SecureWorld News

RaidForums Seized and Admin Arrested

Written by Drew Todd | Wed | Apr 13, 2022 | 10:52 PM Z

The U.S. Department of Justice (DOJ) recently announced the seizure of RaidForums, one of the world's most popular marketplaces for cybercriminals, as well as charges against the alleged founder and chief administrator, 21-year-old Diogo Santos Coelho of Portugal.

Members of the forum have used the platform to offer up the sale of hundreds of databases of stolen information, which contained more than 10 billion unique records for individuals in the United States and internationally. The DOJ says in a statement:

"According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers."

Three domains were seized by authorities: "raidforums.com," "Rf.ws," and "Raid.lol." If you were to try to visit any of these sites, this is what you would see:

What was RaidForums?

When founded in 2015, RaidForums was used for exactly what the name implies. Members used the site to organize forms of electronic "raids," essentially harassing designated targets. Raids typically consisted of posting or sending an overwhelming number of messages to someone's online account, like a social media page. 

Raids also included "swatting," which is the practice of making false reports to public safety agencies that would result in immediate armed response from law enforcement.

[RELATED: FBI: Stolen Credentials Fueling Swatting Attacks]

Like any organization with a quality service, RaidForums expanded from these smaller, petty raids to an all-encompassing platform for cybercriminals.

The site was known to have facilitated the sale of stolen data from corporations, universities, and governments—not just in the United States, but around the world. The data contained the sensitive and private information of millions of individuals.

As for the man behind the curtain, Coehlo was arrested in the United Kingdom on January 31, 2022, and remains in custody pending the resolution of his extradition proceedings. The DOJ unsealed a six-count indictment against him, with charges of conspiracy, access device fraud, and aggravated identify theft.

The DOJ further discusses his crimes:

"Coelho allegedly controlled and served as the chief administrator of RaidForums, which he operated with the help of other website administrators. As administrators, Coelho and his co-conspirators are alleged to have designed and administered the platform's software and computer infrastructure, established and enforced rules for its users, and created and managed sections of the website dedicated to promoting the buying and selling of contraband, including a subforum titled 'Leaks Market' that described itself as '[a] place to buy/sell/trade databases and leaks.'"

Assistant Attorney General Kenneth A. Polite, Jr. of the DOJ's Criminal Division shared his thoughts on the case:

"The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information. This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator."

For more information, you can read the statement from the Department of Justice on the seizure of RaidForums.