US DOJ Seizes RaidForums, A Hugely Popular Hacking Site Started By A 14 Year Old

us seizes raidforums hacking site notice news
It’s likely that some of your information has appeared on RaidForums at some point during the site’s seven year run. RaidForums was a popular hacking site where users shared data collected from breaches, leaks, and scrapes. According to the US Department of Justice, the databases on offer on RaidForums contained, “more than 10 billion unique records for individuals residing in the United States and internationally." We use the past tense here because the US DOJ has seized and shutdown RaidForums.

The seizure is part of the culmination of Operation TOURNIQUET, a year-long coordinated effort and investigation involving authorities from the United States, Europol, the United Kingdom, Portugal, Germany, Sweden, and Romania. The seizure warrant includes the primary home of RaidForums, “raidforums.com,” as well as its two alternative domain names, “rf.ws” and “raid.lol.” The seizure was also accompanied by a number of arrests. The UK National Crime Agency (NCA) arrested a Portuguese 21 year-old by the name of Diogo Santos Coelho, who was found in Croydon, England. Coelho is suspected of being the administrator and founder of RaidForums, “Omnipotent.” Coelho would have been only 14 when RaidForums was launched back in 2015.

Coelho was identified as Omnipotent when US authorities obtained a warrant to search the electronic devices present in Coelho’s luggage while he was attempting to enter the US at Hartsfield-Jackson International Airport. Investigators found text messages, files, and emails linking the then teenager to Omnipotent. Coelho tried to recover his devices by contacting the lead FBI case agent through email, using the same email address used to register the two alternate domain names for RaidForums.

Coelho has been charged with six criminal counts: one count of Conspiracy to Commit Access Device Fraud, four counts of Access Device Fraud, and one count of Aggravated Identity Theft. Coelho’s indictment accuses him of personally selling stolen data, as well as directly facilitating illicit transactions by offering an “Official Middleman Service.”

us seizes raidforums hacking site login news
The login page presented after US authorities initially seized RaidForums

Back in February, security researchers caught wind that US authorities might have seized RaidForums when the site temporarily went down. The site later came back online, but every page of the site displayed the login page, and entering user credentials simply refreshed the login page. Researchers suspected that the login page functioned as a way for law enforcement to collect users’ credentials. These suspicions were strengthened when the DNS servers for RaidForums were changed to two DNS servers that have been used by law enforcement in the past during site seizures.

It wasn’t until yesterday that the authorities involved in Operation TOURNIQUET finally acknowledged their seizure of RaidForums. All three RaidForums domain names now display a notice informing visitors that the domain has been seized by the Federal Bureau of Investigation, the United States Secret Service, and the Department of Justice.