www.justice.gov Open in urlscan Pro
2a02:26f0:1700:1b2::1dae  Public Scan

URL: https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator
Submission: On April 20 via api from US — Scanned from DE

Form analysis 2 forms found in the DOM

GET https://search.justice.gov/search

<form class="usasearch-hosted-box" action="https://search.justice.gov/search" method="get" id="usasearch-hosted-box" accept-charset="UTF-8">
  <div>
    <div class="container-inline">
      <h2 class="element-invisible">Search form</h2>
      <div class="form-item form-type-textfield form-item-usasearch-hosted-box">
        <label class="element-invisible" for="edit-usasearch-hosted-box--2">Search </label>
        <input class="usagov-search-autocomplete ui-autocomplete-input ui-corner-all form-text" autocomplete="off" type="text" name="query" placeholder="Search this site" aria-label="Search this site" id="edit-usasearch-hosted-box--2" value=""
          size="15" maxlength="128">
      </div>
      <div class="form-actions form-wrapper" id="edit-actions"><input type="submit" id="edit-submit" name="op" value="Search" class="form-submit"></div><input type="hidden" name="affiliate" value="justice">
    </div>
  </div>
</form>

GET https://search.justice.gov/search

<form class="usasearch-hosted-box doj-search-clone" action="https://search.justice.gov/search" method="get" id="mobile-search-form" accept-charset="UTF-8">
  <div>
    <div class="container-inline">
      <h2 class="element-invisible">Search form</h2>
      <div class="form-item form-type-textfield form-item-usasearch-hosted-box">
        <label class="element-invisible" for="mobile-search-input">Search </label>
        <input class="usagov-search-autocomplete ui-autocomplete-input ui-corner-all form-text" autocomplete="off" type="text" name="query" placeholder="Search this site" aria-label="Search this site" id="mobile-search-input" value="" size="15"
          maxlength="128">
      </div>
      <div class="form-actions form-wrapper" id="mobile-search-actions"><input type="submit" id="mobile-search-submit" name="op" value="Search" class="form-submit"></div><input type="hidden" name="affiliate" value="justice">
    </div>
  </div>
</form>

Text Content

Skip to main content

An official website of the United States government

Here’s how you know

Here’s how you know

Official websites use .gov
A .gov website belongs to an official government organization in the United
States.

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the
.gov website. Share sensitive information only on official, secure websites.




SEARCH FORM

Search



MAIN MENU


 * SEARCH FORM
   
   Search
   
 * About
   * Budget & Performance
   * History
   * Privacy Program
 * Our Agency
   * The Attorney General
   * Organizational Chart
   * Alphabetical Listing
 * Topics
 * News
   * Videos
   * Photos
   * Blogs
   * Podcasts
 * Resources
   * Guidance Documents
   * Grants
   * Forms
   * Publications
   * Information for Victims in Large Cases
   * Justice Manual
 * Careers
   * Legal Careers
   * Veteran Recruitment
   * Disability Hiring
 * Contact


YOU ARE HERE

Home » Office of Public Affairs » News
Share
 * Facebook
 * Twitter
 * LinkedIn
 * Digg
 * Reddit
 * Pinterest
 * Email


JUSTICE NEWS

Department of Justice
Office of Public Affairs

--------------------------------------------------------------------------------

FOR IMMEDIATE RELEASE
Tuesday, April 12, 2022


UNITED STATES LEADS SEIZURE OF ONE OF THE WORLD’S LARGEST HACKER FORUMS AND
ARRESTS ADMINISTRATOR

The Department of Justice today announced the seizure of the RaidForums website,
a popular marketplace for cybercriminals to buy and sell hacked data, and
unsealed criminal charges against RaidForums’ founder and chief administrator,
Diogo Santos Coelho, 21, of Portugal. Coelho was arrested in the United Kingdom
on Jan. 31, at the United States’ request and remains in custody pending the
resolution of his extradition proceedings.

Court records unsealed today indicate that the United States recently obtained
judicial authorization to seize three domains that long hosted the RaidForums
website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.” According
to the affidavit filed in support of these seizures, from in or around 2016
through February 2022, RaidForums served as a major online marketplace for
individuals to buy and sell hacked or stolen databases containing the sensitive
personal and financial information of victims in the United States and
elsewhere, including stolen bank routing and account numbers, credit card
information, login credentials and social security numbers.

“The takedown of this online market for the resale of hacked or stolen data
disrupts one of the major ways cybercriminals profit from the large-scale theft
of sensitive personal and financial information,” said Assistant Attorney
General Kenneth A. Polite, Jr. of the Justice Department’s Criminal Division.
“This is another example of how working with our international law enforcement
partners has resulted in the shutdown of a criminal marketplace and the arrest
of its administrator.”

“Our interagency efforts to dismantle this sophisticated online platform – which
facilitated a wide range of criminal activity – should come as a relief to the
millions victimized by it, and as a warning to those cybercriminals who
participated in these types of nefarious activities,” said U.S. Attorney Jessica
D. Aber for the Eastern District of Virginia. “Online anonymity was not able to
protect the defendant in this case from prosecution, and it will not protect
other online criminals either.”

“The seizure of the RaidForums website – which facilitated the sale of stolen
data from millions of people throughout the world – and the charges against the
marketplace's administrator are a testament to the strength of the FBI's
international partnerships,” said Assistant Director in Charge Steven M.
D’Antuono of the FBI’s Washington Field Office said. “Cybercrime transcends
borders, which is why the FBI is committed to working with our partners to bring
cybercriminals to justice – no matter where in the world they live or behind
what device they try to hide.”

