The United States has taken over the domain of what it calls “one of the largest hacker forums in the world” and indicted its founder, the Justice Department announced on Tuesday. A notice on RaidForums.com indicates that the domain has been seized by the FBI, the Secret Service and the Department of Justice. Europol and law enforcement agencies from Sweden, Romania, Portugal, Germany and the UK were also involved.
RaidForums founder and chief administrator Diogo Santos Coelho, a 21-year-old Portuguese, was arrested in the UK on January 31 and is in custody pending the outcome of extradition proceedings. The case in U.S. District Court for the Eastern District of Virginia was released on Monday. Two accomplices were also arrested, according to Europol.
Founded in 2015, “RaidForums has served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing victims’ sensitive personal and financial information in the United States and elsewhere, including bank routing and stolen account numbers, credit card information, login credentials, and social security numbers,” the DOJ said. weeks of speculation about what may have happened to the site, which mysteriously went unresponsive towards the end of February.”
Security journalist Brian Krebs wrote that “the ‘raid’ in RaidForums is a nod to the community’s humble beginnings in 2015, when it was primarily an online place to organizing and supporting various forms of electronic harassment. But over the years, as the trade in hacked databases has grown into big business, RaidForums has become the go-to place for English-speaking hackers to peddle their wares.” Krebs’ article stated that “the FBI secretly operated the RaidForums website for weeks” prior to the seizure.
Hundreds of databases with stolen data
The DOJ said it also seized the associated Rf.ws and Raid.lol domains. The DOJ announcement said:
Prior to its seizure, RaidForums members used the platform to offer for sale hundreds of stolen databases containing more than 10 billion unique records for individuals residing in the United States and internationally. At the time of its creation in 2015, RaidForums also functioned as an online place to organize and support forms of electronic harassment, including “raiding” – by posting or sending an overwhelming volume of contacts to the online communication medium of a victim – or by “swatting”. — the practice of making false reports to public security agencies about situations that would require a significant and immediate armed response from law enforcement.
In 2019, hackers from RaidForums hacked rival hacking forum site Cracked.to and released data for more than 321,000 of its members, Ars reported at the time. Later that year, after a hack of cryptocurrency wallet service GateHub, a database containing personal information for 1.4 million accounts was published on RaidForums.
Databases offered for sale on RaidForums included “usernames and associated passwords for access to user accounts issued by an e-commerce company in the United States”, names of user and passwords for “online customer accounts issued by a major broadcast and cable company in the United States,” and private account information for a “major telecommunications company and a wireless network that provides services in the United States,” Coelho’s newly unsealed indictment said. The telecommunications breach appears to be last year’s involving T-Mobile.
Coleho and his co-conspirators “would have designed and administered the platform’s software and IT infrastructure, established and enforced rules for its users, and created and managed sections of the website devoted to promoting the purchase and the sale of contraband, including a sub-forum titled ‘Leaks Market’ which describes itself as ‘[a] place to buy/sell/trade databases and leaks,” the DOJ said. More details are available in an affidavit filed by an assistant U.S. attorney.