Seized RaidForums, a place where stolen databases were bought and sold

Seized RaidForums, a place where stolen databases were bought and sold

Seized RaidForums

RaidForums, a well-known hacker forum devoted primarily to the trading of stolen databases, was seized following a joint operation by Europol and US law enforcement. The operation, known as TOURNIQUET, involved other security agencies and led to the arrest of the administrator of RaidForums, the Portuguese Diogo Santos Coelho also known as "Omnipotent" and his accomplices. The arrest took place on 31 February 2022 in the UK and the 21-year-old has been in custody ever since. The forum was founded in 2015, and at the time Coelho was only 14 years old.

Three domains belonging to the forum were seized, namely “raidforums.com“, “Rf.ws” 2 “Raid.Lol ". According to the US Department of Justice (DoJ), over 10 billion unique records from hundreds of stolen databases were sold on the forum, and over 500,000 active users were present on RaidForums, making it one of the largest forum hackers in the world. br>
- th_hardware_d_mh2_1 slot id: th_hardware_d_mh2 "); }
The site marketplace has been active since 2015 and has gained great popularity over the years, so much so that it has become a favorite destination for many organizations dedicated to ransomware, such as the infamous Babuk and Lapsus $





Authorities finally confirm leading hacker platform RaidForums has been seized

International law enforcement agencies have officially announced the seizure of RaidForums, one of the most popular hacking forums in existence.


The UK’s National Crime Agency (NCA) worked with the US Department of Justice (DoJ), Europol, and four other countries to bring charges against one individual believed to be one of the site’s administrators.


RaidForums was a website where hackers could discuss cyber crime-related matters and pay for varying levels of access to high-profile data leaks in a membership scheme.


The cyber security community had suspected RaidForums had been seized as far back as February when the site went offline and then returned with its homepage replaced with a login screen that returned an error whenever credentials were inputted - a scheme many believe was a credential harvesting trick from law enforcement. 


The website was launched in 2015 and 21-year-old Portuguese Diogo Santos Coelho was arrested in Croydon, UK on 31 January 2022 in connection with the illicit website.


Coelho is one of many arrests that have been made through ‘Operation Tourniquet’ and the Eastern District of Virginia has issued him six indictments spanning offences such as conspiracy, access device fraud, and aggravated identify theft in connection with his role as the chief administrator of RaidForums.


At the time of Coelho’s arrest, officers seized £5,000 in cash and “thousands” in US dollars before having his cryptocurrency assets, in the region of half a million dollars, frozen, the NCA said.


Coelho is believed to be among a group of administrators based in the UK that was tasked with managing the site’s membership tiers and assisting in laundering the proceeds generated from payments made to the site.


“To profit from the illicit activity on the platform, RaidForums charged escalating prices for membership tiers that offered greater access and features, including a top-tier ‘God’ membership status,” said the DoJ.


“RaidForums also sold ‘credits’ that provided members access to privileged areas of the website and enabled members to ‘unlock, and download stolen financial information, means of identification, and data from compromised databases, among other items. Members could also earn credits through other means, such as by posting instructions on how to commit certain illegal acts.”


RaidForums hosted hundreds of databases linked with cyber crime, authorities said, and more than 10 billion unique records on individuals across the globe were reportedly accessible on the site.


LinkedIn’s database scraping incident from last year, in which hundreds of millions of records belonging to users were put up for sale last year, was linked to RaidForums.


It was also a platform used to organise other types of cyber crime and harassment unrelated to hacking. ‘Raiding’ was a common type of harassment organised on the site which saw people assembling to post an overwhelming volume of contact to an individual.


Authorities also said ‘swatting’ was commonly organised on RaidForums too - a practice whereby individuals are reported to their local police force for serious crimes enough crimes to trigger an armed police response in which they forced entry into the victim’s home.


One 2017 case in Kansas, US saw police fatally shoot an unarmed victim of swatting. The case ultimately led to the arrest and 20-year imprisonment of the ‘prankster’ responsible, according to the Washington Post.


Between 31 January and 12 February 2022, RaidForums was down, and the prolonged outage led users to believe it may have been during this time authorities seized control of the site’s servers, risk intelligence company Flashpoint said in a blog post.


The site had been experiencing connectivity issues since the start of 2022 and an increasing volume of anti-Russian posts started to emerge on the site in the first few weeks of the year.


Numerous cases of databases containing details of Russian citizens were dumped on the platform during this time, as well as users encouraging others to attack Russian targets, leading the platform to block access to Russian IP addresses.


RaidForums’ seizure was first reported by site administrator ‘Jaw’ through a Telegram channel. This message came before the alleged clone login portal was added to the site.


Jaw revealed details of a RaidForums backup site, but authorities said they have also seized this as part of its operation.

Featured Resources

Building an open, secure, and flexible edge infrastructure

Driving the next wave of innovation

Free Download

Solving big data challenges with Multi-Cloud Data Services for Dell EMC PowerScale

Achieve cost-effective performance at scale and leverage multiple public clouds at the same

Free Download

Ten benefits of Oracle’s data management platform

Freedom from business constraints and manual IT tasks

Free download

Selecting a fit-for-purpose server platform for datacentre infrastructure

Driving the change in infrastructure

Free Download