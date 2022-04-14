Yesterday, Tuesday, the FBI announced the satisfactory resolution of the Operation Tourniquet (Turnstile), a complex police device in which five countries have participated (USA, United Kingdom, Romania, Sweden and Portugal) whose objective had been close RaidForumsthe international cybercriminal forum that had become the largest online market for buying and selling personal and corporate data in the world.

Finally, the operation ended with the confiscation of the computer infrastructure and the three web domains —raidforums.com, Rf.ws Y Raid.Lol— of the forum in question, in addition to the arrest of Diogo Santos Coelho —resident in the United Kingdom but of Portuguese nationality, responsible for the foundation and administration of RaidForums— and two accomplices.

The teenager who summoned cybercriminals by hundreds of thousands

Given that Santos Coelho – known in the underground environments of the Internet as ‘Omnipotent’— he is currently 21 years old, and that RaidForums has been in operation since 2015 (when it was little more than a forum for hooligans fond of cyberbullying and swatting), that means that the detainee launched said web platform when he was only 14 years old. Another notable case of an early cybercriminal in addition to the recently revealed case of ‘White’, the alleged 16-year-old leader of the LAPSUS$ hacker group.

Now this young forum administrator faces imminent extradition to the United States, where he would be tried in the Western District Court of Virginia for six criminal charges (identity theft, conspiracy and access device fraud, among others). And it is that, according to a statement from the US Department of Justice.:

“In order to profit from illicit activity on the platform, RaidForums increasingly charged prices for membership levels that offered greater access and better features in return.”

The forum also included a sub-forum called ‘Leak Market’ intended to “buy/sell/trade databases”

The community that had been gathering around RaidForums is quantified around half a million users. Their shared interest was to be able to access the data resulting from data thefts from large companies and institutions, which generated billions of personal data over the last few years: credit cards, bank account numbers, usernames and passwordsetc.

According to Allan Liska, Senior Threat Intelligence Analyst at Recorded Future,

“With its low barriers to entry, RaidForums made it extremely easy for cybercriminals, both new and veteran, to be active in the data theft community.”

Now, in the words of Ziv Mador, Vice President of Trustwave,

“The takedown of RaidForums is a massive jolt to the cybercriminal underground. However, other forums will emerge underground to fill this void. With RaidForums now offline and the recent takedown of Hydra by German authorities, the norm would be that cybercriminals become much more cautious about where they talk and share information. We could see how they end up switching to P2P communications or using private chats on encrypted messaging platforms. In the long term, this could hamper the ability to monitor their activity.”

