒体的唯一回应是,我目前对自己没有任何担忧。从第一天起,OPSEC就是我关注的重点,幸运的是,我不认为任何美洲狮会在我的小渔船上攻击我。
更新二:smallupdate.txt
Baphomet提供了最小的更新,表示正在迁移BreachForums论坛,并称他必须格外注意,不能意外泄露我们新基础设施的任何部分。
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512Hello again everyone.
Just wanted to provide the smallest of updates.
I’m alive, and the migration is ongoing. Things broke as I expected, but that’s what happens when you have to move things this quickly, especially things that don’t like to be reconfigured this quickly. Keep in mind that during the migration I have to take extra consideration to not accidenly reveal any part of our new infrastructure without something or someone scanning the internet 24/7 discovering the true hosts of our infra by chance.
Again, any updates that come from me will be from my domain, my telegram, and my PGP key.
I know the community is wanting things to move much faster than they are, but taking the easy route will only put is in a bad spot. I’d rather make sure everything is correctly done. Thank you for your patience.
– Baphomet
—–BEGIN PGP SIGNATURE—–iQIzBAEBCgAdFiEEwjntiyso/csN4SiV9wumY4m0ToYFAmQYBkYACgkQ9wumY4m0
Tob0Jw//Wdzz6oaxpAXEUIgd9x9hAQBWtN7rvKmfQQdeHCrXDsB7W2AylVKYGhSr
YksPsRSCFQqma99Y4kwJqWjNALXkzWBvPeiQ4ztNp/GuCJvQdSCtG8Zsy0o96iuE
txQL+ZJ3Pghv1duHuh2VAAirsKu2Es6woc+MRkMcnJq9MTCV1bq8D2K6FoqoGgbB
6mov2v0+pDJLGlvoU5yFijwSWqBd/DFuwn1ssOvD61JFcJnmPhBnuwCz5T7p/Htv
2DOCP5TpvmL6BCq9yoqQxqeRR5eQVoQnpBWtpPt7CqCZwYnER+1vDnUeRxohqy+u
uByGQ0Sn80P2N/bICfCW3fXSu1Ko4+MhB1LBVtu2F8IpKnMyNXkHDF3rpJOkTqcy
G64vDk/+47TWqLIVHpSLK1Ya95yiIL8HYi1831NVBX0h/ta2rZIPaEh321kLEhx3
JoYRKx38VIPf0mOFG5coAFkE7Pbina0bbA/Di0bLsrW8fDT8D/tHwrbBuguGvZ0b
Sg+qfJ8PeZrI9g9blWLUqskcHjTI2One6uW4lonJ54LFMzlWZtlRnAbEkWOTUx6u
QjrRlw26XKxtm6keOMIe2H7seEZt5dPRSmPyZ2z6iwGIANyyAW75K7ANHF3PVHru
FWPIuFkPRv2PT294+7YgwOgxHlXAKxdo9+dV14aoO8yQJDHaslM=
=9QWt
—–END PGP SIGNATURE—–
大家好,又见面了。
只是想提供最小的更新。
我还活着,迁移正在进行中。事情如我所料,但这就是当你必须快速移动东西时发生的情况,尤其是那些不喜欢这么快被重新配置的东西。请记住,在迁移过程中,我必须格外注意,不要意外地暴露我们新的基础设施的任何部分,而不会有什么东西或人24小时扫描互联网,偶然发现我们基础设施的真正主机。
再次强调,任何来自我的更新都是来自我的域名、我的电报和我的PGP密钥。
我知道社区希望事情进展得比现在快得多,但走捷径只会让我们陷入困境。我宁愿确保一切都正确完成。谢谢你的耐心。
更新三:the_next_update.txt
Baphomet通知接下来BreachForums论坛会离线进行迁移,并表示应该在几个小时内恢复正常,并将在接下来一周里启用注册。
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512Hello everyone.
Some updates here.
First, you’ll see the forum go offline in the next 5-10 minutes here for further migration. This is expected, and it should be back up within a couple of hours assuming everything else (SB, CDN, etc) play nicely as well with the move. There won’t be any changes to the site, no fancy little logos or a shity login page that doesn’t work. There may be some stuff that breaks a little bit as a result but I’ll make sure everyone is aware of anything not functoning fully.
Once the forum is backup, I will be going through all my messages across all platforms to carry out requested deletions, answer questions, and respond to whatever else needs my attention. I appreciate everyones patience at this point, I’m sure there are better ways to go about this but nothing in this situation is easy.
