RaidForums stolen data market busted in domain grab • The Register

After at least six years of trafficking in stolen personal information, the infamous RaidForums stolen data marketplace has been shut down following the arrest of founder and alleged administrator Diogo Santos Coelho in the UK earlier this year.

Coelho, 21, who allegedly used the misnomer “Omnipotent” among other things, according to the US indictment released Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK court proceedings to extradite him to United States.

The six-count US indictment [PDF] accuses Coelho of conspiracy, access device fraud and aggravated identity theft stemming from his alleged activities as chief administrator of RaidForums, an online marketplace for compromised or stolen databases containing personal information and financial.

The unveiling of the indictment, originally filed on May 6, 2021, was accompanied by an international effort to shut down web domains associated with RaidForums – raidforums[.]com, RF[.]ws, and Raid[.]lol. The site is said to have attracted around half a million users.

Europol, together with authorities in the United States, United Kingdom, Germany, Portugal, Sweden and Romania, said it took the underground forum offline, seized its infrastructure and arrested two of the alleged accomplices of Coelho as part of Operation TOURNIQUET.

In the United States, all-caps acronyms are a common way for legislators to incorporate a very flattering sentence in legislative shorthand. For example, consider the DISCLOSE (Democracy Is Strengthened by Casting Light On Spending in Elections) Act of 2015. Europol, however, appears to have resorted to capital letters simply for emphasis.

“The seizure of the RaidForums website – which facilitated the sale of stolen data to millions of people around the world – and the charges brought against the marketplace’s administrator demonstrate the strength of the FBI’s international partnerships,” said the Deputy Director in Charge Steven M. D’Antuono of the FBI Washington Field Office A declaration.

According to the indictment, Coelho founded RaidForums in January 2015. Initially, the website focused on organizing and supporting harassment, in the form of “raids” – flooding a target with messages – and ” swatting” – making false reports to law enforcement to elicit an armed response, which sometimes ends in the death of the victim.

The following year, the forum reportedly became a place to buy and sell stolen data consisting of personal and financial information of people in the United States and elsewhere. The data would have included bank routing and account numbers, credit card details, login credentials and social security numbers.

Authorities say RaidForums, in addition to selling stolen data, offered hacking services and tools at four different membership levels: Free, VIP, MVP and God.

“Membership to God provided nearly unlimited access to RaidForums and features,” the indictment states, indicating that the designation as a deity is still short of “Omnipotent,” the sudo-nym of the RaidForums administrator.

Coelho also reportedly used the names “Download”, “Shiza” and “Kevin Maradona”.

The indictment states that Coelho himself participated in the buying and selling of illicit data by running an “official middleman service”, to ensure that sellers did not misrepresent what they were selling and the buyers were actually paying.

Coelho himself doesn’t seem to have been paid very well for his trouble. The indictment states that authorities intend to seek “a monetary judgment in the amount of at least $215,571, representing the proceeds that the defendant obtained as a result of the [alleged violations].”

This assumes that the British authorities agree to ship it to the United States. ®