One of the largest forums used by cybercriminals, Raidforums, has been shut down after the FBI took over following a joint operation with Europol, UK’s NCA and law enforcement authorities from Sweden, Romania, Portugal and Germany.
Three domains of the website — raidforums.com, rf.ws and raid.lol — have been seized, according to the DOJ. Raidforums founder and admin, Diogo Santos Coelho, a 21-year-old from Portugal, was arrested in the UK on January 31, which indicates that the joint task force could’ve been running the forum for some time — gathering data for future prosecution — before shutting it down.
Raidforums started in 2015, quickly becoming one of the go-to places for doxxing people online. However, over the years, it became a hub for English-speaking cybercriminals to buy and sell leaked databases of big businesses, which often included financial information of people and other personally identifiable information.
“The domain for Raidforums has been seized by the Federal Bureau of Investigation, the United States Secret Service, and the Department of Justice,” the banner on Raidforums website reads.
“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information. This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division.
An NCA spokesperson said, “Data from some of the most high profile hacking incidents in recent years could be located on the site and often the victims – real people, found themselves vulnerable to further crime like fraud. RaidForums had developed into one of the largest hacking forums online where hacking tips and stolen data were frequently exchanged.”
Raidforums members breached a rival hacking forum Cracked.to in 2019 and leaked the data of 321,000 Cracked.to members. The leaked database contained 749,161 unique email addresses, usernames, IP addresses, private messages and passwords stored as bcrypt hashes.
Last year, a Raidforums member also leaked 8.2TB of Mobikwik’s customer data, including contact and financial details, of about 3.5 million people. About six months back, Raidforums members were allegedly also involved in compromising the FBI’s email servers.