Over the next week, registration will be enabled again. Scam reports and ban appeals will also start being handled, etc. I’m spending as much time as I can to bring things to a semi-normal state, while also making sure nothing was accessed and put our users at risk.
There is a lot of wild speculation going on at this time, and there is very little value in entertaining FUD – especially from those who only gain value from having us in chaos.
I’ve shared it with staff, and various other members – but I have high confidence Poms arrest was rushed. On top of that, I don’t think those who glow realized that I would remove his access as quick as I did or even more likely – didn’t think I had as much access as I did. It’s very likely they’re going to start doing dumb tactics to scare the community like attempting to get the domain suspended or seized, but this won’t really matter much. As with previous attacks, we’ll just move around like we always have. Some of the dumber speculation has been how Pom would have magically given me access from jail to move things. I’ll make it very clear again, I have access to nearly everything he had to run this site.
Again while I may not be overtly communicative over the next few days, I will continue to be online and things will continue to function the way they should.
—–BEGIN PGP SIGNATURE—–iQIzBAEBCgAdFiEEwjntiyso/csN4SiV9wumY4m0ToYFAmQXlzAACgkQ9wumY4m0
TobbAg/7BA/5KKNd3ewKOlsHhwWsfSx/j7uQNG05TIdBcZ6n8VTy5EkI8FcOw6Cm
ewhjoPnHwfOW7s2nT1OywHey0nfKwlzeddXNUVH3kwVuMU1OcQGqhLSOU/B5BJBy
NDu0x57xCdq0A25VBIP/wjpgK/Bb/sc6x2z7/H5IUIRPxKlcgPspckZatTSP9+a2
impDqqc8e1OEScG7dU2fFfa7Ms294oqT2V8CEV8YzEL/K2a79IIdYCrCFnIJtaGH
RJlZU8RSIKl//I9fgOpu3npVuvIX/Rcikt0+DaGhoWn3lg5awAqqEynrRSRzGmXc
7FCrpfg0BS/RcfaX83g0ssss3WdiAlhrVyP1Ws02S/t/e1LWSlAST7pvllBpeajL
mu1hRU/UyRkzCgAN6fcT1NfNhYig/KHxyTltNpRD6pphKxd/TOXeBqDDZi/dMKGZ
DRo5TIIbxLQwEssfH+sJgwY6j3Bbc6qoWX9dX2wgM1stRmiR9j8Bd5SUmPotGNtt
AIl1dJy5jy1C0yCM8MLBCZoJydaTcr5SSWrZKH8EujI/ue53Fi2gQCGHehvj0HKb
Kz3DG7xEfGSCJMTXuFzDAjOi0U5lcTHr4N2+HPKlGu2HY2lhR8fXRrccei1wWyiT
ik2prHPjgdYChLLcCqXO7mlqzN9B48mhBgZgeTtx3A3BmUuneA8=
=NV0J
—–END PGP SIGNATURE—–
大家好。
这里有一些更新。
首先,您会看到论坛在接下来的5-10分钟内离线以进行进一步迁移。这是预料之中的事,如果其他一切(SB、CDN等)都能很好地配合迁移的话,它应该在几个小时内恢复正常。网站不会有任何变化,没有花哨的小标志,也没有不能工作的虚假的登录页面。可能会有一些东西会因此而中断,但我会确保每个人都知道有什么东西不能完全正常工作。
论坛备份后,我将浏览所有平台上的所有消息,以执行请求的删除、回答问题以及回复任何需要我注意的事情。 我感谢大家的耐心,我相信有更好的方法来解决这个问题,但在这种情况下没有什么是容易的。
在接下来的一周里,注册将再次被启用。 诈骗报告和禁令申诉也将开始得到处理,等等。我会花尽可能多的时间让事情恢复到半正常状态,同时确保没有任何内容被访问并让我们的用户处于危险之中。
目前有很多疯狂的猜测,而接受FUD的价值非常小——尤其是那些只从让我们陷入混乱中获得价值的人。
我已经与工作人员和其他各种成员分享了它 – 但我非常确信Pom的逮捕是匆忙的。 最重要的是,我认为那些人(执法部门)没有意识到我会这快地删除他的访问权限,甚至更有可能 – 认为我不会拥有那么多的访问权限。 他们很可能会开始采取愚蠢的策略来恐吓社区,比如试图暂停或扣押域名,但这并不重要。 与之前的攻击一样,我们将像往常一样四处走动。 一些愚蠢的猜测是,Pom会如何神奇地让我从监狱中获得移动东西的权限。 我会再次明确表示,我可以访问他运行该站点所需的几乎所有内容。
再说一次,虽然我在接下来的几天里可能不会公开交流,但我会继续在线,事情会继续按照它们应该的方式运行。
更新四:finalupdate.txt
Baphomet突然称这是他对BreachForums论坛的最后一次更新,并称他决定关闭该论坛,这是唯一安全的决定,因为他已经确认了那些人(执法部门)有机会进入pom的机器。
Baphomet已经将所有的Breached的域名重定向到我的baph.is域名,并称虽然Breached的社区将消亡,但他将继续与某些人合作,建立一个新的社区,新社区将拥有Breached的最佳功能。
—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512Hello Everyone.
