Raidforums bows out, and this time the announcement is official. Europol and the American courts announced yesterday that they had seized the domain names used by this forum specializing in the exchange and resale of stolen data.
The supposed administrator of this site, a Portuguese resident in Great Britain, was arrested on January 31 according to American justice. Two other individuals, suspected of having been involved in the administration of the forum, were also arrested. Known by the pseudonym “Omnipotent” on the forum, the first suspect assumed, according to the FBI, the role of administrator of the forum, which he had founded in 2015.
Dismantling into three bands
In an interview given at the time to journalists from The Record site, he explained that he wanted to offer a forum allowing the free exchange of information. Asked about the users who took advantage of the dedicated section of the forum to exchange stolen data, Omnipotent then explained that he gave little credit to the announcements published on this section and that he did not particularly take care of this part. from the forum.
This dismantling is the work of a joint effort of several police forces having launched investigations on the forum.
Among the countries involved in the operation called “Tourniquet”, Europol cites the United States, Great Britain, Sweden, Portugal and Romania. The work of the security forces extended over a year, allowing the authorities to precisely determine the role of the various members of the forum within the organization.
If the official announcement took place yesterday, it has been several months since the rumors of a takeover of Raidforums by law enforcement agencies have been rife. In March 2022, the forum had been taken offline before returning. Some clues related to the DNS servers used by the site had fueled suspicions of a takeover of the site by the FBI. The announcement of the administrator’s arrest in January therefore gives credence to this thesis.
A sulphurous reputation
Raidforums had become in recent years one of the main places for exchanging and trading stolen data on the web. Accessible via a simple registration, without any particular protection measures, the site offered sections devoted to the exchange and trade of personal data stolen or available on the web. If a section of the forum was dedicated to the non-commercial exchange of hacked data, another section allowed holders of stolen data to post offers to sell or buy. The forum did not directly host the stolen data, at most a sample to verify its authenticity: most of the negotiations and data transfers were done through third-party services or through the use of encrypted messaging. like Telegram.
Prior to its seizure, RaidForums members used the platform to offer for sale hundreds of stolen databases containing over 10 billion unique records for individuals residing in the United States and internationally. the FBI, stating that users of the forum also used the platform for other illegal activities such as cyberbullying. The forum’s business model was based on subscriptions paid for by users, who could choose to subscribe to premium subscriptions offering new features and access to certain reserved parts of the forum.
It was in particular on Raidforums that the first traces of the file containing the health data of 500,000 French people stolen from several medical analysis laboratories in France in February 2021 appeared. In 2020, one could also find the data there. stolen from the French company Ledger, which had stolen a database used to list the contact information of its customers.