RaidForums: FBI and international partners take control of a popular hacking forum

“This domain has been seized” by the FBI, the US Secret Service and the Department of Justice, reads the homepage of RaidForums, a website best known for advertising hacked data in English on Tuesday. only in Russian, the preferred language of other criminals. forums. Law enforcement in the UK, Sweden and elsewhere were involved in the seizure, the statement said.

With more than 530,000 registered members, according to threat intelligence firm Recorded Future, RaidForums had great reach and influence among low-to-mid-level cybercriminals.

Alleged RaidForums founder Diogo Santos Coelho, 21, was arrested in the UK on January 31 and remains in custody pending “the resolution of his extradition proceedings”, the ministry said. Justice.

It is the latest move in a sustained international law enforcement effort to subvert the markets where cybercrime thrives. Last week, German police seized the computer servers of Hydra, a popular Russian dark web market connected to $5 billion in transactions since 2015.

“Dismantling this online marketplace for the resale of hacked or stolen data disrupts one of the primary ways cybercriminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. of the Department of Justice. Department’s Criminal Division in a written statement.

US authorities had access to RaidForums’ IT infrastructure for several months before the seizure was announced, according to a law enforcement official familiar with the matter. This likely gave authorities valuable insight into who bought and sold hacked data during that time.

RaidForums’ seizure is a blow to scammers looking for an easy way to profit from data breaches. But the underground market for stolen financial and personal data is likely to continue to thrive, analysts say, as there are many other online bazaars to exchange such data.

“With its low barriers to entry, RaidForums has made it extremely easy for new and established threat actors to be active in the data breach and breach community,” Allan Liska, senior analyst at RaidForums, told CNN. threat intelligence at Recorded Future.

According to Digital Shadows, a San Francisco-based security firm that monitors the dark web, it was one of the few English-language cybercriminal sites that residents of prominent Russian-language underground forums deemed worthy of note.

It was a “consistent and stable platform” allowing hackers around the world to buy and sell data “largely without fear of disruption”, the Photon Research team said. of Digital Shadows in a statement to CNN.

“Highly sought-after databases were often shared on RaidForums and repurposed on Russian-language cybercriminal forums, leading members of the Russian-speaking cybercriminal underground to frequent RaidForums solely for this purpose,” the report said. Photon research team.

While cybercrime forums associated with the “dark web” require special software to access them, “plain text” websites like RaidForums are accessible to the average Internet user.

After RaidForums shuts down, other “clear web forums that have struggled to compete with RaidForums may see an increase in active members, but more sophisticated cybercriminals are likely to embed themselves in underground forums on the dark web,” said Ivan Righi, principal cyber threat intelligence analyst at Digital Shadows.

This story has been updated with additional details.

About Norma Wade

Check Also

US envoy slams Lufthansa’s ‘incredible’ anti-Semitism in banning Jews from fleeing

WASHINGTON — The Biden administration’s new special envoy to monitor and combat anti-Semitism berates Lufthansa …