During the international operation TOURNIQUET, which was coordinated by Europol, the well-known hacker resource RaidForums, which was mainly used for trading stolen databases, was closed. The RaidForums administrator and two of his associates have been arrested, and the site's infrastructure is now under the control of law enforcement agencies.
It is reported that the operation was prepared for more than a year by the authorities of the United States, Great Britain, Sweden, Germany, Portugal and Romania.
The US Department of Justice writes that the site administrator, known by the nickname Omnipotent, was arrested on January 31, 2022 in the UK, and he has already been charged. He was held in custody from the moment of his arrest until the completion of the extradition procedure.
Since the pseudonym Omnipotent was a 21-year-old Portuguese citizen Diogo Santos Coelho, it turns out that he launched RaidForums when he was 14 years old, since the site has been operating since 2015.
Law enforcement officers seized the domains hosting RaidForums: raidforums.com, rf.ws and raid. lol.
According to statistics from the US Department of Justice, in total, more than 10 billion unique records from hundreds of compromised databases were put up for sale on the trading platform, including those affecting people living in the United States. Europol reports that RaidForums had more than 500,000 users and was "one of the largest hacker forums in the world." Here it is worth adding that we are talking about English-language resources.
"This marketplace has made a name for itself by selling access to high-profile leaked databases belonging to various American corporations from different industries. They contained information about millions of credit cards, bank account numbers and route information, as well as user names and associated passwords required to access online accounts," Europol said.
It is not yet known how long the investigation took in general, but it seems that law enforcement agencies managed to get a fairly clear picture of the RaidForums hierarchy. Europol's press release notes that people who supported the work of RaidForums were involved in administration, money laundering, stealing and uploading data to the site, as well as buying up stolen information.
At the same time, the aforementioned Diogo Santos Coelho allegedly controlled RaidForums from January 1, 2015, that is, from the stratum itself, and managed the site with the support of several administrators, organizing a structure to promote the purchase and sale of stolen data. To make a profit, the forum charged users for various membership levels and sold credits that allowed members to gain access to more privileged areas of the site or to stolen data posted on the forum.
Coelho also acted as an intermediary and guarantor between the parties making transactions, committing to ensure that buyers and sellers will comply with the agreements.
The Bleeping Computer publication writes that back in February 2022, criminals and information security researchers suspected that RaidForums was seized by law enforcement agencies, as the site began to display a login form on each page. When you tried to log in to the site, it just showed the login page again, and many suspected that the site was hijacked and this was a phishing attack by law enforcement agencies that were trying to get the credentials of intruders.
February 27, 2022 DNS servers raidforums.com and completely changed to jocelyn.ns.cloudflare.com and plato.ns.cloudflare.com which only convinced the hackers that they were right. The fact is that in the past, these DNS servers were used by other sites seized by the authorities, including weleakinfo.com and doublevpn.com.
RaidForums, which appeared back in 2015, has recently gained wide popularity due to ransomware operators who leaked stolen data from victims to the site in order to force them to pay a ransom. For example, this tactic was previously used by the Babuk and Lapsus $ operators.
However, earlier, when the resource was not so popular, its community specialized in swatting (from the English swatting: a special forces squad was called to the victims ' homes, reporting false bomb threats, hostage-taking, and so on), as well as raiding (from the English raiding), which the US Department of Justice describes as "publishing or sending a huge amount of information to the victims." contact information in the online environment that the victim uses to communicate."
In recent years, the marketplace has become a favorite place for hackers to sell stolen databases or simply share them for free with other forum members.
• Source: https://www.justice.gov/opa/pr/unit...rgest-hacker-forums-and-arrests-administrator
• Source: https://www.europol.europa.eu/media...e-of-world’s-biggest-hacker-forums-taken-down
++++
Dutch police have asked RaidForums users to stop trading stolen data
The Dutch police sent out letters to users of the closed RaidForums platform, in which they asked them to stop trading stolen personal data and threatened them with liability before the law. According to the portal Bleeping Computers, which had one of the emails at its disposal, the security forces mention prosecution in it.
