U.S. Leads Seizure of One of the World’s Largest Hacker Forums, Arrests Admin

News -- The Department of Justice announced today the seizure of the RaidForums website, a prominent marketplace for cybercriminals to acquire and sell hacked data, as well as the unsealing of criminal charges against RaidForums'

creator and chief administrator, Diogo Santos Coelho, of Portugal.

Coelho was arrested in the United Kingdom on Jan. 31 at the request of the United States and is still being held in custody pending the outcome of his extradition procedures.

According to court documents unsealed today, the US recently acquired judicial clearance to confiscate three domains that previously hosted the RaidForums website. "Raidforums.com," "Rf.ws," and "Raid.lol" were the domains in question. According to the affidavit supporting these seizures, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing numbers, from around 2016 to February 2022. Prior to its seizure, members of RaidForums utilized the platform to sell hundreds of stolen data databases comprising over 10 billion unique records for people in the United States and around the world. RaidForums was founded in 2015 as an online venue for organizing and supporting forms of electronic harassment, such as "raiding" – the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response – or "swatting" – the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response.

The government's seizure of these domains will prevent RaidForums members from trafficking in data stolen from corporations, universities, and governmental entities in the United States and elsewhere, including databases containing the sensitive, private data of millions of people all over the world.

In addition, in conjunction with his role as the chief administrator of RaidForums, a six-count indictment charging Coelho with conspiracy, access device fraud, and aggravated identity theft was unsealed in the Eastern District of Virginia. Coelho reportedly controlled and served as the chief administrator of RaidForums, which he allegedly administered with the support of other website administrators, between January 1, 2015, and on or about January 31, 2022, according to the indictment. Coelho and his co-conspirators are accused of designing and administering the platform's software and computer infrastructure, establishing and enforcing rules for its users, and creating and managing sections of the website dedicated to promoting the buying and selling of contraband, such as a subforum titled "Leaks Market," which advertised itself as "a place to buy/sell/trade databases and leaks."

“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division. “This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it, and as a warning to those cybercriminals who participated in these types of nefarious activities,” said U.S. Attorney Jessica D. Aber for the Eastern District of Virginia. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

“The seizure of the RaidForums website – which facilitated the sale of stolen data from millions of people throughout the world – and the charges against the marketplace's administrator are a testament to the strength of the FBI's international partnerships,” said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office said. “Cybercrime transcends borders, which is why the FBI is committed to working with our partners to bring cybercriminals to justice – no matter where in the world they live or behind what device they try to hide.”

“This global investigation signifies the remarkable dedication of the U.S. Secret Service and highlights our partnerships with our foreign law enforcement counterparts essential to disrupting sophisticated networks of cyber criminals,” said Special Agent in Charge Jason D. Kane of the U.S. Secret Service’s Criminal Investigative Division. “This case exemplifies teamwork at all levels of law enforcement to stop these cyber criminals from defrauding citizens of the United States and in our partner countries.”

RaidForums charged escalating charges for membership levels that gave increased access and functionality, including a top-tier "God" membership status, in order to profit from the platform's unlawful behavior. RaidForums also sold "credits" that allowed members to get access to restricted portions of the website and "unlock" and download stolen bank information, identification documents, and data from hacked databases, among other things. Members might also earn credits by publishing directions on how to perform specific unlawful crimes, for example.

According to the indictment, Coelho also sold stolen data on the network and used a fee-based "Official Middleman" service to directly facilitate unlawful transactions. Coelho allegedly functioned as a trusted broker between RaidForums members looking to buy and sell contraband on the platform, including hacked data, for the Official Middleman service. The Official Middleman service, for example, allowed customers and sellers to verify the means of payment and illicit files being sold before completing the transaction, which helped to build trust between the parties.
Prior to its seizure, members of RaidForums utilized the platform to sell hundreds of stolen data databases comprising over 10 billion unique records for people in the United States and around the world. RaidForums was founded in 2015 as an online venue for organizing and supporting forms of electronic harassment, such as "raiding" – the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response – or "swatting" – the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response.

Senior Trial Attorney Aarash Haghighat of the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Carina A. Cuellar for the Eastern District of Virginia are prosecuting the case against Coelho. The Justice Department’s Office of International Affairs provided significant assistance throughout the criminal investigation.

The law enforcement actions against RaidForums and Coelho are the result of an ongoing criminal investigation by the FBI’s Washington Field Office and the U.S. Secret Service. The department also thanks the support provided by Joint Cybercrime Action Taskforce (Europol), National Crime Agency (UK), Swedish Police Authority (Sweden), Romanian National Police (Romania), Judicial Police (Portugal), Internal Revenue Service Criminal Investigation, Federal Criminal Police Office (Germany) and other law enforcement partners.

Anyone that has any information regarding Coelho or RaidForums should file a complaint at ic3.gov with #RaidForums in the description.

An indictment is merely an allegation, and all defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

Wnctimes by Marjorie Farrington April 12, 2022