United States Busts The World’s Largest Hacker Forums, Arrests Administrator


The U.S Department of Justice (DOJ) has seized the RaidForums website.

RaidForum is a popular marketplace for cybercriminals to buy and sell hacked data.

The DOJ also unsealed criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho, 21, of Portugal.

Coelho was arrested in the United Kingdom on Jan. 31, at the United States’ request and remains in custody pending the resolution of his extradition proceedings.

The United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website.

These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.”

According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.

Prior to its seizure, RaidForums members used the platform to offer for sale hundreds of databases of stolen data containing more than 10 billion unique records for individuals residing in the United States and internationally.

At the time of its founding in 2015, RaidForums also operated as an online venue for organizing and supporting forms of electronic harassment, including by “raiding” – posting or sending an overwhelming volume of contact to a victim’s online communications medium – or “swatting” – the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response.

The seizure of these domains by the government will prevent RaidForums members from using the platform to traffic in data stolen from corporations, universities and governmental entities in the United States and elsewhere, including databases containing the sensitive, private data of millions of individuals around the world.

In addition, a six-count indictment against Coelho was unsealed in the Eastern District of Virginia charging him with conspiracy, access device fraud and aggravated identify theft in connection with his role as the chief administrator of RaidForums.

According to the indictment, between Jan. 1, 2015, and on or about Jan. 31, 2022, Coelho allegedly controlled and served as the chief administrator of RaidForums, which he operated with the help of other website administrators.

As administrators, Coelho and his co-conspirators are alleged to have designed and administered the platform’s software and computer infrastructure, established and enforced rules for its users, and created and managed sections of the website dedicated to promoting the buying and selling of contraband, including a subforum titled “Leaks Market” that described itself as “[a] place to buy/sell/trade databases and leaks.”

To profit from the illicit activity on the platform, RaidForums charged escalating prices for membership tiers that offered greater access and features, including a top-tier “God” membership status.

RaidForums also sold “credits” that provided members access to privileged areas of the website and enabled members to “unlock,” and download stolen financial information, means of identification, and data from compromised databases, among other items. Members could also earn credits through other means, such as by posting instructions on how to commit certain illegal acts.

According to the indictment, Coelho also personally sold stolen data on the platform, and directly facilitated illicit transactions by operating a fee-based “Official Middleman” service.

For the Official Middleman service, Coelho allegedly acted as a trusted intermediary between RaidForums members seeking to buy and sell contraband on the platform, including hacked data. Notably, to create confidence amongst transacting parties, the Official Middleman service enabled purchasers and sellers to verify the means of payment and contraband files being sold prior to executing the transaction.


Leave a Reply

Your email address will not be published.