When a data breach occurs, this information is often sold on the dark web to make tracking more difficult. But there are those who take a chance on “normal” web sites. This week, one of them was shut down by the US Department of Justice (DoJ): the RaidForumswhich served as a market for different databases, including the megaleak of 223 million CPFs.

Hacker — illustrative image (image: B_A/Pixabay)

US authorities rated RaidForums as “one of the biggest hacker forums in the world“. It is not an exaggeration: the data traded there came from practically every continent, which is why the operation had the participation of Europol and authorities from countries such as Germany, Sweden and the United Kingdom.

Enter the forum now and you will see a notice that says: “this domain has been seized”. But the closing of the site was not the only result of the action: the alleged creator and administrator of RaidForums, the Portuguese Diogo Santos Coelho, 21, was arrested in the United Kingdom on January 31, at the request of the American authorities.

Coelho will be imprisoned until his extradition process to the United States is completed. At least six charges are against him, including identity theft and “access device fraud.”

Two other suspected contributors to the forum were also arrested, and that number could rise: Before taking over RaidForums, the FBI spent weeks operating the site, likely to gather more data on the investigation and identify other participants.

In February, the forum even displayed login fields on every page, but the procedure did not work, which made participants and security experts suspect that the site had been seized by the authorities. Confirmation came this week.

Other arrests may occur because of this, but certainly no one will be in a more complicated situation than Coelho’s: when mentioning “access device fraud”, the DoJ refers to card data, social security numbers and login credentials. , for example. According to the investigation, Coelho sold “credits” to forum users so that they could buy the stolen data.

In other words, the accusations against Portuguese are serious and can result in heavy penalties.

RaidForums was closed (image: Emerson Alecrim/Tecnoblog)

RaidForums sold hundreds of databases

RaidForums was created in 2015, when Coelho was a 14-year-old teenager. While the site initially served to organize hacks, its main purpose became to serve as an online marketplace for selling leaked data — hundreds of different databases were exposed there.

According to investigations, Coelho himself even used the forum to sell data (through an account called Omnipotent), giving as an example an offer he made in December 2018 that apparently involved 2.3 million personal records. taken from hotels in the United States.

Even data from Brazilians ended up on RaidForums. The site was among those used in attempts to sell data on the mega-leak of 223 million CPFs, which also included information such as address, telephone number and credit score.

The international coalition that resulted in the site’s takedown was the result of a year of planning. In addition to the “.com” address, the operation led to the seizure of two alternative domains on the forum.

With information: Ars Technica.