The alleged founder and chief administrator of the notorious international cyber criminal marketplace RaidForums has been arrested in the UK, according to the FBI.
Diogo Santos Coelho, 21, of Portugal, was arrested in January following a request from American law enforcement, which is seeking to have him extradited.
Europol said two of Coelho’s accomplices had also been arrested. One of those was another 21-year-old, based in Croydon, south London.
RaidForums – which operated on the open web rather than the darknet – “served as a major online marketplace for individuals to buy and sell hacked or stolen databases” according to the US.
The US has seized three domains used by the site and replaced them with a banner informing users of the seizure.
Several independent investigations into the criminal site – including those of the United States, United Kingdom, Sweden, Portugal, and Romania – were coordinated under the name Operation Tourniquet.
What was RaidForums?
According to the US affidavit and indictment, RaidForums had been used “to offer for sale hundreds of databases of stolen data containing more than 10 billion unique records”.
“At the time of its founding in 2015, RaidForums also operated as an online venue for organising and supporting forms of electronic harassment,” stated the Department of Justice.
These harassment campaigns included “raiding” which the FBI described as “posting or sending an overwhelming volume of contact to a victim’s online communications medium”.
Alongside raids, the users also coordinated “swatting” incidents – described as “the practice of making false reports to public safety agencies of situations that would necessitate a significant, and immediate armed law enforcement response” – a practice which has led to deaths.
How did they catch him?
The use of anonymising technologies can make it challenging for law enforcement to investigate cyber crime forums.
However, court documents reveal that the FBI “obtained a copy of the back-end database for RaidForums” in this investigation.
This database revealed account registration information, IP address, login details and private messages between members and administrators – allowing agents to pursue the site’s administrators.
“Our interagency efforts to dismantle this sophisticated online platform – which facilitated a wide range of criminal activity – should come as a relief to the millions victimised by it,” said Jessica Aber, the US Attorney for the Eastern District of Viriginia.
The operation was described “as a warning to those cybercriminals who participated in these types of nefarious activities,” by Ms Aber, who added: “Online anonymity was not able to protect the defendant in this case from prosecution, and it will not protect other online criminals either.”
In a separate case also related to RaidForums, the UK’s National Crime Agency arrested a “21 year-old from Croydon… at his home in March” who has since been released under investigation.
That unnamed 21-year-old is “suspected of being an administrator on the website” and officers “seized £5,000 in cash, thousands in US dollars, and put a freeze on crypto assets worth more than half a million dollars” at the time of his arrest.