An online forum providing criminals with stolen personal data has been taken down, in a global operation which saw its founder arrested.
Found on the open web rather than the darknet, RaidForums hosted sensitive financial information and “served as a major online marketplace for hackers”.
Its founder and chief administrator Diego Santos Coelho, 21, from Portugal, was arrested in the UK on 31 January.
The US Department for Justice said he remains in custody pending extradition.
Separately the National Crime Agency (NCA) reported police had arrested another suspected founder of the site – a 21 year-old from Croydon – at his home in March.
He has since been released, under investigation, but at the time of his arrest officers seized £5,000 in cash, thousands of US dollars and activated a freeze on crypto assets worth more than half a million dollars.
RaidForums launched in 2015 and gained prominence in criminal circles by offering access to high-profile database leaks, which could be used to enable crimes such as fraud.
According to the threat intelligence firm Recorded Future, the site contained more than 530,000 registered members and was a powerful tool among low to mid-level cyber-criminals.
The compromised data, which hackers bought and sold, included information stolen from UK companies, some of which related to credit cards, bank accounts, usernames and passwords.
Investigators found that the forum was operating a membership scheme, where users of the site paid up to 10 euros for access to chatrooms which allowed the exchange of photographs and data linked to cyber-crime.
They suspected that administrators of the website, based in the UK, were helping to manage its membership, as well as laundering payments to the site through a separate – seemingly legitimate – online business.
Police from the UK, US, Germany, Sweden, Portugal and Romania were all involved in the dismantling of the online platform.
Under Operation Tourniquet, the international partners took action to close RaidForums and carried out a number of linked arrests.
The illegal marketplace #RaidForums has been shut down ????
Its administrator & two accomplices arrested ????
— EC3 (@EC3Europol) April 12, 2022
“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cyber-criminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth Polite.
“This is another example of how working with our international law enforcement partners has resulted in the shutdown of a criminal marketplace and the arrest of its administrator.”
The FBI’s Steven M D’Antuono said: “The seizure of the RaidForums website, which facilitated the sale of stolen data from millions of people throughout the world, and the charges against the marketplace’s administrator, are a testament to the strength of the FBI’s international partnerships.”
“Cyber-crime transcends borders, which is why the FBI is committed to working with our partners to bring cyber-criminals to justice – no matter where in the world they live or behind what device they try to hide.”
Special agent Jason Kane, from the US Secret Service, said: “This global investigation signifies the remarkable dedication of the US Secret Service and highlights our partnerships with our foreign law enforcement counterparts essential to disrupting sophisticated networks of cyber-criminals.”