No matter what, the FBI will search through each piece of evidence for a clue. Even if that was some random email not linked to him, they have subpoenas ready for google for anything linked to what he says.
Its not about genius, with perfect opsec, its straight up impossible to catch anyone on the internet. A mistake is basically a requirement to catch somebody like pom
it goes actually a lot deeper than that, you gotta keep up appearances (look like a normie user with your kinda real identity) so that the gov thinks you among the good goy sheeple herd ;)
Pom's gross negligence aside, can we take a moment to discuss Baphomet's top notch OpSec? - Revokes Pom's admin access based on the fact that he has been inactive longer than usual without notice - Decided to scrap the site altogether based on a single suspicious log - Zero assumptions Whatever BF alternative Baphomet ends up working out is sure as hell going to be tough to take down if he is going to be the main admin.
Wouldn't call it top notch. Maybe next time Baphomet takes an effort to not store activity logs on the server for months. That database probably deanonimized plenty of other sloppy teenage hackers.
@@Steelrat1994 I mean thats opsec in the blackhat world for you. If you trust a third-party to keep your Identity safe you're already off to a bad start.
@@wlockuz4467 I mean, sure, the users implicitly accepted that risk for the convenience. But people also make mistakes all the time. If he cared about the safety of their service, he could've spent half an hour to set up a job to purge the logs.
@@Steelrat1994 Users should assume that whatever info they give to a blackhat site is going straight to your friendly local LEO, a la a honeypot. The site can try its best, but it's the end user's responsibility to keep safe. If activity logs, unseeded password hashes, or the user db could deanonymize you, you're being careless.
"How did this guy, who brands himself using a hello kitty character, rise to become one of the most famous personalities in the cyber criminal underworld?" Now that's a wild sentence
A lot of these hackers and scammers are tech-savvy but not street savvy. Most of these guys are not career criminals so they don't have a lot of emotional intelligence. That's how they get caught.
>made opsec mistakes >tech-savvy Lil bro did you use all 3 of your brain cells to write this comment This has nothing to do with emotional intelligence or being "streets-smart" Tell me you didn't watch the video without telling me you didn't watch the video
@@Tophatjones358 It can easily be true. When you have to run extremely strict op-sec procedures 24/7 all by yourself, you are bound to make a mistake once in a while. You are a human afterall, and you cannot stop being a human and making human mistakes.
Also, who the hell keeps activity logs in a nice neat SQL database for over half a year long for the FBI to grab? Those should've been purged automatically or never stored at all.
The whole thing shows just how stupid some people can be. It’s because he was a 20 year old kid loving the fame imo. He got reckless. Probably wanted to chat with someone and ended up getting himself caught. 1. Used real email…COME ON! 2. Wasn’t using auto-connect on the VPN? What?! Wasn’t using Tor? What?! Then to mess with a three letter agency…Oof. It wasn’t even like it took thousands of man hours and millions of dollars to get him. Real email, real IP. What. They probably sat on the information for a year and didn’t really care until he hacked them.
@@BallisticTip this seems to be a common theme with big criminals and the reason why so few of them last any amount of time. Their egos just outstrip any sense of paranoia or rational ability to make decisions and they end up gifting themselves to the agencies on silver platters.
@@BallisticTip Exactly. The FBI can find anyone if they really wanted to. It's just that some people have greater priority than others. In this case Pom brought himself to the top of list by messing with the FBI
To be fair, I'm running a public web forum and only after migrating to a new forum software this year there finally was an builtin option to automatically rotate and wipe those. Before that, there were logs and IP addresses attached to everything, going back to 2008.
Thanks a bunch for including your sponsored segment at the end. Its a breath of fresh air to watch a video without being slammed by a long drawn out intro, followed by a scripted sponsorship segment.
I'd be fine with multiple 5 second mentions throughout as well, just short enough where i don't feel the need to skip and needing to actively go to the video and look for the next segment. As long as content runs for like at least a couple minutes inbetween sponsor mentions i'd be fine.
@@thorn9382 boomers aren’t inept enough to consummate with the technology, but that’s stating the obvious. Just goes to show you how easy it will be for our future youth to bond w AI
Non-politically affiliated hackers are usually smart and bored self-taught programming teenagers to very young adults who have a lot of free time, or at least start that way, and more time talking to internet people rather than face to face. I know because I was one of them, and while I was part of the scene a bit, I never did anything outright illegal or dealing with money because I didn't want to risk jail time. I had the opportunity several times, though. Fun times, now I'm adult with a full time programming job and don't have so much free time. I'll still dick around with game hacking sometimes.
@@Seytonic I really can't be too mad at you but some people are really getting the wrong idea about this kind of stuff. While this was a win in theory, was it really a win or is everyone just fooling themselves. Something to think about.
