Stolen-data market RaidForums taken down in domain seizure
Suspected admin who went by 'Omnipotent' awaits UK decision on extradition to US
After at least six years of peddling pilfered personal information, the infamous stolen-data market RaidForums has been shut down following the arrest of suspected founder and admin Diogo Santos Coelho in the UK earlier this year.
Coelho, 21, who allegedly used the mistaken moniker "Omnipotent" among others, according to the US indictment unsealed on Monday in the Eastern District of Virginia, is currently awaiting the outcome of UK legal proceedings to extradite him to the United States.
The six-count US indictment [PDF] charges Coelho with conspiracy, access device fraud, and aggravated identity theft following from his alleged activities as the chief administrator of RaidForums, an online market for compromised or stolen databases containing personal and financial information.
The unsealing of the indictment, initially filed May 6, 2021, was accompanied by word of an international effort to shutter the web domains associated with RaidForums – raidforums[.]com, Rf[.]ws, and Raid[.]lol. The site is said to have attracted about half a million users.
Europol, working with authorities from the US, UK, Germany, Portugal, Sweden, and Romania, said it has taken the underground forum offline, seized its infrastructure, and arrested two of Coelho's alleged accomplices as part of Operation TOURNIQUET.
In the US, all-caps acronyms are a common way for lawmakers to embed some aptly pandering phrase within legislative shorthand. For example, consider the DISCLOSE (Democracy Is Strengthened by Casting Light On Spending in Elections) Act of 2015. Europol, however, appears to have resorted to capital letters merely for emphasis.
"The seizure of the RaidForums website – which facilitated the sale of stolen data from millions of people throughout the world – and the charges against the marketplace's administrator are a testament to the strength of the FBI's international partnerships," said Assistant Director in Charge Steven M. D’Antuono of the FBI’s Washington Field Office in a statement.
According to the indictment, Coelho founded RaidForums in January 2015. Initially, the website focused on organizing and supporting harassment, in the form of "raiding" – deluging a target with messages – and "swatting" – making false reports to law enforcement agencies to elicit an armed response, which sometimes ends in the victim's death.
By the following year, the forum is said to have become a venue for the buying and selling of stolen data consisting of personal and financial information from people in the US and elsewhere. The data allegedly included bank routing and account numbers, credit card details, login credentials, and social security numbers.
The feds say that RaidForums, in addition to selling pilfered data, offered hacking services and tools at four different membership tiers: free, VIP, MVP, and God.
"The God membership offered almost unlimited access to the RaidForums and features," the indictment says, indicating that designation as a deity still falls short of "Omnipotent," the sudo-nym of the RaidForums admin.
- Crooks use fake emergency data requests to get personal info out of Big Tech – report
- International police shut down 15 server infrastructures as part of VPNLab.net's takedown
- Canadian charged with running ransomware attack on US state of Alaska
- Reward! Uncle Sam promises $10m for info about DarkSide ransomware gang chiefs
Coelho also allegedly used the names "Downloading," "Shiza," and "Kevin Maradona."
The indictment says Coelho himself participated in the buying and selling of illicit data by running an "Official Middleman Service," to make sure sellers didn't misrepresent what they were selling and buyers actually paid.
Coelho himself appears not to have been paid all that well for his trouble. The indictment says authorities intend to seek "a money judgment in the amount of not less than $215,571, representing the proceeds the defendant obtained as a result of the [alleged violations]."
That's assuming UK authorities agree to ship him stateside. ®
- AdBlock Plus
- Advanced persistent threat
- Black Hat
- Bug Bounty
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Federal government of the United States
- Government of the United Kingdom
- Identity Theft
- Insider Trading
- Kenna Security
- Microsoft 365
- Microsoft Office
- Microsoft Teams
- Palo Alto Networks
- Programming Language
- Quantum key distribution
- Remote Access Trojan
- Retro computing
- RSA Conference
- Search Engine
- Software bug
- Software License
- Trusted Platform Module
- Visual Studio
- Visual Studio Code
- Web Browser
- Zero trust