Интервью с Кметой

DD - интервьювер.

K - Kmeta

DD: Let’s start out with “who are you?” Who is taking responsibility for doxing all these people?

K: Kmeta. I am Kmeta.

DD: When I first interviewed you as “Impotent” last year, you told me that “Kmeta” was one of your monikers. Is Kmeta just you, or is Kmeta a group or….?

K: Kmeta is a group of people. The other person you have spoken to is a member of the group.

DD: Why have you doxed the specific people you have doxed?

K: No reason. We also plan to release doxes on a lot of valuable high-repped users, but there is nothing personal towards most users.

DD: You have been bad-mouthing and attacking BreachForums for more than a year now, as far as DataBreaches has noticed. Are you trying to destroy BreachForums because you see them as a competitor or for some other reason? Or aren’t you trying to destroy them?

K: The time has come that the legacy of BreachForums has to stop. Four user databases’ backups are floating around: Raidforums, Breached of Pom, and now two are floating of the copycat forum [BreachForums[.]st]. It puts many in danger. It is just awful to think about how Pom sold the 230k+ users for less than 0.01 USD per person. YES! He valued you at less than a cent.

DD: You just claimed that the owner of Breached[.]vc [Conor Fitzpatrick, aka “Pompompurin”] sold users’ data. Some readers of DataBreaches.net may be unaware of claims the data was sold for $4k (USD). Can you be more specific?

K: Yes. Pompompurin sold the data of 220k users for 4k, he valued his users at $0.01 each.

DataBreaches notes that after the owner (“Pompompurin”) of Breached[.]vc was arrested, he allegedly reached out to try to sell the user database for $4k. The database was later leaked. In discussing the alleged sale and subsequent leak of that database, the Telegram user known as “Emo” alleged:

If you are annoyed at the fact the database was leaked then here is a list of everyone involved in the circulation of the database:

https://bf.based.re/search/pompompurin

https://bf.based.re/search/dedale (A/K/A iTrxpzz/gliz/breached_db_person)

https://bf.based.re/search/emo (me)

https://bf.based.re/search/killkikes (@mxdelyn)

https://bf.based.re/search/shinyhunters

https://bf.based.re/search/mary (A/K/A g0re)

https://bf.based.re/search/KmetaNaEvropa (@BalkanPartyClub)

https://bf.based.re/search/RoyalNavy (A/K/A USDoD)]

Significantly, perhaps, the Breached[.]vc user database wasn’t the first user database that Kmeta was involved in leaking. The RaidForums user database had previously been leaked on Exposed[.]vc. 

DD: If they hadn’t already realized the risk of using BreachForums after the RaidForums database was leaked and after the Breached[.]vc user database was sold and leaked, do you really think doxing users will get them to understand that BreachForums is not a secure forum for people who are engaging in illegal activities?

DD: So how did you find the identity information and details that you included in these doxes? What sources and methods did you use?

K: I used mostly the leaked data sets. They are a piece of cake. And fun fact is some users who registered on breached[.]vc with their personal gmail and with a self hosted vpn or none tend to now change their opsec tactics in BreachForums 2, as much as they don’t realize that any time they clicked on the mouse, they left a footprint. A footprint that will stay for years online.

DD: There’s a short thread on BreachForums about the doxing in which a user called “Taken” commented: “i think lik if u werent registered 2y ago they dont rlly have much matyerial.” Is that an accurate guess?

K: They are right. Not really much material but still some material. Nothing is forever. Every database someday gets leaked, and you, my friend, can be in it. And yes, some people are newly registered. But some are such idiots that a username is enough to start with.

DD: How confident are you that you have accurately identified people in those cases where you provide real names or photos?

K: I don’t need to be confident when I see facts. It’s simple OSINT. Imagine you dipped a mouse in paint. How likely is it that there is another mouse in the paint leaving footprints?

DD: Considering I was doxed on one of the forums, and it was seriously inaccurate, it may be simple OSINT, but that doesn’t mean everyone produces an accurate dox.

K: I am sorry, but you were doxed by a clown named Sheriff, the same guy who has a hard time using FTP. Please don’t insult me.

DD: So, how hard is it to dox someone? Can you give me some sense of how long it took you to get each person’s dox?

K: For some people it takes quite a while, but for some people it takes one simple lookup with the most basic engines to get an understanding of who he is.

DD: You make it sound relatively easy. Have there been any individuals that you have found more challenging or difficult to dox?

K: Some people are quite hard to dox, but BreachForum users are especially easy because I have a really good starting point for 3-4 records on cybercrime databases, and dozens on other services or platforms.

DD: Although I see some moderators listed, the people whose doxes you have already released are not the most prominent or powerful people. Have you also doxed past and current owners as well as moderators?

K: “No comment” on who is next to be posted, but we do plan to release the doxes of many other users, including staff teams.

DataBreaches notes that info from the Breached[.vc] database was already posted on BreachForums in July for the current owner of the former and two moderators. At the time, the forum owner responded, “i already seen it , i got no thing to worry about :P”  

DD: Do you have any concerns that any of the people you doxed might seek revenge on you online or offline?

K: I think they should seek revenge on the staff team, not on me. I just compile the information they left out in danger.

DD: Some of the people you doxed may be very young kids. Do you have any concerns or regrets about creating this kind of digital footprint that might follow them when they are older?

K: No, I do not.

DD: Do you have any concerns or regrets about actually outing people by their real names if it leads to the arrest of kids or young teens?

K: No, I do not.

DD: Why don’t you have any regrets or concerns about either?

K: I think you know me well enough to know that my moral compass is not really working.

DD: If someone sees what you’ve done and is now concerned for their own safety, what should they do to protect themselves — or are they just sitting ducks and there’s nothing they can do?

K: I do not know what they should do. It’s never too late for a fresh start. But I would suggest that next time, do not register on BreachForums.

DD: If someone is afraid you have doxed them and will release it, or that you may dox them, can they pay you a fee not to release their dox or to dox them?

K: Actually already as of the time of writing, two people contacted me to ask if they can be assured they won’t be posted. No, there is no way to get out of it. If you are unlucky, then you just eat what you planted.

DD: If you decline a monetary inducement not to dox or release a dox, is there anything they could do to persuade you not to dox them or to release their dox?

K: Well, it depends on the situation. And just to let your readers know, I did not ransom DataBreaches for this interview haha. If people want to contact me about their dox, they can reach me at https://kmeta[.]vc.

DD: Is there anything I haven’t asked you that you wish I had asked you?

K: No.

DD: Okay. Thank you for your time.