Hacking marketplace shuttered as creator is arrested
RaidForums, a popular marketplace where cybercriminals would buy and sell stolen data, has been shut down and its infrastructure seized in a major cross-border law enforcement operation.
The RaidForums admin and two of his collaborators were arrested as part of Operation TOURNIQUET, which Europol managed in support of independent investigations in the USA, UK, Romania, Sweden and Portugal.
The marketplace offered access to more than 10 billion units of customer information, stolen in some of the world's largest data breaches, since its launch in 2015. The information included usernames and passwords, as well as details for millions of credit cards, bank accounts and routing information.
Last June, data harvested from 700 million LinkedIn members was offered for sale on the forum, which unusually operated on the open internet rather than the Darkweb.
The US Department of Justice (DoJ) said that federal agencies recently received legal approval to confiscate three domains that hosted the RaidForums website: 'raidforums.com,' 'Raid.lol' and 'Rf.ws'. As a result, RaidForums' members can no longer use the site to traffic stolen data.
A man called Diego Santos Coelho, the creator and chief admin of RaidForums, was detained in the UK on 31st January. He is facing six criminal charges, including conspiracy, aggravated identity theft and access device fraud.
Coelho is accused of setting up a membership programme that enabled site users to pay for access to chatrooms where they could share links, photos, and data related to cybercrime.
He remains in custody pending extradition to the USA.
Separately, the UK's National Crime Agency (NCA) said another alleged site founder - a 21-year-old Croydon man - was arrested at his home in March.
"The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cybercriminals profit from the large-scale theft of sensitive personal and financial information," said assistant attorney general Kenneth A. Polite, Jr. of the DoJ's Criminal Division.
"This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator."
Operation TOURNIQUET was the result of a year of coordinated efforts by various law enforcement agencies.
By exchanging information between multiple agencies, the investigators were able to identify the roles their targets played within the RaidForums ecosystem, including the administrator, money launderers, users in charge of stealing/uploading data, and purchasers.
"Disruption has always been a key technique in operating against threat actors online, so targeting forums that host huge amounts of stolen data keeps criminals on their toes," said Edvardas Šileris, the Head of Europol's European Cybercrime Centre.
"Europol will continue working with its international partners to make cybercrime harder - and riskier -to commit."
Earlier this month, another operation led to the shut down of Russia-linked Hydra, an online criminal marketplace where predominantly Russian users purchased and sold unlawful goods and services such as narcotics, stolen financial information, forged identity papers, money laundering and mixing services.
Hydra has collected about $5.2 billion in cryptocurrency since 2015, according to the DoJ.