On February 25, 2022, the Department of Justice of the United States with the Federal Bureau of Investigation, the United States Secret Service, and the Internal Revenue Service Criminal Investigation in cooperation with Europol Joint Cybercrime Action Task Force, the United Kingdom’s National Crime Agency, the Swedish Police Authority, the Romanian National Police, and other law enforcement agencies seized the Internet domains1 related to RaidForums, one of the most well-known hacker forums in the world. RaidForums used to be a place to buy and sell stolen personal information and credentials to hacked devices, accounts, and networks.
The operation was named “Tourniquet” and involved an investigation culminating in the seizure of the RaidForums website and detention of its administrator in South London. All the seized domains, namely raidforums[.]com, rf[.]ws, and raid[.]lol, are associated with the forum.
The founder and administrator of the hacker club, Diogo Santos Coelho, is waiting for extradition to the United States. The man is a 21-year-old citizen of Portugal, also known as “Omnipotent.” The arrest took place on January 31, 2022. Authorities incriminate “Omnipotent” for access device fraud, aggravated identity theft, access device fraud, and conspiracy.
Besides that, the Department of Justice also charges Coelho for paid middleman service in money transactions on the forum. The young criminal promoted security and trust on the platform allowing buyers to check the smuggled data they were buying and sellers to verify the buyer’s money before the purchase actually took place.
According to the Europol report, the apprehension of Coelho and shutting down the RaidForums was a result of a year of preparations.
On February 25, when the law enforcers took care of RaidForums, the platform was offline. Considering technical problems users of the forum experienced about a fortnight before the seizure, police seemingly had access to the website’s infrastructure for at least two weeks.
Diogo Santos Coelho was away from home at the beginning of February. By February 12, as the forum was back online, its owner didn’t comment on the outages that had happened before. He had not made any public statements before he was apprehended.
Over seven years of its existence, the forum has accumulated around half a million registered users. The data that has become a stolen commodity on RaidForums amounts to 10 billion unique records. The injured party consists of people from all around the world.
Among the piles of personal data sold on the platform in question, one could catch credit card and bank account details, routing information, social security numbers, driving license information, and, eventually, username/password combos for various Internet accounts.
Among the victims whose data ended up on the RaidForums market were large British corporations belonging to many different industries2. Hackers managed to use various exploits that have emerged last years. Leaks and phishing campaigns were also the sources of the stolen data.
The forum used to be a haven for digital harassers, or raiders, whose craft was piling victims with an enormous number of messages. Such “raiding” is whence the forum’s name.
There was another way RaidForums generated money, namely the level-based subscription system. To access more valuable data, users had to pay for higher-tier subscriptions. The same went for sellers. To put massive volumes of data for sale, the traders also had to pay. The levels of loyalty were called “free,” “VIP,” “MVP,” and “God.”
Moreover, forum residents were allowed to earn credits by doing some “socially” beneficial work, for example, writing tips and instructions for newbie hackers.
Europol’s representative explained that it is efficient to scatter the evil-doers by striking their hot spot. It is the best strategy when fighting cybercrimes. It is unlikely to catch all hackers, but it is realistic to lower the harm they bring by destroying their web platform.
The seizure of RaidForums is one of the battles won in the war against hackers initiated by the United States’ authorities and supported by their European colleagues. Among the recent successful operations, there was shutting down Hydra, one of the world’s largest darknet marketplaces that sold illegal goods for post-USSR countries.
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.
User Review( votes)