This will be my final update on Breached, as I’ve decided to shut it down. I’m aware this news will not please anyone, but it’s the only safe decision now that I’ve confirmed that the glowies likely have access to Poms machine.
As I said early on in all of this, anything related to production Breached infrastructure was locked down immediately – however I was kind enough to leave a few old, non-essential servers completely unchanged. One of those servers I left unchanged is an old CDN from months ago that no longer hosts any CDN files or configs but rather was used to just download large files from time to time.
Throughout the migration I checked to see if anything was going on that would cause concern during the migration. One of the servers checked, was the old CDN server described above. It seems someone logged in on Mar 19, 1:34 EST prior to me logging into the server. Unfortunately this likely leads to the conclusion that someone has access to Poms machine. Any servers we use are never shared with anyone else, so someone would have to know the credentials to that server to be able to login. I now feel like I’m put into a position where nothing can be assumed safe, whether its our configs, source code, or information about our users – the list is endless. This means that I can’t confirm the forum is safe, which has been a major goal from the start of this shitshow.
As for what this means now, It’s complicated. Unlike when other communities go down and everyone scatters, stupidly I will still be around. I will redirect all the Breached domains to my baph.is domain. The Telegram group and channel will remain up for now, but I will make a new Telegram group for those interested in seeing what I have planned next. I will always be willing to sign a message to prove my identity to the community.
While the community of Breached will die, I’m going to continue conversations with some of the competitor forum admins and various service operators who reached out to me over the past few days. I’m hoping to work with some of those people to build a new community, that will have the best features of Breached, while reducing the attack surfaces we never properly addressed. As with things like this, I have no doubt our userbase may be absorbed by another community but if there is patience then I hope to bring something back that will rival any other community that can take our place.
I’ll be taking 24 hours from the sharing of this message to just rest and think. I’ll be back online to talk with everyone, and we’ll go from there. The domains for the time being shouldn’t be seized, but I’ll let the community know if any of that happens.
For now – see you space cowboy.
– Baphomet
