US Leads Seizure of One of World’s Largest Hacker Forums, Arrests Admin | Takeover bid
The Justice Department today announced the seizure of the RaidForums website, a popular marketplace for cybercriminals to buy and sell hacked data, and unsealed criminal charges against RaidForums founder and chief administrator Diogo Santos Coelho , 21 years old, from Portugal. Coelho was arrested in the UK on January 31 at the request of the United States and remains in custody pending the resolution of his extradition proceedings.
Court records unsealed today indicate that the United States recently obtained judicial authorization to seize three domains that have long hosted the RaidForums site. These domains were “raidforums.com”, “Rf.ws” and “Raid.lol”. According to the affidavit filed in support of these seizures, from 2016 or around February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing personal and financial information. sensitive victims in the United States. and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.
“Dismantling this online marketplace for the resale of hacked or stolen data disrupts one of the primary ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “This is another example of how working with our international law enforcement partners has resulted in the closure of a criminal market and the arrest of its administrator.”
“Our interagency efforts to take down this sophisticated online platform – which has facilitated a wide range of criminal activity – should be a relief to the millions of people who fall victim to it and a warning to cybercriminals who have participated in this type of nefarious activities,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Online anonymity has not been able to protect the defendant in this case from prosecution, nor will it protect other online criminals.”
“The seizure of the RaidForums website – which facilitated the sale of stolen data to millions of people around the world – and the charges brought against the marketplace’s administrator demonstrate the strength of the FBI’s international partnerships,” said the Deputy Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office said. “Cybercrime transcends borders, which is why the FBI is committed to working with its partners to bring cybercriminals to justice – no matter where in the world they live or what device they’re trying to hide behind.”
“This global investigation demonstrates the remarkable dedication of the United States Secret Service and highlights our partnerships with our foreign law enforcement counterparts, critical to disrupting sophisticated cybercriminal networks,” said Special Agent in Charge Jason D. Kane of the US Secret Service’s Criminal Investigations Division. . “This case exemplifies teamwork at all levels of law enforcement to stop these cybercriminals from defrauding citizens of the United States and our partner countries.”
Prior to its seizure, RaidForums members used the platform to offer for sale hundreds of stolen databases containing more than 10 billion unique records for individuals residing in the United States and internationally. At the time of its creation in 2015, RaidForums also functioned as an online place to organize and support forms of electronic harassment, including “raiding” – posting or sending an overwhelming volume of contacts to the online communication medium of victimizing – or “swatting” – the practice of making false reports to public safety agencies of situations that would require a significant and immediate armed response from law enforcement.
Seizure of these domains by the government will prevent RaidForums members from using the platform to traffic stolen data to businesses, universities, and government entities in the United States and elsewhere, including databases containing the sensitive and private data of millions of individuals around the world. .
Additionally, a six-count indictment against Coelho was unsealed in the Eastern District of Virginia, charging him with conspiracy, access device fraud and aggravated identity theft in connection with of his role as chief administrator of RaidForums. According to the indictment, between January 1, 2015 and January 31, 2022 or around that date, Coelho allegedly controlled and acted as the chief administrator of RaidForums, which he operated with the help of other administrators. of websites. As administrators, Coelho and his co-conspirators allegedly designed and administered the platform’s software and IT infrastructure, established and enforced rules for its users, and created and managed sections of the website dedicated to promoting buying and selling contraband, including a sub-forum titled “Leaks Market” which describes itself as “[a] place to buy/sell/trade databases and leaks.
To take advantage of illicit activity on the platform, RaidForums charged escalating prices for membership tiers that offered greater access and functionality, including premium “God” membership status. RaidForums also sold “credits” which provided members with access to privileged areas of the website and allowed members to “unlock” and download stolen financial information, credentials and data from databases. compromised, among other things. Members could also earn credits in other ways, such as posting instructions on how to perform certain illegal acts.
According to the indictment, Coelho also personally sold stolen data on the platform and directly facilitated illicit transactions by operating a paid “official intermediary” service. For the Official Middleman service, Coelho allegedly acted as a trusted intermediary between RaidForums members seeking to buy and sell contraband on the platform, including hacked data. In particular, to create trust between the parties to the transaction, the official intermediary service allowed buyers and sellers to verify the means of payment and contraband files sold before executing the transaction.
Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division; US Attorney Jessica D. Aber for the Eastern District of Virginia; Special Agent in Charge Jason D. Kane of the U.S. Secret Service’s Criminal Investigations Division; and Deputy Director Steven M. D’Antuono of the FBI’s Washington Field Office made the announcement.
Senior Prosecutor Aarash Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant United States Attorney Carina A. Cuellar for the Eastern District of Virginia are pursuing the case against Coelho. The Department of Justice’s Office of International Affairs provided significant assistance throughout the criminal investigation.
The law enforcement actions against RaidForums and Coelho are the result of an ongoing criminal investigation by the FBI’s Washington Field Office and the US Secret Service. The department also acknowledges the support provided by the Joint Cybercrime Task Force (Europol), National Crime Agency (UK), Swedish Police (Sweden), Romanian National Police (Romania), Police Judiciary (Portugal), Internal Revenue Service Criminal Investigation, Federal Bureau of Criminal Police (Germany) and other law enforcement partners.
Anyone with information about Coelho or RaidForums should file a complaint on ic3.gov with #RaidForums in the description.
An indictment is only an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt by a court.