RaidForums, an illegal dark web marketplace, has been closed, and its infrastructure seized in an international law enforcement Operation TOURNIQUET. Europol’s European Cybercrime Center has coordinated the operation.
The Department of Justice, in a press release, announced the taking down of RaidForums and pressed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coehlo, a Portuguese. At United States’ request, the U.K police arrested Coelho in the United Kingdom on Jan. 31.
Coelho allegedly was RaidForum’s chief administrator between Jan 1, 2015, and Jan 31, 2022. The Portuguese also steered a subforum “Leaks Market” that advertised itself as “ [a] place to buy/sell/trade databases and leaks.”
“Court records unsealed today indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.”” reads the press release published by DoJ. “According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.”
RaidForums, established in 2015, has a community of more than a million users. The marketplace got known for its notoriety after it sold high-profile database leaks of several US corporations spanning different industries.
“This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations across different industries. These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.” reads the announcement published by Europol. “These datasets were obtained from data breaches and other exploits carried out in recent years.”
Europol said that collaboration and deep information sharing were the pillars of Operation TOURNIQUET success. The investigators traced RaidForum’s structure and the duties of each operator running the marketplaces (i.e., the administrator, the money launderers, the users in charge of stealing/uploading the data, and the buyers).
“Disruption has always been a key technique in operating against threat actors online, so targeting forums that host huge amounts of stolen data keeps criminals on their toes. Europol will continue working with its international partners to make cybercrime harder – and riskier –to commit. ” said the Head of Europol’s European Cybercrime Centre, Edvardas Šileris.