@@evandrofilipe1526 I'm just curious - besides entertaining stories, what else has Pom actually contributed to your life? It's a rhetorical question. All he contributed to the average person's life is a good story to read about hacking. If you can think of anything else, let me know. I'm curious. From what I know scammers are the main customers of breached data. Normal, everyday working people are losing time and money due to these breached database sellers/leaks. How are they going to see Pom's arrest as anything but good? Trolling the FBI really doesn't achieve anything at all. He could have done a disclosure and possibly been paid or offered an FBI job. If you think he actually achieved something good sending those joke emails through FBI's email please let me know because I'm confused. I'm still trying to come up with a single positive thing Pom contributed to the average person besides a good story to read. Otherwise he was the reason for many peoples accounts being hacked. How do you expect people to see this?
@@Cary You me, seytonic and anyone else except pom have no idea how pom feels. I actually really hate how smug everyone is here making lots of assumptions acting like know it alls. Especially when if you think about it, not only do hackers give us an explicit motivation to protect data, you have to realise that the normal person doesn't opsec as hard as a hacker and therefore the authorities and by extension the government know a scary amount about individual people but even worse, the whole population in general. This has big implications and everyone here is talking about "haha, dumb hacker, shouldn't have done that". In fact, I'm so outraged by this attitude, I'm going to make an actual comment.
a lot of people don't realise that no matter how big you see yourself as a 20 gram of metal traveling at 300 meters per second is enough to shut you down permanently
I was involved in hacking many years ago, long enough that I owned a bluebox and was involved in the Mattel hack where we got control of their voicemail and WATS line. Friend of mine flew too close to the sun and got caught. He was looking at 20+ years, and he was offered a deal to work for the other side, earning a six figure income securing military servers with an indefinitely suspended sentence. I'm sure Pom will be fine.
what country was this in? I've heard similar stories from people living in the UK or other developed european countries, meanwhile in the US people are very rarely ever given any second chances, even after serving their sentence. Maybe things have changed, or maybe some states are better but seems unlikely
@@Seytonic Hey, do you think you can do a video about pico ducky or something similar, as I know you sell usb rubber duckies so you might be interested in making a video about a pico-ducky.
pompompurin joined my friends matrix room dedicated for posting cat images just a few days before he got arrested we are imagining a federal agent frantically looking through the cat images and videos looking for intelligence
It's amazing how people can build such massive complex systems of illegal activity and not have any common sense when it comes to speaking to others online or using clean emails/identities online.
It's just tiresome, I don't think common sense has anything to do with it per se. I'm nowhere near as great of a hacker as PomPom is, but I know that it takes a lot of discipline and energy to constantly be aware and keep track of everything you do. Laziness and opportunism is something that affects all people. One slip up and it is game over, and it's not an easy feat to NEVER slip up. I honestly think that 99.9% of hackers slip up, however, most aren't caught because they're too far down the totem pole and thus aren't interesting or are simply lucky.
Honestly it doesnt surprise me that a lot of cyber criminals are either in their early 20s or are just teens I dont think cybercrime is really something hard to do its just that we realize how stupid it is to do it while they are too young to actually think about it
Real cybercrime is definitely hard to do. What most people think of as "cybercrime " is downloading a script that hacks shit, those are script kiddies and not even local law enforcement gives a fuck about them, real hacking takes years and usually starts with being a script kiddie
@@lydellackerman800 well by definition it is cyber crime with yeah i agree most of them are just script kids or they just use social enginearing The only ones who actually use hacking and malware to do crime are either big cybercrime organizations that we dont hear a lot because they dont let fame get over their heads or they are goverment hacker groups
its much much easier to learn thesedays with the abundant access to information online. If you were a child in the 90s it too difficult to obtain, not accesable to children or you had to be in the right circles and this is assuming you have the where with all to pull it off, Gen Z has been spoiled rotten with information here. Anyone can be a hacker really thesedays, you just need time and maybe boatloads of rage.
@@wingit7602 that's a small part, but I can google sql injection and still not break into anything, it's about being able to think how other people can't. For example, you aren't going to crack into a program by doing something everybody knows about, you will most likely need to find an exploit that hasn't been found, that can't be taught
Bro literally exposed himself. If he just made up a fake email (not his real one) he could've avoided this. Funny how the biggest black hat hacker made a basic mistake even beginners don't make!
It have had to be an email that was used to make an account for that leaked keyboard app, and it had to be one of the ones that was not included in the leak post.
@@Rust_Rust_Rust Just watch the video again. The point is he couldn't have made a new email on the spot as it would not have served the purpose he was looking for.
Now in my '50s, it was fun growing up in the era where law enforcement had not caught up to cyber (as we now call it) crime. I knew guys who got away with crazy stuff.
United States can hack other countries and whoever they want with no legal issues. If you work for them in their interest it’s OK, if not you’re fucked lol. Soft power is no joke
2:55 Man, this is ridiculous. I guess this shows how you should never, ever post PII, even if you think you can socially engineer people into ignoring it. Especially if you have something to hide.
He probably made 100 different mistakes that the FBI could use, but they choose to explain the most obvious one so there's no complicated stuff for judges to understand. >"He shared an email with his real name" , "He logged in as Pompompourin in his dad's computer".
