When a data breach occurs, this information is often sold on the dark web to make tracking more difficult. But there are also those who take risks on “normal” websites. One of them was shut down by the US Department of Justice (DoJ) this week: the raid forumswhich served as a marketplace for various databases, including those of Megaleak of 223 million CPFs.
Hacker illustrative image (Image: B_A/Pixabay)
US officials rate RaidForums as “one of the largest hacker forums in the world“. It is no exaggeration: the data traded there came from practically every continent, which is why the operation involved Europol and authorities from countries such as Germany, Sweden and the United Kingdom.
Now enter the forum and you will see a notice saying “This domain has been confiscated”. However, the closure of the website was not the only result of the action: the alleged creator and administrator of RaidForums, Portuguese Diogo Santos Coelho, 21, was arrested on January 31 at the request of American authorities in the United Kingdom.
Coelho is being held pending the completion of his extradition proceedings to the United States. He faces at least six charges, including identity theft and “access device fraud.”
Two other suspected forum contributors were also arrested, and that number could be rising: Prior to the RaidForums acquisition, the FBI spent weeks running the site, likely to gather more data on the investigation and identify other participants.
In February, the forum even displayed login fields on every page, but the process didn’t work, leading participants and security researchers to suspect the site had been confiscated by authorities. Confirmation came this week.
There may be more arrests over this, but surely no one will find themselves in a more complicated situation than Coelho’s: when the DoJ speaks of “access device fraud,” they’re referring to things like card details, social security numbers, and login credentials. According to the investigation, Coelho sold “credits” to forum users so that they could buy the stolen data.
In other words, the allegations against Portuguese are serious and can result in heavy penalties.
RaidForums has been closed (Image: Emerson Alecrim/Tecnoblog)
RaidForums has sold hundreds of databases
RaidForums was founded in 2015 when Coelho was a 14yearold teenager. While the site originally served to organize hacks, it mainly served as an online marketplace for selling leaked data hundreds of different databases were exposed there.
According to investigations, Coelho himself even used the forum to sell data (through an account called Omnipotent), citing an offer he made in December 2018 that appeared to involve 2.3 million personal records from hotels in the United States went.
Even data from Brazilians ended up in RaidForums. The site was among those used in attempts to sell data on the megaleak of 223 million CPFs, which also included information such as address, phone number and credit score.
The international coalition that led to the site’s closure was the result of a year of planning. In addition to the “.com” address, the operation resulted in the seizure of two alternative domains on the forum.
With information: Ars Technica.