The massive takedown of RaidForums might have little real impact against the large volume of hackers operating worldwide.
The U.S. Department of Justice on Tuesday announced it seized the website and user database for RaidForums, a popular English-language cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho, of Portugal — with six criminal counts, including conspiracy, access device fraud, and aggravated identity theft. Coelho was arrested in the United Kingdom on Jan.31, at the request of U.S. officials. He remains in custody pending the resolution of his extradition proceedings. Court records unsealed Tuesday indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.” Officials unsealed a six-count indictment against Coelho in the Eastern District of Virginia in connection with his role as the chief administrator of RaidForums. According to the indictment, between Jan.1,2015, and on or about Jan.31,2022, Coelho allegedly controlled and served as the chief administrator of RaidForums, which he operated with the help of other website administrators. Coelho and his co-conspirators are alleged to have designed and administered the platform’s software and computer infrastructure, established and enforced rules for its users, and created and managed sections of the website dedicated to promoting the buying and selling of contraband. They included a subforum titled “Leaks Market” that described itself as “[a] place to buy/sell/trade databases and leaks.” According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing sensitive personal and financial information of victims in the U.S. and elsewhere. The data included stolen bank routing and account numbers, credit card information, login credentials, and social security numbers. “The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator,” he added. Prior to its seizure, RaidForums members used the platform to offer for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the United States and internationally.