Caused tens of millions of dollars in damage, ran a forum dedicated to stealing and selling personal information, stole and sold personal information, hacked the FBI twice and sold their data, went on multi year long slander campains against innocent individuals, doxed people he didn't like, even hacking the national center for missing or exploited children. Those are just some of the more notable things. I don't see how 20 years is that unreasonable, but it will almost certainly be less.
Pom not only had clashes with researchers, but other hackers too, most notably the Uber/GTA6 hacker. His capture is good I guess, but I will miss the entertainment
I'm not going to lie, if the law didn't find his identity, one of his less than savory "friends"/ex-"friends" would probably have snitched. Pretty sure react and j0 both knew who he was. React knew for sure.
@@swarooprajpurohit110 Teen hackers are a lot more common than you think. Fact is, info on how to be a hacker is all over the web, you just need to be a smart little cookie and spend all your time in front of a computer. Which is not hard at all if you're genuinely interested.
@@swarooprajpurohit110 when you start doing something at a really Young age, your brain become really good at it; more Experience, and the younger you are and the more your brain can fit on this new mentality
@@swarooprajpurohit110 XSS, sql injection, running a forum is not really "hacking". It's not like the guy was reverse engineering obfuscated binaries while on a CTF clock.
Truth is very few people are skilled enough to know cybersecurity, digital forensics, and things of the like to actually fully avoid law enforcement. Most of these people are just kids, script kiddies who stumbled upon a community that accepted them and which they made easy money, and their youth/ lack of experience gets them caught
@@Samir-rd8xp He maybe wasn't a script kiddie, but none of his hacks were particularly advanced. Like the FBI email hack, what happened is the body of the email was constructed in your web browser. So you can just modify that to be whatever you want. The other FBI hack, it was a place where owners of important infrastructure (water, electric, gas, etc) could make an account and talk about whatever they talk about. He just pretended to be somebody else, made an account, and downloaded as much data as he could. His hacks weren't that advanced, but I think he made up for this by spending copious amounts of time looking for vulnerabilities. If being inactive for 24hrs made everyone think he was arrested, he must have been online hours and hours every day looking for vulnerabilities.
@@sa1t938 I used to sit in Xbox 360 parties with people who exploited websites using XSS or SQL injection tools or doxed/swatted people and jacked gamertags and all they seemed to do is talk about that nonstop and occasionally load up a match. They were always online and often did it for fun or reputation. Many were in crews what they usually called them.
Keep in mind that the newly released evidence does not confirm on deny whether the database has been breached, as his ISP's data alone could have been, and presumably would have been, subpoenaed and scanned for any direct access to anything related to Breach. Of course, everyone should and always should have treated such a forum like all data was inherently unsafe and insecure. But one cannot definitively make the claim you did that the data was breached by law enforcement with current publicly available information.
its hard to keep your irl and online identities separated as life goes on i think we should all have a second device for the other identities with the necessary security measurements built-in to keep it disconnected from you at all cost
So glad he finally got caught, hackers need to be a bigger focus of law enforcement. Being a troll in addition to being a criminal just makes him even more unlikeable..
@@randy55six Am I on the wrong video or is this Pom not a thief? We still talking about the same guy? I think people are allowed to despise that part.
- never use your real name anywhere, for any reason, in the internet -dont use the same device for clearnet, or deep/hidden net, or other activities -always use a vpn -be prepared to destroy/erase/abandon a device/account at a moments notice -repetition leaves traces -passwords should always be 20 plus characters -wipe your dirty drives clean once in a while -change your ip adress regularly -keep all devices disconnected from your network when not in use -keep your mouth shut
Why would you even save the IP connection logs for your illegal site…. Just don’t save logs in an easily available database for law enforcement to seize
The guy made an extremely basic opsec mistake, but he was making so much noise and had such a large ego that it was inevitable that he would get caught. If you want to stay in the shadows you really shouldn’t be playing with luminescent paint.
A guy with the profile picture of some kids cartoon character and the name “pompompurin” must mean business. That must be some fucking serious guy alright.
I’m just amazed that both of these forums apparently keep any sort of long-term database. That shit shouldn’t last more than a week tops before getting formatted.
Wow i even saw Bjorka the hacker that leaked indonesia private information as a indonesian i feel very suprised that these people is doing such things to ruin people my future job is helping track this hackers and give them punishments.
I always thought that you need to have really good opsec to do stuff like that, but it seems that all you need is to have your ego under control and not being stupid
hope you learned your lesson on not to use any emails, or using your own CC or Crypto, unless its monero, that link back to you. now I'm dumb enough that I used my ISP's IP when I signed up 🙃 Can't wait to meet the FBI at my door lmao
Funny how everyone knows it better and yes the mistake was dumb, but I’m sure sooner or later everyone would do such a mistake, either a not working killswitch or most likely laziness- the biggest opsec enemy
I only clicked on this because I like Pompompurin the Sanrio character. It's very interesting, but it's also very fun to imagine you all are talking about the character.
When you're too smart as a cyber criminal, but lack the street smart or decent common sense to actually think it's not a good idea to say "oh yea that's not my e-mail or anything, and totally doesn't contain my real name".
