Massive online market for stolen data deleted by global operation

The Department of Justice participated in the international effort to remove RaidForums.


Law enforcement in Europe and the United States on Tuesday announced the dismantling and seizure of a massive illegal online marketplace that bought and sold access to databases of millions of credit card numbers and other sensitive information belonging to Americans and others around the world.

The presumed administrator of RaidForums and two other people were arrested during the operation called Tourniquet, coordinated by European Police Agency Europol and brought together law enforcement from the United States, United Kingdom, Sweden, Portugal and Romania.

Launched in 2015, RaidForums had more than half a million users, making it one of the largest illegal marketplaces of its kind in the world, Europol said. Its data came from US companies representing a variety of industries, having been harvested from breaches and other cybercrimes over the past few years.

In addition to credit card numbers, the hundreds of databases included stolen routing and bank account numbers, login credentials and social security numbers, US Department of Justice mentioned.

According to unsealed US court records on Tuesday, the United States recently received permission from a judge to seize three domains that hosted the RaidForums site. Criminal charges against the alleged founder and chief administrator of RaidForums, Diogo Santos Coelho, 21, of Portugal, have not been sealed. Coelho was arrested in the UK on January 31 at the request of the United States and remains in custody pending extradition, the Justice Department said.

The six-count indictment against Coelho charges him with conspiracy, access device fraud and aggravated impersonation. He says that for the past seven years, Coelho has controlled and been the chief administrator of RaidForums, which he managed with the help of other website administrators.

In addition to creating and running the site, the indictment says Coelho personally sold stolen data on the platform. He also directly facilitated illegal sales by operating a paid “official middleman” service where he helped others buy and sell data by verifying payment methods and files being sold before letting the case proceed. , according to the indictment.