One of the world’s most notorious hacking marketplaces, RaidForums, has been shut down and its infrastructure seized in a major cross-border law enforcement operation.
Operation TOURNIQUET, which was coordinated by Europol in support of the independent investigations of the US, UK, Sweden, Portugal and Romania, also led to the arrest of the RaidForums’ administrator and two of his accomplices.
Europol revealed the operation followed a year of meticulous planning and information sharing between investigators from the different national police forces within the Joint Cybercrime Action Taskforce (J-CAT) framework. This enabled a clear picture to be established of the different actors and roles they place played within the marketplace. These include the administrator, the money launderers, the users in charge of stealing/uploading the data and the buyers.
RaidForums, which launched in 2015, is believed to be one of the world’s biggest hacking forums, with a community of more than half a million users. The marketplace has sold access to millions of data stolen in numerous high-profile data breaches in recent years, including highly sensitive information such as credit cards and bank account numbers and usernames and associated passwords needed to access online accounts.
Alleged examples include 40 million user records stolen from popular mobile app Wishbone and the personal details of hundreds of thousands of people tested for COVID-19 in 2020.
Head of Europol’s European Cybercrime Centre, Edvardas Šileris, commented: “Disruption has always been a key technique in operating against threat actors online, so targeting forums that host huge amounts of stolen data keeps criminals on their toes. Europol will continue working with its international partners to make cybercrime harder – and riskier – to commit.”
This week, Europol announced a major new operation designed to crack down on Russian oligarchs and businesses attempting to circumvent sanctions in the wake of the Russian invasion of Ukraine.