"The Dutch police urge you to stop participating in online activities related to the sale of other people's personal data, as this way you are violating the law. Delete illegal software or data that you received from RaidForums or other similar sites. Participation in cybercrime activity or its further continuation may lead to an investigation of your actions, " the letter, written in Dutch, says.
The publication notes that a total of thousands of emails were sent and hundreds of ordinary ones-in cases where, apparently, it was possible to establish the real address of the RaidForums user. It is possible that we are talking about those people who did not use or did not always use a VPN when connecting to the resource. In particular, Bleeping Computers notes that security forces were able to gain access to the IP addresses used during registration and when uploading files to the portal. In addition, journalists reported that as a result of the investigation, at least three such users were detained.
Separately, it is noted that a number of minor users of RaidForums and their parents received calls from the police, during which the security forces explained the consequences of illegal activities: real terms, criminal records and confiscation of devices. The Dutch police called such calls the most effective method of influence.
++++
A British court is preparing to consider a request from the US authorities for the extradition of 22-year-old Diogo Santos Coelho, suspected of creating and running RaidForums. As Euronews notes, it was the Portuguese who was hiding behind the nickname Omnipotent.
The article notes that initially RaidForums was conceived as a platform for leaks, where hackers, rather, bragged to each other about their achievements. However, it then quickly became a major trading platform, as over time, cybercriminals realized the value of the data they were able to access.
"It was then that Omnipotent began to allow itself everything, including becoming an intermediary for cybercriminals and hackers. As a result, RaidForums earned millions of dollars. But for all five years of the site's existence, the FBI knew who was behind it, " says information security journalist Waqas Ahmed.
According to him, during Coelho's trip to the United States, local authorities did not arrest him, because due to his age, he would have been able to avoid a real sentence. Instead, they seized his devices and then quietly monitored the work of RaidForums, which turned into a giant trap. After waiting for Coelho to reach the age where he could face serious punishment for cyber fraud, Washington demanded his arrest, which eventually took place in the UK on April 12, 2022.
"Children should never be judged like adults," says clinical psychologist Kelli Dunlap. — Should they be held accountable? Yes. Should this responsibility be the same as for an adult with a fully functioning prefrontal cortex? No".
"I think we should give these people a break," agrees Alexander Urbelis, a lawyer who works in the field of cybersecurity. — We have an extremely talented group of people who understand how IT systems work. They can cross a lot of boundaries by acquiring this knowledge, and it can do a lot of damage. But they will face criminal consequences that are disproportionate to their understanding of the harm they cause."
• Source: https://www.euronews.com/next/2023/06/02/raidforums-the-child-hacker-facing-extradition-to-the-us
++++
Diogo Santos Coelho
The probability of extradition of the founder of RaidForums to the United States has decreased. In Britain, they believe that he may commit suicide.
In London, the United States continues to consider a request for the extradition of 23-year-old Diogo Santos Coelho, better known by the nickname Omnipotent. US law enforcement agencies are confident that it is the Portuguese who is behind the creation of the RaidForums platform, with the help of which, according to Mirror, more than 10 billion files and about 400 million pounds were stolen.
During a hearing at Westminster Crown Court in June 2023, it was revealed that Coelho had been diagnosed with autism. In this regard, the British authorities fear that his reaction to extradition may be suicide.
"The biggest problem for me now is the prospect of serving my sentence in a foreign prison, without support and away from my family. In my conversations with psychiatrists, I mentioned concerns about long — term incarceration," Omnipotent, who faces up to 52 years in prison in the United States, said during the hearing.
Now the proceedings in the court are over, and the case has been transferred to the British Home Secretary Suella Braverman for a final decision. During the trial, Coelho's lawyers insisted that extradition would be a violation of their client's rights, and he was "exploited by adults" who actually ran RaidForums. The judge did not agree specifically with this argument, considering that extradition would not violate the rights of the Portuguese, but what position he voiced to the Interior Minister is still unknown.
