The U.S. Department of Justice (DOJ) has seized the website and user database for RaidForums, a cybercrime forum that sold access to more than 10 billion consumer records stolen in some of the world’s largest data breaches since 2015. The DOJ also charged the alleged administrator of RaidForums, 21-year-old Diogo Santos Coelho, of Portugal, with six criminal counts, including conspiracy, access device fraud and aggravated identity theft. Two accomplices have also been arrested.
Launched in 2015, RaidForums was considered one of the world’s biggest hacking forums with a community of over half a million users. This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations across different industries. These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts. These datasets were obtained from data breaches and other exploits carried out in recent years.
Europol’s European Cybercrime Centre coordinated Operation TOURNIQUET, a complex law enforcement effort to support independent investigations of the United States, United Kingdom, Sweden, Portugal, and Romania. The operation was the culmination of a year of meticulous planning between the law enforcement authorities involved in preparation for the action, which enabled the investigators to define the different roles the targets played within this marketplace, i.e.: the administrator, the money launderers, the users in charge of stealing/uploading the data, and the buyers.
The following authorities took part in the RaidForums investigation:
- Sweden: Swedish Police Authority (Polisen)
- Romania: National Police (Poliţia Română)
- Portugal: Judicial Police (Polícia Judiciária)
- Germany: Federal Criminal Police Office (Bundeskriminalamt)
- United States: US Secret Service (USSS), Federal Bureau of Investigation (FBI), Internal Revenue Service Criminal Investigation (IRS-CI)
- United Kingdom: National Crime Agency (NCA)
- Europol: European Cybercrime Centre (EC3), Joint Cybercrime Action Taskforce (J-CAT)