The U.S. Department of Justice on Tuesday introduced it seized the web site and person database for RaidForums, a well-liked English-language cybercrime discussion board that bought entry to greater than 10 billion shopper information stolen in a number of the world’s largest knowledge breaches since 2015.
The DOJ additionally charged the alleged administrator of RaidForums — 21-year-old Diogo Santos Coelho, of Portugal — with six prison counts, together with conspiracy, entry machine fraud, and aggravated identification theft.
Coelho was arrested within the United Kingdom on Jan. 31, on the request of U.S. officers. He stays in custody pending the decision of his extradition proceedings.
Court information unsealed Tuesday point out that the United States just lately obtained judicial authorization to grab three domains that lengthy hosted the RaidForums web site. These domains have been “raidforums.com,” “Rf.ws,” and “Raid.lol.”
Officials unsealed a six-count indictment in opposition to Coelho within the Eastern District of Virginia in connection along with his position because the chief administrator of RaidForums. According to the indictment, between Jan. 1, 2015, and on or about Jan. 31, 2022, Coelho allegedly managed and served because the chief administrator of RaidForums, which he operated with the assistance of different web site directors.
Illegal Online Marketplace
Coelho and his co-conspirators are alleged to have designed and administered the platform’s software program and pc infrastructure, established and enforced guidelines for its customers, and created and managed sections of the web site devoted to selling the shopping for and promoting of contraband. They included a subforum titled “Leaks Market” that described itself as “[a] place to buy/sell/trade databases and leaks.”
According to the affidavit filed in assist of those seizures, from in or round 2016 by means of February 2022, RaidForums served as a significant on-line market for people to purchase and promote hacked or stolen databases containing delicate private and monetary info of victims within the U.S. and elsewhere. The knowledge included stolen financial institution routing and account numbers, bank card info, login credentials, and social safety numbers.
“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” stated Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division.
“This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator,” he added.
Massive International Take Down
Prior to its seizure, RaidForums members used the platform to supply on the market lots of of databases of stolen knowledge containing greater than 10 billion distinctive information for people residing within the United States and internationally.
At the time of its founding in 2015, RaidForums additionally operated as a web based venue for organizing and supporting types of digital harassment, together with by “raiding” — posting or sending an awesome quantity of contact to a sufferer’s on-line communications medium — or “swatting” — the observe of creating false reviews to public security companies of conditions that may necessitate a major, and fast armed regulation enforcement response.
The seizure of those domains by the federal government will forestall RaidForums members from utilizing the platform to visitors in knowledge stolen from companies, universities, and governmental entities within the United States and elsewhere, together with databases containing the delicate, non-public knowledge of hundreds of thousands of people world wide, in line with the DOJ.
“Our interagency efforts to dismantle this sophisticated online platform — which facilitated a wide range of criminal activity — should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” stated U.S. Attorney Jessica D. Aber for the Eastern District of Virginia.
“Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either,” she asserted.
The regulation enforcement actions in opposition to RaidForums and Coelho resulted from an ongoing prison investigation by the FBI’s Washington Field Office and the U.S. Secret Service.
Seizure of the RaidForums web site and the fees in opposition to {the marketplace}’s administrator present the power of the FBI’s worldwide partnerships, famous Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office.
U.S. officers credited assist from Joint Cybercrime Action Taskforce (Europol), National Crime Agency (U.Ok.), Swedish Police Authority (Sweden), Romanian National Police (Romania), Judicial Police (Portugal), Internal Revenue Service Criminal Investigation, Federal Criminal Police Office (Germany) and different regulation enforcement companions.
“Cybercrime transcends borders, which is why the FBI is committed to working with our partners to bring cybercriminals to justice — no matter where in the world they live or behind what device they try to hide,” stated D’Antuono.
Operational Expertise Disclosed
To revenue from the illicit exercise on the platform, RaidForums charged escalating costs for membership tiers that provided larger entry and options. The pricing construction included a top-tier “God” membership standing.
RaidForums additionally bought “credits” that offered members entry to privileged areas of the web site and enabled members to “unlock” and obtain stolen monetary info, technique of identification, and knowledge from compromised databases, amongst different objects. Members might additionally earn credit by means of different means, corresponding to by posting directions on find out how to commit sure unlawful acts.
According to the indictment, Coelho additionally personally bought stolen knowledge on the platform and straight facilitated illicit transactions by working a fee-based “Official Middleman” service. For that service, Coelho allegedly acted as a trusted middleman between RaidForums members searching for to purchase and promote contraband on the platform, together with hacked knowledge.
Notably, to create confidence amongst transacting events, the Official Middleman service enabled purchasers and sellers to confirm the technique of cost and contraband recordsdata being bought previous to executing the transaction.
Long-Term Impact Questioned
The huge takedown of RaidForums might need little actual impression in opposition to the big quantity of hackers working worldwide, in line with Casey Ellis, founder and CTO at crowdsourced cybersecurity agency Bugcrowd.
“I question the long-term impact of this action on the cybercriminal industry. Cybercrime and its supporting criminal services are, by and large, incredibly successful, and profitable for those who operate them. Business models like this tend to find a way to continue to exist,” he informed TechNewsWorld.
A D V E R T I S E M E N T
It positively gives a deterrent facet to folks contemplating launching related boards and marketplaces, he added. However, he suspects they may merely evolve the methods used to keep up operational safety and keep away from detection.
“The other counter-intuitive consequence of this action is that it essentially burns a valuable tool used by those in CTI, who infiltrate forums like this one, build fake personas, and use them to gather tactical breach and risk intelligence,” he stated.
Still, the arrest and seizure are essential in as a lot as they disrupt a market and create further issue and value for cybercriminals who wish to monetize their providers and stolen knowledge.
“It is also a clear signal to other forum operators that they are in the DOJ’s crosshairs,” he stated.
Disruption May Be Key Deterrent
The takedown of RaidForums will trigger a pure energy vacuum throughout the cybercriminal group. Many of Raid’s members are prone to flock to different platforms, recommended Chris Morgan, senior cyber menace intelligence analyst in danger safety agency Digital Shadows.
“The takedown of Raidforums is unlikely to result in a major disruption to overall cybercriminal activity. Cybercriminals are well versed to platforms being taken down by LEAs and so they remain agile and fluid as to where their next forum of choice is likely to pop-up,” he informed TechNewsWorld.
The seizure of a person discussion board won’t have a lot long-term impression, agreed John Bambenek, principal menace hunter at digital IT and safety operations agency Netenrich.
“However, if the justice department can keep up the pace of operations against many of these forums, it will provide a very strong disruption to the overall cybercrime ecosystem,” he predicted. “Just like a crime wave is not solved with individual prosecutions, cybercrime is no different.”