US law enforcement has shut down one of the largest cyber-criminal online forums in the world & revealed the charges its Portuguese founder will face in US Federal Court.
However, the takedown is likely to only be a temporary blow to hackers, who will find other ways of buying & selling data stolen in cyber-attacks, security professionals noted.
Portuguese
The US DoJ is charging its founder, 21-year-old Portuguese citizen Diogo Santos Coelho, on 6 criminal counts, including conspiracy, access device fraud & aggravated identity theft.
The US Department of Justice (DoJ) revealed on Tues. that it has seized 3 domains to affectively shut down the Raid Forums website, a major English-language online marketplace for cyber-criminals to buy & sell databases stolen from organizations in ransomware & other cyber-attacks.
The domains seized by the US Feds after obtaining judicial authorisation were “raidforums.com,” “Rf.ws,” & “Raid.lol,” according to a press release.
Unsealed Charges
The US DoJ also unsealed charges being brought against Raid Forums’ Founder & Chief Administrator, 21-year-old Portuguese citizen Diogo Santos Coelho, who was arrested in the UK on Jan. 31. He is being charged on six counts, including conspiracy, access device fraud & aggravated identify theft.
The seizure of Raid Forum’s domains means that members can no longer use the site to traffic stolen data, according to the US Feds. The site is well known among cyber-criminal circles as an online hub for buying & selling data stolen in cyber-attacks.
10b Consumer Records
Since its inception in 2015 Raid Forums has sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches. For instance, data ‘scraped’ from profiles of some 700m LinkedIn users was posted for sale on the forum last June.
“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cyber-criminals’ profit from the large-scale theft of sensitive personal & financial information,” stated Assistant Attorney General Kenneth Polite of the US DoJ’s Criminal Division, in a statement.
Polite cited international collaboration with authorities in Portugal, the European Union & the UK as crucial to the collective law-enforcement effort that led to the seizure & arrest of Coelho.
Temporary Disruption
The takedown also is a warning to other hacker marketplaces that they could be next as the US Feds. continue to crack down on cyber-criminal activity, observed a security professional.
“It’s important in as much as it’s disrupting a marketplace & creating additional difficulty and cost for cyber-criminals who are looking to monetize their services & stolen data,” Casey Ellis, founder & CTO at crowdsourced cyber-security firm Bugcrowd, commented.
“It’s also a clear signal to other forum operators that they are in the DOJ’s crosshairs.”
Shutdown
However, he commented that the shutdown is unlikely to have a long-term impact on cyber-criminal activity, as threat players likely will just change tactics & find other ways to profit from their bad activity.
“Cybercrime, & its supporting criminal services are, by & large, incredibly successful & profitable for those who operate them, & business models like this tend to find a way to continue to exist,” Ellis noted.
Power Vacuum
The shutdown of Raid Forums merely presents an opportunity for other hacker forums to fill the “natural power vacuum” it creates within the cyber-criminal community, sending its members to alternative dark web sites, noted a security professional.
“The takedown of Raid Forums is unlikely to result in a major disruption to overall cyber-criminal activity; cyber-criminals are well versed to platforms being taken down by law enforcement & so they remain agile & fluid as to where their next forum of choice is likely to pop-up,” wrote Chris Morgan, senior cyber threat intelligence analyst at digital risk protection solution provider Digital Shadows.
Hacker Hub
Raid Forums went online in 2015, initially operating as an online venue for organising & supporting forms of electronic harassment, according to the US DoJ statement.
This included “raiding,” or posting or sending an overwhelming volume of contact to a victim’s online communications medium, as well as “swatting,” the practice of making false reports to public safety agencies of situations that would necessitate a significant, & immediate armed law enforcement response.
Online Marketplace
Between 2016 and 2022, Raid Forums primarily served as a major online marketplace for people to buy & sell hacked or stolen databases that contain sensitive personal & financial information of victims of cyber-attacks in the US & elsewhere.
Stolen records that could be bought & sold on the forum included: stolen bank routing & account numbers, credit card information, login credentials & social security numbers, explained the US authorities.
Raid Forums acted on a membership business model, charging escalating prices for membership tiers that offered greater access & features, including a top tier “God” membership status, according to the DoJ.
Privileged Areas
The forum also sold “credits” that provided members access to privileged areas of the website to download stolen financial information, online credentials & personal identification data from compromised databases, among other items.
Members could also earn credits through other means, such as by posting instructions on how to commit fraudulent acts online, according to the US DoJ.
Facing Charges
Coelho is facing a 6-count indictment in the US Eastern District of Virginia for his role as the Chief Administrator of Raid Forums, which he operated with the help of other website administrators, according to the US DoJ.
Coelho & his co-conspirators allegedly designed & administered the platform’s software & computer infrastructure, established & enforced rules for its users, & created & managed sections of the website dedicated to promoting the buying & selling of illegally stolen data. E.g., the site included a subforum titled “Leaks Market,” a self-described “place to buy/sell/trade databases & leaks.”
Sold Stolen Data
Coelho also personally sold stolen data on the platform, & directly facilitated illegal transactions by operating a fee-based “Official Middleman” service, according to the US DoJ.
In this service, Coelho allegedly functioned as a trusted link between Raid Forums members seeking to buy & sell hacked data on Raid Forums, officials observed.
Collaborated
Law-enforcement agencies that collaborated in the effort include FBI’s Washington Field Office, US Secret Service, Joint Cybercrime Action Taskforce (Europol), National Crime Agency (UK), Swedish Police Authority (Sweden), Romanian National Police (Romania), Judicial Police (Portugal), US Internal Revenue Service Criminal Investigation, Federal Criminal Police Office (Germany) & others.