—–BEGIN PGP SIGNATURE—–iQIzBAEBCgAdFiEEwjntiyso/csN4SiV9wumY4m0ToYFAmQZTG0ACgkQ9wumY4m0
ToYtQw/+MoP3mciQmLH0lWcWLZwU1DW5OkyLMVYCOx44Hx49rWSqa/Q28+aTTjKf
Q5q33zLvlHHfB9+4jchCVdi8+D9Y0QvU2t4sc9zzF2vv2iQPUL2vg6xOThwTQeXW
cBye7zFZM0BLjkkjNqDPJffXvXfvXvZ+IuLGH8ddmzpWKbFEnx3FWmUKxBMR2JcE
53PHkiNtYfMi2qng98Xxu17stsP5Ow2rayLAWawbV0o2VULrgLJUpTwoxOZZ+qqL
YB6fF/mfSILjS3AJNOvAf8WrO4vfF/X//px7vhLdyJkMMBfoPO9wLJTVjXxadvOn
K5VrCE/vSpOGRaL0d8E6JJQ+8h/AOMMxdyGqztm1YQw0/wOlB6JqnQBS+LL+IpuR
jz5hMqVr97yuSkfyeOlO6uWT4jq5j2SdVO/SRV7MxctVQ1tMNkGElclS1/rJV1aj
IS8Ke/EVuiUTmMjRC7+k92xf8mZcCzOwqeOBatZUiFT5gbt/TrhO7BIf8+12ULO1
LDCR3lGQv6MZIy8+b3trRvt2tuMmP6oLoBo4CGXyvo8dh/oOfTLHeb0OXFe5JeZ7
LM9aQgtPuaBQ79fGBqv0u++WEyGBVb6DlKAxQ5MuAtvM9VnY6wt3vy+/2YiE0GHZ
z5kf7m4HlIUguJ0qbdfVlZjw2Qzrg+4oDI8IdwyclVcw6yNBHLI=
=kr1F
—–END PGP SIGNATURE—–
大家好。
这将是我对Breached的最后一次更新,因为我已决定将其关闭。我知道这个消息不会让任何人高兴,但这是唯一安全的决定,因为我已经确认了那些人(执法部门)可能有机会进入Pom的机器。
正如我在所有这一切的早期所说,任何与生产Breached基础设施有关的东西都被立即锁定了——但是,我很好地留下了一些旧的、非必要的服务器,完全没有改变。其中一个我没有改变的服务器是几个月前的一个旧CDN,它不再托管任何CDN文件或配置,而只是用来不时地下载大文件。
在整个迁移过程中,我检查了是否发生了任何会在迁移过程中引起关注的事情。其中一个被检查的服务器是上述的旧CDN服务器。似乎有人在我登录服务器之前,于美国东部时间3月19日1:34登录了。不幸的是,这很可能导致的结论是,有人访问了Pom的机器。我们使用的任何服务器都不会与其他人共享,所以有人必须知道该服务器的凭证才能登录。我现在觉得我被置于一个没有任何东西可以被认为是安全的位置,无论是我们的配置、源代码,还是关于我们用户的信息——这个列表是无止境的。 这意味着我无法确认论坛是否安全,而这从一开始就是一个主要目标。
至于现在这意味着什么,那就复杂了。 不像其他社区瘫痪,大家都散了,愚蠢的是我还会在这里。我将把所有的Breached域名重定向到我的baph.is域名。Telegram组和频道将暂时保留,但我将为那些有兴趣看到我接下来计划的人建立一个新的Telegram群组。我将永远愿意在信息上签名,以证明我在社区的身份。
虽然Breached社区将会消亡,但我将继续与过去几天联系我的一些竞争对手论坛管理员和各种服务运营商进行对话。 我希望与其中一些人合作,建立一个新的社区,它将拥有Breached的最佳功能,同时减少我们从未妥善解决的攻击面。 对于这样的事情,我毫不怀疑我们的用户群可能会被另一个社区吸收,但如果有足够的耐心,那么我希望能带回一些能与其他社区相媲美的东西,来取代Breached的位置。
从分享这个消息开始,我将用24小时来休息和思考。我将回到网上与大家交流,然后我们再继续。域名暂时不应该被扣押,但如果发生任何这种情况,我会让社区知道。
现在 – 太空牛仔再见。
在Baphomet决定关闭Breached论坛后,Twitter等社交平台引发了大量的讨论,许多网友认为:”Baphomet 说‘迁移’,但我猜 FBI 正在设置蜜罐“、”我知道他們在電視上說這將是維護,但任何時候任何論壇都會變成逮捕後的水坑攻擊“、”在陰暗論壇的歷史上,一旦他們背後的人得到了他們就成了 FBI 蜜罐,無一例外“、”我不太确定……联邦調查局以角色扮演而闻名,仍需要谨慎行事¯\༼ᴼ͜ᴼ༽/¯“。
Telegram群组的公告
大家好。请认为这是Breached的最后一次更新。
我将关闭论坛,因为我相信我们可以认为没有什么是安全的了。我知道每个人都希望论坛能正常运行,但是短期内的收益对于支持Breached的长期损失是没有价值的。
我想说明的是,虽然这个最初的公告并不积极,但这并不是结束。我将为那些想看下文的人建立另一个Telegram小组。你可以恨我,也可以不同意我的决定,但我保证接下来的事情会对我们所有人都更好。
正如所附信息中所述,请给我24小时的时间来休息,并考虑我们如何从这里继续前进。之后我将回到网上,我们再谈。我不会去任何地方。
请看我在这里的最后确认。
https://baph.is/finalupdate.txt.asc(目前404,已经换成https://baph.is/updates/)
目前,Breached论坛官方的Telegram群组的所有聊天记录已经清空,并且发布了关闭网站的公告。但是Telegram频道与群组均可以正常访问。
Breached论坛官方的Telegram群组:@breached_chat、@breachforums_chat
Breached论坛官方的Telegram频道:@breached、@breachforums
根据Intelligence X的消息,DNS记录显示,breached.vc域名的DNS记录现在包含一个带有数据“Baphomet is here”的TXT记录,证明Baphomet确实控制着Breached论坛的基础设施。
Baphomet即将创建的新的社区是什么,以及其准备建立一个新的Telegram群组地址是什么,“暗网下/AWX”将持续跟进。
更多暗网新闻动态,请关注“暗网下/AWX”。
Anwangxia.com原创文章,作者:anwangxia,如若转载,请注明出处:https://www.anwangxia.com/2460.html
Comments(1)
Pom is a hero.