UPDATED 20:16 EDT / APRIL 12 2022

SECURITY

RaidForums hacking forum take offline and founder indicted

The RaidForums hacking forum has been taken offline and its founder indicted as part of an international effort to target the popular hacking site.

RaidForums was not a darknet site, one available only using special software, but instead existed on the regular internet. Although it offered a variety of illegal services, it was best known for trading in stolen credentials.

The Justice Department claims that RaidForums members used the platform to provide for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the U.S. and internationally. At the time of its founding in 2015, RaidForums also operated as an online venue for organizing and supporting forms of electronic harassment, including raiding, the practice of posting or sending an overwhelming volume of contact to a victim’s online communications medium, and swatting, which involves making prank calls to emergency services about ongoing critical incidents to get them to visit an address unnecessarily.

Raidforums.com, along with Raid.ws and Raid.lol domains used by the site, were seized by the U.S. Department of Justice with the image above now appearing where the forum once resided. The founder of RaidForums, Diogo Santos Coelho of Portugal, was arrested in the U.K. on Jan. 31 and now faces extradition to the U.S.

Coelho is facing six counts for his operation of RaidForums, including conspiracy, access device fraud and aggravated identify theft. It’s alleged that Coelho both personally sold stolen data on the platform and directly facilitated illicit transactions by operating a fee-based “Official Middleman” service.

“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimized by it and as a warning to those cybercriminals who participated in these types of nefarious activities,” Jessica D. Aber, U.S. Attorney for the Eastern District of Virginia, said in a statement today. “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”

The Justice Department claims that the takedown will prevent RaidForums members from using the platform to traffic in data stolen from corporations, universities, and governmental entities in the United States and elsewhere. However, every takedown like this is typically a game of Whac-A-Mole: Take one website down and three others will take their place.

“I question the long-term impact of this action on the cybercriminal industry,” Casey Ellis, founder and chief technology officer at crowdsourced cybersecurity company Bugcrowd Inc., told SiliconANGLE. “Cybercrime and its supporting criminal services are, by and large, incredibly successful and profitable for those who operate them and business models like this tend to find a way to continue to exist.”

Ellis added that “the counterintuitive consequence of this action is that it essentially burns a valuable tool used by those in cyberthreat intelligence, who infiltrate forums like this one, build fake personas and use them to gather tactical breach and risk intelligence.”

Chris Morgan, senior cyberthreat intelligence analyst at digital risk protection solutions firm Digital Shadows Ltd. noted that with the takedown of RaidForums, there will be a natural power vacuum within the cybercriminal community, with many of Raid’s membership likely to flock to alternative platforms.

“The takedown of Raidforums is unlikely to result in a major disruption to overall cybercriminal activity; cybercriminals are well versed to platforms being taken down by law enforcement agencies and so they remain agile and fluid as to where their next forum of choice is likely to pop up,” Morgan explained. “There are already numerous forums that have a foundation to act as a home for the RaidForums community, many which appear to have been styled and constructed in a similar fashion.”

John Bambenek, principal Threat Hunter at It service management company Netenrich Inc., said there will always be a need for criminals to have some form of black market.

“The seizure of an individual forum will not have much long-term impact, but if the Justice Department can keep up the pace of operations against many of these forums, it will provide a very strong disruption to the overall cybercrime ecosystem,” Bambenek said. “Just like a crime wave is not solved with individual prosecutions, cybercrime is no different.”

Image: RaidForums/Justice Department

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU