Found on the open web rather than the darknet, RaidForums hosted sensitive financial information and “served as a major online marketplace for hackers”. Its founder and chief administrator Diego Santos Coelho, 21, from Portugal, was arrested in the UK on 31 January.
The US Department for Justice said he remains in custody pending extradition. Separately the National Crime Agency (NCA) reported police had arrested another suspected founder of the site – a 21 year-old from Croydon – at his home in March.
He has since been released, under investigation, but at the time of his arrest officers seized £5,000 in cash, thousands of US dollars and activated a freeze on crypto assets worth more than half a million dollars. RaidForums launched in 2015 and gained prominence in criminal circles by offering access to high-profile database leaks, which could be used to enable crimes such as fraud.
According to the threat intelligence firm Recorded Future, the site contained more than 530,000 registered members and was a powerful tool among low to mid-level cyber-criminals. The compromised data, which hackers bought and sold, included information stolen from UK companies, some of which related to credit cards, bank accounts, usernames and passwords.
Investigators found that the forum was operating a membership scheme, where users of the site paid up to 10 euros for access to chatrooms which allowed the exchange of photographs and data linked to cyber-crime.
They suspected that administrators of the website, based in the UK, were helping to manage its membership, as well as laundering payments to the site through a separate – seemingly legitimate – online business.