.svg?width=185&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Home"){kind=logo}
.svg?width=13&quality=80&auto=webp&format=auto&cache=true&immutable=true&cache-control=max-age%3D31536000 "Top Navigation - Sign in - Icon")
In this episode, Susie Evershed is joined by Rebecca Taylor, Knowledge Manager in the Sophos Counter Threat Unit, to unpack the recent arrest of British national Kai West, known online as IntelBroker, charged with multiple cyber offenses by the U.S. Department of Justice.
Video Summary: Inside Breach Forums and the Arrest of "IntelBroker"
00:03 Introduction
Welcome to our Cyber Shorts series with Sophos, a LinkedIn series designed to bring you insights into trending cybersecurity topics.
Following Sophos’ acquisition of Secureworks, including the Counter Threat Unit, we’re sharing threat intelligence insights to help organizations better understand and defend against cyber threats.
00:29 Meet the speakers
I’m Susie Evershed, joined by Rebecca Taylor, Knowledge Manager in the Southwest Counter Threat Unit.
Today’s discussion focuses on a major developing story in the cybercrime landscape.
00:37 IntelBroker background
The U.S. Department of Justice has charged British national Kai West, also known as “IntelBroker,” with multiple cyber offenses.
Active since at least 2021, IntelBroker built a reputation for selling high-profile stolen data on Breach Forums, with links to breaches involving organizations like Europol, Cisco, Apple, and Deloitte.
01:26 Role in Breach Forums
IntelBroker was not only a prolific seller but also an administrator of BreachForums, a major underground marketplace for stolen data, malware, and cybercrime services.
The platform functions as both a marketplace and a community space for threat actors to collaborate and operate.
02:05 Arrest and law enforcement action
Although recently announced, the arrest of Kai West took place in France earlier this year, with authorities now working toward extradition to the United States.
This marks another significant action in ongoing global efforts to disrupt cybercrime networks.
02:27 History of Breach Forums
Breach Forums has experienced repeated takedowns and revivals, including disruptions from law enforcement operations like Operation Tornado.
The platform has changed ownership and structure multiple times, raising trust issues within the cybercriminal community.
03:33 Origins and evolution
The forum originated from Raid Forums, a space initially tied to gaming communities that evolved into a hub for data leaks, account sharing, and illicit activity.
Over time, it has grown into one of the most prominent cybercrime marketplaces.
04:06 Arrests and risks for admins
Multiple administrators and key figures associated with Breach Forums have been arrested in recent years, highlighting the increasing risks of operating such platforms.
These actions demonstrate that law enforcement is actively monitoring and targeting these spaces.
04:37 Impact on cybercrime activity
Increased law enforcement pressure is changing behavior across the cybercriminal ecosystem.
Threat actors are becoming more cautious, focusing on operational security (OpSec) and verifying identities within their networks.
05:29 Migration and resilience
Cybercriminals are shifting to alternative platforms and even social media to maintain activity and visibility.
Despite repeated takedowns, communities like Breach Forums are resilient and often reappear under new leadership or branding.
06:07 Future outlook
While Breach Forums may return in a different form, its data and infrastructure are already circulating, enabling potential relaunches.
This suggests that disruption efforts create friction but rarely eliminate these ecosystems entirely.
06:21 Closing
Thank you for joining us on Cyber Shorts.
Stay tuned for more insights, and be sure to follow our blog and social channels for the latest threat intelligence updates.