RaidForums, one of the largest stolen data markets, has been closed

RaidForums, one of the largest stolen data markets, has been closed


European and US law enforcement have shut down RaidForums, a popular English-language online site where cybercriminals made available stolen personal data that others would later use for their fraud. "This domain has been seized" by the FBI, the secret services and the US Department of Justice, now reads a notice appearing on the site's home page. Europol was also involved in the operation that led to the closure of the site, called Torniquet.

The home page of Raid Forums

Launched in 2015, RaidForums was considered one of the largest forums for cybercriminals around the world. According to cyber threat intelligence company Recorded Future, the site had more than 530,000 registered members and was a powerful tool among low-to-mid-level cybercriminals thanks to the fact that it was accessible in the clear and not just via a browser like Tor. . The site published infringing datasets with sensitive information such as credit card or bank account numbers, usernames and passwords associated with online accounts.

Investigators found that RaidForums monetized by offering different levels of membership, up to for 10 euros, to access some chat rooms. Members could purchase credits which allowed them to unlock and download sensitive information. Users could also earn these credits by posting instructions on how to conduct data breaches and other attacks.

RaidForums alleged founder, 21-year-old Diogo Santos Coelho - known on the site as Omnipotent and Download - was arrested in the Kingdom United on January 31 and remains in custody pending extradition to the United States. There he is accused, among other charges, of conspiracy and aggravated identity theft.

The closure of RaidForums "disrupts one of the main ways that cybercriminals profit from the large-scale theft of sensitive personal and financial information," US Deputy Attorney General Kenneth Polite said in a written statement . For his part, the head of Europol's European Cybercrime Center, Edvardas Šileris, said the European agency "will continue to work with its international partners to make cybercrime more difficult and risky to commit". The seizure of the RaidForums site is only the latest operation against the online criminal markets. In early April, German police seized the servers of Hydra, a popular Russian connected darknet that has had $ 5 billion in transactions since 2015.

RaidForums hacking forum take offline and founder indicted

The RaidForums hacking forum has been taken offline and its founder indicted as part of an international effort to target the popular hacking site.

RaidForums was not a darknet site, one available only using special software, but instead existed on the regular internet. Although it offered a variety of illegal services, it was best known for trading in stolen credentials.

The Justice Department claims that RaidForums members used the platform to provide for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the U.S. and internationally. At the time of its founding in 2015, RaidForums also operated as an online venue for organizing and supporting forms of electronic harassment, including raiding, the practice of posting or sending an overwhelming volume of contact to a victim’s online communications medium, and swatting, which involves making prank calls to emergency services about ongoing critical incidents to get them to visit an address unnecessarily., along with and domains used by the site, were seized by the U.S. Department of Justice with the image above now appearing where the forum once resided. The founder of RaidForums, Diogo Santos Coelho of Portugal, was arrested in the U.K. on Jan. 31 and now faces extradition to the U.S.

Coelho is facing six counts for his operation of RaidForums, including conspiracy, access device fraud and aggravated identify theft. It’s alleged that Coelho both personally sold stolen data on the platform and directly facilitated illicit transactions by operating a fee-based “Official Middleman” service.

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it and as a warning to those cybercriminals who participated in these types of nefarious activities,” Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia, said in a statement today. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

The Justice Department claims that the takedown will prevent RaidForums members from using the platform to traffic in data stolen from corporations, universities, and governmental entities in the United States and elsewhere. However, every takedown like this is typically a game of Whac-A-Mole: Take one website down and three others will take their place.

“I question the long-term impact of this action on the cybercriminal industry,” Casey Ellis, founder and chief technology officer at crowdsourced cybersecurity company Bugcrowd Inc., told SiliconANGLE. “Cybercrime and its supporting criminal services are, by and large, incredibly successful and profitable for those who operate them and business models like this tend to find a way to continue to exist.”

Ellis added that “the counterintuitive consequence of this action is that it essentially burns a valuable tool used by those in cyberthreat intelligence, who infiltrate forums like this one, build fake personas and use them to gather tactical breach and risk intelligence.”

Chris Morgan, senior cyberthreat intelligence analyst at digital risk protection solutions firm Digital Shadows Ltd. noted that with the takedown of RaidForums, there will be a natural power vacuum within the cybercriminal community, with many of Raid’s membership likely to flock to alternative platforms.

“The takedown of Raidforums is unlikely to result in a major disruption to overall cybercriminal activity; cybercriminals are well versed to platforms being taken down by law enforcement agencies and so they remain agile and fluid as to where their next forum of choice is likely to pop up,” Morgan explained. “There are already numerous forums that have a foundation to act as a home for the RaidForums community, many which appear to have been styled and constructed in a similar fashion.”

John Bambenek, principal Threat Hunter at It service management company Netenrich Inc., said there will always be a need for criminals to have some form of black market.

“The seizure of an individual forum will not have much long-term impact, but if the Justice Department can keep up the pace of operations against many of these forums, it will provide a very strong disruption to the overall cybercrime ecosystem,” Bambenek said. “Just like a crime wave is not solved with individual prosecutions, cybercrime is no different.”

Image: RaidForums/Justice DepartmentShow your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.