Through coordinated efforts with Europol, U.S. law enforcement shut down the RaidForums hacker forum on January 31st, 2022, and seized its domain during Operation TOURNIQUET, an international investigation involving law enforcement agencies from several countries.
The RaidForums site’s name is a nod to the community’s humble beginnings in 2015, when the site was primarily used to organize and promote various forms of electronic harassment. The United States DOJ reported that such activity included “raiding” – posting or contacting an overwhelming volume of victims on their online communication mediums – and “swatting”, the practice of making false reports to public safety agencies of situations that called for an armed police response.”
However, as the trade in hacked databases became a big business, RaidForums became the go-to place for English-speaking hackers to market their wares. One of the busiest markets within RaidForums was the “Leaks Market,” which offered hacked databases and leaks for sale, trade, and auction.
According to the government, Diogo Santos Coelho, aka Omnipotent, an administrator and founder of RaidForums made money from the illegal activity on the platform by charging “escalating prices for membership tiers that offered greater access and features, including a top-tier “God” membership status.”
“RaidForums also sold ‘credits’ that allowed members to access privileged areas of the website and to obtain stolen financial information, means of identification, and information stolen from compromised databases, among other things,” the DOJ said in a written statement.
“Members could also earn credits through other methods, such as by posting instructions on how to commit illegal acts.
Coelho also directly facilitated illicit transactions through his operation of a fee-based “Official Middleman” service, a kind of escrow or insurance service that criminals were encouraged to use when transacting with each other on RaidForums. According to investigators, several instances were cited where undercover agents or confidential informants used Omnipotent’s escrow service to purchase huge quantities of data from Coelho’s alternate identities, which means he not only sold data he personally hacked, but further profited by insisting on handling the transactions through his own company.
On August 11, 2021, a user known as “SubVirt” posted on RaidForums an offer to sell Social Security numbers, dates of birth, and other records of more than 120 million individuals in the United States (SubVirt later changed the thread to say 30 million). In just two days, T-Mobile acknowledged a data breach affecting 40 million of its customers, former customers, and prospective customers who applied for credit from the company.
The government claims the victim firm hired a third-party to purchase the database and prevent it from being sold to cybercriminals. In the end, the third party paid approximately $200,000 in bitcoin to the seller, with the understanding that the data would be destroyed following the transaction. Despite this, the co-conspirators apparently continued selling the databases after the third party purchased them, according to the affidavit.
First reported by KrebsOnSecurity on March 23, the seizure of RaidForums was the result of an FBI agent confirming rumors that the agency had secretly operated the website for weeks.
In a DOJ statement, the DOJ explained that Coelho was arrested on January 31, at the United States’ request, and he remains in custody until his extradition hearing is resolved.
According to the DOJ, Coelho is 21 years old, which means he was only 14 when he launched RaidForums in 2015.
RaidForums has been seized on three domain names: raidforums.com, rf.ws, and raid.lol
The Nihka Technology Group is a South African technology company based in Johannesburg, South Africa. The Group is focused on bringing the digital future to both the private and public sectors, locally and globally by delivering innovative, integrated technologies and intelligent solutions. Nihka offers end-to-end multi-dimensional consulting with an emphasis on integrating the human potential. Bringing EQ into AI.
www.nihka.co.za