Notorious for being a place to openly buy and sell stolen databases from around the world, but just last night (Vietnam time), this forum was closed by US law enforcement and confiscated. recover domains in a campaign called TOURNIQUET. This operation was carried out under the coordination of Europol with the participation of law enforcement agencies in many other countries.
Not only that, the administrator of Raidforums and two accomplices were also arrested, and the entire infrastructure of this illegal exchange is now under the control of law enforcement.
In fact, the administrator and founder of Raidforums, Diogo Santos Coelho, aka Omnipotent, Portuguese, was arrested on January 31 in the UK and is facing criminal charges. the. This person has been detained since his arrest and is awaiting extradition proceedings.
The US Department of Justice said that Coelho is 21 years old, meaning he was only 14 years old when he founded Raidforums in 2015.
Hosted domains for Raidforums include: raidforums.com, Rf.ws and Raid.lol were also seized during this operation.
So far, the forum has offered for sale more than 10 billion records from hundreds of stolen databases, affecting people living in the US, according to a report from the US Department of Justice. Europol’s own announcement said that RaidForums has more than 500,000 users and is “regarded as one of the largest hacking forums in the world.”
The takedown of this forum and its infrastructure was the result of a year of planning between law enforcement agencies including the US, UK, Sweden, Portugal and Romania.
According to the indictment, Coelho has been running RaidForums since January 1, 2015 with the help of several administrators to organize the promotion of the sale of stolen databases. In order to make a profit, the forum charges different membership tiers to give them higher-level access to areas where stolen data is posted to the forum.
In addition, Coelho acts as a trusted intermediary for the parties to the transaction, providing confidence that the buyer and seller will honor their agreement.
Rumors have been circulating since February
Many security researchers have suspected that RaidForums was seized by law enforcement in February when every page of the forum forced users to log in. However, when logging into a site, another login window appears.
This led researchers and many forum members to believe that the site had been seized and that the constant login prompts were a phishing scam by law enforcement to collect login information. of members.
As of February 27, 2022, the DNS servers of raidforums.com suddenly changed to servers: Jocelyn.ns.cloudfare.com, plato.ns.cloudfare.com – these DNS servers were used for previously seized websites, including weleakinfo.com and doublevpn.com. This further leads the researchers to believe that this website domain has been seized.
Refer to bleepingcomputer