Now Coelho lives in London, released on bail of 30 thousand pounds. A curfew has been set for him, which he is forced to observe because of the electronic bracelet on his leg. Proceedings on the extradition request have been ongoing for a year and a half. On January 31, 2022, Omnipotent was arrested in the British capital when he came from Portugal to visit his sick mother.
++++
The 23-year-old founder of the RaidForums platform, Diogo Santos Coelho, also known as Omnipotent, "begs" the British government not to extradite him to the United States, where he faces a 52-year prison sentence. According to The Guardian, Coelho insists that since the age of 14, older people "exploited him to commit crimes" related to the closed darknet platform.
"I often stay up all night thinking about what would happen to me if I was sent to America. What if I do a long sentence and come out an old man? I won't have any prospects. It makes me think about whether it's even worth living if I don't have a normal life in prison or after I've served my time and come out," Coelho said.
He complained that the American justice system, in his opinion, is looking for retribution, while in Britain or Portugal, which also filed a request for Coelho's extradition, they are more inclined to rehabilitate convicts. The publication recalls that the founder of RaidForums, who holds Portuguese citizenship, immediately after his detention began to cooperate with the authorities of this country. He is also ready to stand trial there, but stresses that he cannot imagine years in an American prison.
"I was very young and impressionable when these crimes took place, I was just very naive. I'm not trying to run away from responsibility, I just want to get a chance at a real life by fixing the situation, " Coelho said.
According to the investigation, more than 10 billion files and about 400 million pounds were stolen using RaidForums. On January 31, 2022, Omnipotent was arrested in the British capital when he came from Portugal to visit his sick mother. During a hearing at Westminster Crown Court in June 2023, it was revealed that Coelho had been diagnosed with autism. In this regard, the British authorities fear that his reaction to extradition may be suicide.
• Source: https://www.theguardian.com/law/202...uk-block-us-extradition-cybercrime-raidforums
It is reported that the operation was prepared for more than a year by the authorities of the United States, Great Britain, Sweden, Germany, Portugal and Romania.
The US Department of Justice writes that the site administrator, known by the nickname Omnipotent, was arrested on January 31, 2022 in the UK, and he has already been charged. He was held in custody from the moment of his arrest until the completion of the extradition procedure.
Since the pseudonym Omnipotent was a 21-year-old Portuguese citizen Diogo Santos Coelho, it turns out that he launched RaidForums when he was 14 years old, since the site has been operating since 2015.
Law enforcement officers seized the domains hosting RaidForums: raidforums.com, rf.ws and raid. lol.
According to statistics from the US Department of Justice, in total, more than 10 billion unique records from hundreds of compromised databases were put up for sale on the trading platform, including those affecting people living in the United States. Europol reports that RaidForums had more than 500,000 users and was "one of the largest hacker forums in the world." Here it is worth adding that we are talking about English-language resources.
"This marketplace has made a name for itself by selling access to high-profile leaked databases belonging to various American corporations from different industries. They contained information about millions of credit cards, bank account numbers and route information, as well as user names and associated passwords required to access online accounts," Europol said.
It is not yet known how long the investigation took in general, but it seems that law enforcement agencies managed to get a fairly clear picture of the RaidForums hierarchy. Europol's press release notes that people who supported the work of RaidForums were involved in administration, money laundering, stealing and uploading data to the site, as well as buying up stolen information.
At the same time, the aforementioned Diogo Santos Coelho allegedly controlled RaidForums from January 1, 2015, that is, from the stratum itself, and managed the site with the support of several administrators, organizing a structure to promote the purchase and sale of stolen data. To make a profit, the forum charged users for various membership levels and sold credits that allowed members to gain access to more privileged areas of the site or to stolen data posted on the forum.
