RaidForums gets raided, alleged admin arrested

The U.S. Division of Justice (DOJ) talked about today it seized the web sites and user database for RaidForums, an extraordinarily in vogue English-language cybercrime discussion board that sold entry to greater than 10 billion person data stolen in about a of the sphere’s ultimate knowledge breaches since 2015. The DOJ additionally charged the alleged administrator of RaidForums — 21-three hundred and sixty five days-extinct Diogo Santos Coelho, of Portugal — with six criminal counts, along side conspiracy, entry machine fraud and aggravated identity theft.

The “raid” in RaidForums is a nod to the community’s humble beginnings in 2015, when it was as soon as basically a web-based venue for organizing and supporting varied forms of digital harassment. Primarily basically based fully on the DOJ, that early inform included ‘raiding‘ — posting or sending an overwhelming volume of contact to a victim’s online communications medium — and ‘swatting,’ the apply of making fraudulent reports to public safety companies of cases that may possibly well per chance necessitate a huge, and rapid armed law enforcement response.”

However over time as procuring and selling in hacked databases grew to alter into substantial commercial, RaidForums emerged because the gallop-to region for English-talking hackers to peddle their wares. In all probability essentially the most bustling marketplace within RaidForums was as soon as its “Leaks Market,” which described itself as a region to secure, sell, and replace hacked databases and leaks.

The authorities alleges Coelho and his discussion board administrator identity “All-mighty” profited from the illicit inform on the platform by charging “escalating prices for membership tiers that supplied greater entry and aspects, along side a high-tier ‘God’ membership position.”

“RaidForums additionally sold ‘credits’ that supplied individuals entry to privileged areas of the web sites and enabled individuals to ‘free up’ and download stolen financial knowledge, methodology of identification, and data from compromised databases, among diversified items,” the DOJ talked about in a written assertion. “People may possibly well per chance additionally construct credits thru diversified methodology, fair like by posting instructions on easy systems to commit sure illegal acts.”

Prosecutors inform Coelho additionally in my conception sold stolen knowledge on the platform, and that All-mighty straight away facilitated illicit transactions by working a rate-basically basically based “Real Middleman” provider, a more or much less escrow or insurance protection provider that denizens of RaidForums had been encouraged to make inform of when transacting with diversified criminals.

Investigators described a pair of cases wherein undercover federal agents or confidential informants weak All-mighty’s escrow provider to secure huge tranches of data from one among Coelho’s alternate user  identities — that methodology Coelho no longer handiest sold knowledge he’d in my conception hacked but additionally extra profited by insisting the transactions had been dealt with thru his private middleman provider.

No longer all of these undercover buys went as deliberate. One incident described in an affidavit by prosecutors (PDF) seems linked to the sale of tens of hundreds and hundreds of person data stolen final three hundred and sixty five days from T-Mobile, even supposing the authorities refers to the victim handiest as a serious telecommunications company and wi-fi community operator in the United States.

On Aug. 11, 2021, a person using the moniker “SubVirt” posted on RaidForums an offer to sell Social Safety numbers, dates of starting up and diversified data on greater than 120 million people in the United States (SubVirt would later edit the gross sales thread to order 30 million data). Honest days later, T-Mobile would acknowledge a knowledge breach affecting 40 million current, weak or searching for what you offer who utilized for credit rating with the corporate.

The authorities says the victim agency hired a third-birthday celebration to secure the database and finish it from being sold to cybercriminals. That third-birthday celebration finally paid roughly $200,000 rate of bitcoin to the seller, with the settlement that the facts would be destroyed after sale. “However, it seems the co-conspirators persevered to try to sell the databases after the third-birthday celebration’s secure,” the affidavit alleges.

The FBI’s seizure of RaidForums was as soon as first reported by KrebsOnSecurity on Mar. 23, after a federal investigator confirmed rumors that the FBI had been secretly working the RaidForums web sites for weeks.

Coelho landed on the radar of U.S. authorities in June 2018, when he tried to enter the United States at the Hartsfield-Jackson Global Airport in Atlanta. The authorities got a warrant to search the digital devices Coelho had in his baggage and learned text messages, data and emails displaying he was as soon as the RaidForums administrator All-mighty.

“In an try to retrieve his items, Coelho known as the lead FBI case agent on or spherical August 2, 2018, and weak the electronic mail address unrivalled@pm.me to email the agent,” the authorities’s affidavit states. Investigators learned this similar address was as soon as weak to register rf.ws and raid.lol, which All-mighty launched on the discussion board would again as alternative enviornment names for RaidForums in case the positioning’s main enviornment was as soon as seized.

The DOJ talked about Coelho was as soon as arrested in the UK on January 31, at the United States’ quiz, and stays in custody pending the determination of his extradition hearing. A assertion from the U.Ok.’s National Crime Company (NCA) talked about the RaidForums takedown was as soon as the result of “Operation Tourniquet,” an investigation implemented by the NCA in cooperation with the United States, Europol and four diversified international locations that resulted in “a vogue of linked arrests.”

A duplicate of the indictment towards Coelho is on the market here (PDF).