An international law enforcement operation raided and took down RaidForums, one of the world’s largest hacking forums notorious for selling access to hacked personal information belonging to users.
Dubbed Tourniquet, the seizure of the cybercrime website involved authorities from the U.S., U.K., Sweden, Portugal, and Romania, with the criminal investigation resulting in the arrest of the forum’s administrator at his home last month in Croydon, England.
The three confiscated domains associated with the illicit marketplace include “raidforums[.]com,” “Rf[.]ws,” and “Raid[.]lol.”
Diogo Santos Coelho (aka “Omnipotent”), the said founder and chief administrator, was apprehended in the U.K. on January 31 and is pending extradition to the U.S. Santos Coelho has been charged with conspiracy, access device fraud, and aggravated identity theft.
In addition to detailing Santos Coelho’s central role in designing and administering the software and computer infrastructure, the U.S. Justice Department (DoJ) accused the 21-year-old Portuguese national of operating a fee-based middleman service to facilitate the transactions on the platform.
“Notably, to create confidence amongst transacting parties, the Official Middleman service enabled purchasers and sellers to verify the means of payment and contraband files being sold prior to executing the transaction,” the DoJ said.
Europol, which called it a “culmination of a year of meticulous planning,” said RaidForums had more than 500,000 users since its launch in January 2015, with the storefront offering for sale databases of pilfered data comprising more than 10 billion unique records of individuals in the U.S. and abroad.
These databases, which served as a repository of personal data, contained credit card details, bank account numbers and routing information, social security numbers, and the usernames and associated passwords needed to access online accounts.
“This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of U.S. corporations across different industries,” the agency said. “These datasets were obtained from data breaches and other exploits carried out in recent years.”