Coelho also acted as an intermediary and guarantor between the parties making transactions, committing to ensure that buyers and sellers will comply with the agreements.
The Bleeping Computer publication writes that back in February 2022, criminals and information security researchers suspected that RaidForums was seized by law enforcement agencies, as the site began to display a login form on each page. When you tried to log in to the site, it just showed the login page again, and many suspected that the site was hijacked and this was a phishing attack by law enforcement agencies that were trying to get the credentials of intruders.
February 27, 2022 DNS servers raidforums.com and completely changed to jocelyn.ns.cloudflare.com and plato.ns.cloudflare.com which only convinced the hackers that they were right. The fact is that in the past, these DNS servers were used by other sites seized by the authorities, including weleakinfo.com and doublevpn.com.
RaidForums, which appeared back in 2015, has recently gained wide popularity due to ransomware operators who leaked stolen data from victims to the site in order to force them to pay a ransom. For example, this tactic was previously used by the Babuk and Lapsus $ operators.
However, earlier, when the resource was not so popular, its community specialized in swatting (from the English swatting: a special forces squad was called to the victims ' homes, reporting false bomb threats, hostage-taking, and so on), as well as raiding (from the English raiding), which the US Department of Justice describes as "publishing or sending a huge amount of information to the victims." contact information in the online environment that the victim uses to communicate."
In recent years, the marketplace has become a favorite place for hackers to sell stolen databases or simply share them for free with other forum members.
• Source: https://www.justice.gov/opa/pr/unit...rgest-hacker-forums-and-arrests-administrator
• Source: https://www.europol.europa.eu/media...e-of-world’s-biggest-hacker-forums-taken-down
++++
Dutch police have asked RaidForums users to stop trading stolen data
The Dutch police sent out letters to users of the closed RaidForums platform, in which they asked them to stop trading stolen personal data and threatened them with liability before the law. According to the portal Bleeping Computers, which had one of the emails at its disposal, the security forces mention prosecution in it.
"The Dutch police urge you to stop participating in online activities related to the sale of other people's personal data, as this way you are violating the law. Delete illegal software or data that you received from RaidForums or other similar sites. Participation in cybercrime activity or its further continuation may lead to an investigation of your actions, " the letter, written in Dutch, says.
The publication notes that a total of thousands of emails were sent and hundreds of ordinary ones-in cases where, apparently, it was possible to establish the real address of the RaidForums user. It is possible that we are talking about those people who did not use or did not always use a VPN when connecting to the resource. In particular, Bleeping Computers notes that security forces were able to gain access to the IP addresses used during registration and when uploading files to the portal. In addition, journalists reported that as a result of the investigation, at least three such users were detained.
Separately, it is noted that a number of minor users of RaidForums and their parents received calls from the police, during which the security forces explained the consequences of illegal activities: real terms, criminal records and confiscation of devices. The Dutch police called such calls the most effective method of influence.
++++
A British court is preparing to consider a request from the US authorities for the extradition of 22-year-old Diogo Santos Coelho, suspected of creating and running RaidForums. As Euronews notes, it was the Portuguese who was hiding behind the nickname Omnipotent.
The article notes that initially RaidForums was conceived as a platform for leaks, where hackers, rather, bragged to each other about their achievements. However, it then quickly became a major trading platform, as over time, cybercriminals realized the value of the data they were able to access.
"It was then that Omnipotent began to allow itself everything, including becoming an intermediary for cybercriminals and hackers. As a result, RaidForums earned millions of dollars. But for all five years of the site's existence, the FBI knew who was behind it, " says information security journalist Waqas Ahmed.
According to him, during Coelho's trip to the United States, local authorities did not arrest him, because due to his age, he would have been able to avoid a real sentence. Instead, they seized his devices and then quietly monitored the work of RaidForums, which turned into a giant trap. After waiting for Coelho to reach the age where he could face serious punishment for cyber fraud, Washington demanded his arrest, which eventually took place in the UK on April 12, 2022.