“This global investigation signifies the remarkable dedication of the U.S.
Secret Service and highlights our partnerships with our foreign law enforcement
counterparts essential to disrupting sophisticated networks of cyber criminals,”
said Special Agent in Charge Jason D. Kane of the U.S. Secret Service’s Criminal
Investigative Division. “This case exemplifies teamwork at all levels of law
enforcement to stop these cyber criminals from defrauding citizens of the United
States and in our partner countries.”

Prior to its seizure, RaidForums members used the platform to offer for sale
hundreds of databases of stolen data containing more than 10 billion unique
records for individuals residing in the United States and internationally. At
the time of its founding in 2015, RaidForums also operated as an online venue
for organizing and supporting forms of electronic harassment, including by
“raiding” – posting or sending an overwhelming volume of contact to a victim’s
online communications medium – or “swatting” – the practice of making false
reports to public safety agencies of situations that would necessitate a
significant, and immediate armed law enforcement response.

The seizure of these domains by the government will prevent RaidForums members
from using the platform to traffic in data stolen from corporations,
universities and governmental entities in the United States and elsewhere,
including databases containing the sensitive, private data of millions of
individuals around the world. 

In addition, a six-count indictment against Coelho was unsealed in the Eastern
District of Virginia charging him with conspiracy, access device fraud and
aggravated identify theft in connection with his role as the chief administrator
of RaidForums. According to the indictment, between Jan. 1, 2015, and on or
about Jan. 31, 2022, Coelho allegedly controlled and served as the chief
administrator of RaidForums, which he operated with the help of other website
administrators. As administrators, Coelho and his co-conspirators are alleged to
have designed and administered the platform’s software and computer
infrastructure, established and enforced rules for its users, and created and
managed sections of the website dedicated to promoting the buying and selling of
contraband, including a subforum titled “Leaks Market” that described itself as
“[a] place to buy/sell/trade databases and leaks.” 

To profit from the illicit activity on the platform, RaidForums charged
escalating prices for membership tiers that offered greater access and features,
including a top-tier “God” membership status. RaidForums also sold “credits”
that provided members access to privileged areas of the website and enabled
members to “unlock,” and download stolen financial information, means of
identification, and data from compromised databases, among other items. Members
could also earn credits through other means, such as by posting instructions on
how to commit certain illegal acts. 

According to the indictment, Coelho also personally sold stolen data on the
platform, and directly facilitated illicit transactions by operating a fee-based
“Official Middleman” service. For the Official Middleman service, Coelho
allegedly acted as a trusted intermediary between RaidForums members seeking to
buy and sell contraband on the platform, including hacked data. Notably, to
create confidence amongst transacting parties, the Official Middleman service
enabled purchasers and sellers to verify the means of payment and contraband
files being sold prior to executing the transaction.

Assistant Attorney General Kenneth A. Polite, Jr. of the Justice Department’s
Criminal Division; U.S. Attorney Jessica D. Aber for the Eastern District of
Virginia; Special Agent in Charge Jason D. Kane of the U.S. Secret Service’s
Criminal Investigative Division; and Assistant Director Steven M. D’Antuono of
the FBI’s Washington Field Office made the announcement.

Senior Trial Attorney Aarash Haghighat of the Criminal Division’s Computer Crime
and Intellectual Property Section (CCIPS) and Assistant U.S. Attorney Carina A.
Cuellar for the Eastern District of Virginia are prosecuting the case against
Coelho. The Justice Department’s Office of International Affairs provided
significant assistance throughout the criminal investigation.

The law enforcement actions against RaidForums and Coelho are the result of an
ongoing criminal investigation by the FBI’s Washington Field Office and the U.S.
Secret Service. The department also thanks the support provided by Joint
Cybercrime Action Taskforce (Europol), National Crime Agency (UK), Swedish
Police Authority (Sweden), Romanian National Police (Romania), Judicial Police
(Portugal), Internal Revenue Service Criminal Investigation, Federal Criminal
Police Office (Germany) and other law enforcement partners.

Anyone that has any information regarding Coelho or RaidForums should file a
complaint at ic3.gov with #RaidForums in the description.

An indictment is merely an allegation, and all defendants are presumed innocent
until proven guilty beyond a reasonable doubt in a court of law.

Attachment(s): 
Download Coelho Indictment
Topic(s): 
Cybercrime
Component(s): 
Criminal Division
Criminal - Computer Crime and Intellectual Property Section
Federal Bureau of Investigation (FBI)
USAO - Virginia, Eastern
Press Release Number: 
22-360
Updated April 12, 2022
Speeches and Press Releases
Videos
Photos
Blogs
Podcasts


FOOTER MENU JUSTICE

 * First Column
   * en ESPAÑOL
   * Contact DOJ
 * Second Column
   * Archive
   * Accessibility
   * Information Quality
   * Privacy Policy
   * Legal Policies & Disclaimers
   * Social Media
 * Third Column
   * Budget & Performance
   * Office of the Inspector General
   * No FEAR Act
   * For Employees
   * FOIA
   * USA.gov
   * Vote.gov


U.S. DEPARTMENT OF JUSTICE

950 Pennsylvania Avenue, NW
Washington, DC 20530-0001


STAY CONNECTED WITH JUSTICE:

Instagram Facebook Twitter YouTube


EMAIL UPDATES