World’s Largest Hacker Marketplace Shut Down in Multi-Agency Operation

Published: 18 April 2022

RadiForums Europol

Operation Tourniquet — coordinated by Europol’s European Cybercrime Centre — led to the shutdown of a major illegal marketplace called RaidForums. The international coordination consolidated numerous independent criminal investigations in six countries including the U.S, the U.K, Sweden, Portugal, Germany and Romania. (Photo: EUROPOL, License)

By Yousef Choudhri

A global, multi-agency effort took down one of the world’s largest hacker forums and arrested several individuals, including the site’s administrator, Europol said in a press release.

Launched in 2015, RaidForums was an illicit marketplace for the sale of hacked data and stolen databases commonly utilized by cybercriminals. Several high-profile corporate database leaks were marketed on the site.

“RaidForums had developed into one of the largest hacking forums online where hacking tips and stolen data were frequently exchanged,” said a spokesperson from U.K.’s National Crime Agency (NCA).

Members of RaidForums had access to hundreds of databases from individuals, corporations, universities, and government entities. The site contained stolen data ranging from credit card information, login credentials, social security numbers, and stolen bank account numbers.

According to the U.S. Department of Justice (DOJ), RaidForums stored more than 10 billion unique records of individuals worldwide.

The site’s top administrator, 21-year old Diogo Santos Coelho, was arrested in the U.K. on January 31 at the request of the DOJ. He remains in custody pending extradition to the U.S.

Coelho and his fellow administrators were responsible for managing the site’s membership and had been laundering payments through a separate online front business.

According to the NCA, users of RaidForums subscribed to a tiered membership service starting at 10 euro a month, for basic access to various chat rooms, all the way up to the ‘god’ tier, which offered special privileges, according to a DOJ affidavit.

Coelho is believed to have held the role of chief administrator from January 1, 2015 up to the day of his arrest on January 31, 2022. Along with co-conspirators, he designed and administered the site’s platform software and infrastructure and ran a subforum - Leaks Market - which was dedicated to the buying and selling of contraband.

After receiving judicial authorization, U.S. authorities seized and took down three domains belonging to the site, ‘raidforums.com,’ ‘Rf.ws,’ and ‘Raid.lol.’

“The takedown of this online market for the resale of hacked or stolen data disrupts one of the major ways cyber criminals profit from the large-scale theft of sensitive personal and financial information,” said Assistant Attorney General Kenneth A. Polite, Jr. from the Criminal Division of the DOJ.

Coelho faces a six-count indictment from the eastern District Court of Virginia. The charges include conspiracy, access device fraud, and aggravated identity theft as the primary chief administrator of RaidForums.

NCA portugal Romania cybercrime Germany Europol USA Sweden us department of justice U.K. data breach cybercriminals