"Children should never be judged like adults," says clinical psychologist Kelli Dunlap. — Should they be held accountable? Yes. Should this responsibility be the same as for an adult with a fully functioning prefrontal cortex? No".
"I think we should give these people a break," agrees Alexander Urbelis, a lawyer who works in the field of cybersecurity. — We have an extremely talented group of people who understand how IT systems work. They can cross a lot of boundaries by acquiring this knowledge, and it can do a lot of damage. But they will face criminal consequences that are disproportionate to their understanding of the harm they cause."
• Source: https://www.euronews.com/next/2023/06/02/raidforums-the-child-hacker-facing-extradition-to-the-us
++++
Diogo Santos Coelho
The probability of extradition of the founder of RaidForums to the United States has decreased. In Britain, they believe that he may commit suicide.
In London, the United States continues to consider a request for the extradition of 23-year-old Diogo Santos Coelho, better known by the nickname Omnipotent. US law enforcement agencies are confident that it is the Portuguese who is behind the creation of the RaidForums platform, with the help of which, according to Mirror, more than 10 billion files and about 400 million pounds were stolen.
During a hearing at Westminster Crown Court in June 2023, it was revealed that Coelho had been diagnosed with autism. In this regard, the British authorities fear that his reaction to extradition may be suicide.
"The biggest problem for me now is the prospect of serving my sentence in a foreign prison, without support and away from my family. In my conversations with psychiatrists, I mentioned concerns about long — term incarceration," Omnipotent, who faces up to 52 years in prison in the United States, said during the hearing.
Now the proceedings in the court are over, and the case has been transferred to the British Home Secretary Suella Braverman for a final decision. During the trial, Coelho's lawyers insisted that extradition would be a violation of their client's rights, and he was "exploited by adults" who actually ran RaidForums. The judge did not agree specifically with this argument, considering that extradition would not violate the rights of the Portuguese, but what position he voiced to the Interior Minister is still unknown.
Now Coelho lives in London, released on bail of 30 thousand pounds. A curfew has been set for him, which he is forced to observe because of the electronic bracelet on his leg. Proceedings on the extradition request have been ongoing for a year and a half. On January 31, 2022, Omnipotent was arrested in the British capital when he came from Portugal to visit his sick mother.
++++
The 23-year-old founder of the RaidForums platform, Diogo Santos Coelho, also known as Omnipotent, "begs" the British government not to extradite him to the United States, where he faces a 52-year prison sentence. According to The Guardian, Coelho insists that since the age of 14, older people "exploited him to commit crimes" related to the closed darknet platform.
"I often stay up all night thinking about what would happen to me if I was sent to America. What if I do a long sentence and come out an old man? I won't have any prospects. It makes me think about whether it's even worth living if I don't have a normal life in prison or after I've served my time and come out," Coelho said.
He complained that the American justice system, in his opinion, is looking for retribution, while in Britain or Portugal, which also filed a request for Coelho's extradition, they are more inclined to rehabilitate convicts. The publication recalls that the founder of RaidForums, who holds Portuguese citizenship, immediately after his detention began to cooperate with the authorities of this country. He is also ready to stand trial there, but stresses that he cannot imagine years in an American prison.
"I was very young and impressionable when these crimes took place, I was just very naive. I'm not trying to run away from responsibility, I just want to get a chance at a real life by fixing the situation, " Coelho said.
According to the investigation, more than 10 billion files and about 400 million pounds were stolen using RaidForums. On January 31, 2022, Omnipotent was arrested in the British capital when he came from Portugal to visit his sick mother. During a hearing at Westminster Crown Court in June 2023, it was revealed that Coelho had been diagnosed with autism. In this regard, the British authorities fear that his reaction to extradition may be suicide.
• Source: https://www.theguardian.com/law/202...uk-block-us-extradition-cybercrime-raidforums
