US law enforcement has shut down one of the largest cybercriminal online forums in the world known as RaidForums. This English-language online marketplace was a go-to place for cybercriminals to buy and sell databases stolen from organizations in ransomware and other cyber attacks.
Well known among cybercriminal circles as an online hub for buying and selling stolen data, since its launch in 2015 RaidForums has sold access to more than 10 billion personal hacked records in some of the world’s largest data breaches. For example, data scraped from profiles of some 700 million LinkedIn users was posted for sale on the forum last June.
The shutdown disrupts a resource marketplace and creates difficulties for cybercriminals who are looking to monetize their services and stolen data. However, that said, its unlikely to have a long-term impact on cybercriminal activity, as attackers will just shift tactics and find other ways to profit.
In a sense the shutdown of RaidForums presents an opportunity for other hacker forums to fill the power vacuum it creates. Cyber villains are used to platforms being taken down so will simply use alternative dark web sites that will inevitably appear to take its place.
- RaidForums went online in 2015, initially operating as an online venue for organizing and supporting forms of electronic harassment. This included ‘swatting,’ that is the practice of making false reports to the police often resulting in heavily armed police descending on an unsuspecting individual’s home.
- Between 2016 and 2022, RaidForums primarily served as a major online marketplace for individuals to buy and sell hacked or stolen databases that contain sensitive personal and financial information of victims of cyber-attacks around the world.
- Stolen records that could be bought and sold on the forum included stolen bank routing and account numbers, credit card information, login credentials and social security numbers and other personally identifying information.
- RaidForums acted on a membership business model, charging escalating prices for membership tiers that offered greater access and features. This included a top-tier ‘God’ membership status.
- The forum also sold credits that provided members access to privileged areas of the website to download stolen financial information, online credentials and personal identification data from compromised databases, among other items.
- Members could also earn credits through other means, such as posting instructions on how to commit fraudulent acts online.
Revealing the scale and scope of effort, and oftentimes difficulties, involved in taking down RaidForums law enforcement form all over the world were involved. These included the FBI and US Secret Service, the Europol Joint Cybercrime Action Taskforce, the UK’s National Crime Agency, the Swedish Police Authority, Romanian National Police, Judicial Police Portugal, Federal Criminal Police Office Germany and others.