Categories: SecurityStories

The Story of RaidForums

In its prime, RaidForums was one of the most prominent English-speaking hacking forums. For many, RaidForums was known as the primary source of famous data breaches and hacking tools until its seizure by law enforcement in 2022.

The Beginning of RaidForums

If you’ve been in the industry for a while, you’ve certainly heard of RaidForums. In its prime, RaidForums was one of the most popular English-speaking hacking forums until its demise in 2022. RaidForums is said to have launched in around 2015. The founder of RaidForums is said to be a young Portuguese national Diogo Santos Coelho, who was around 14 years of age at the time.

Despite his young age, Diogo Santos Coelho founded RaidForums which at the time is said to have focused on “raiding” Twitch streamers by someone calling the police and telling them that some highly illegal activities are going on in the house of the streamer and asking the police to check that out or even outright “SWAT” the streamer by calling a SWAT team to raid the apartment/place, hence the name of the forum.

RaidForums

According to Reddit, some raiders (not necessarily from or affiliated with RaidForums) also call phone numbers, order pizza or Chinese food, escort services, threaten to DDoS services to take them down, some dox people and post their personal information “just to have fun”, etc.

The New Era of RaidForums

When time went on, RaidForums members pulled away from their initial “raiding” activities and moved into hacking shortly making RaidForums a haven for script kiddies and black hat hackers alike: the administrators of the RaidForums website quickly noticed the “need” to leak data breaches, and thus, the new era of RaidForums began.

The Login Page of RaidForums

See the “Databases” link on the top left side of RaidForums? It’s there not without a reason: some members of RaidForums were known to leak data to facilitate data breaches, identity theft, and credential stuffing.

The “leakage” of data breaches refers to the act of a possibly malicious actor obtaining and/or sharing data illegally obtained from websites or applications. Since the data includes a lot of information including, but not limited to usernames, email addresses, IP addresses, geographic addresses, full names, and more, it’s a gold mine for hackers. Hackers obtain the data and then use it for credential stuffing, identity theft, or other illicit purposes.

Thus, a new era of RaidForums began – the administrators created a category within the forum and called it something similar to “Leaks” or “Leaked Databases” referring to stolen data sets that are shared with malicious parties. Initially, the new section of RaidForums was small with members of RaidForums sharing smaller sets of data, but as time went on and the member base of RaidForums was beginning to get a lot more “serious” in the sense that it’d attracted black hat hackers and those stealing credit card information (some say that porn was apparently a thing too), things began to get out of hand.

RaidForums and Data Breaches

As time went on, RaidForums was beginning to make a name for itself as “the home for the breaches.” And by breaches, we of course mean data breaches – members of RaidForums would leak – share – sets of stolen information every single day and everything came to a point where the data leaks section of RaidForums contained information on over 10,000,000,000 – ten billion – people. This just had to stop.

Regardless, users flocked to RaidForums like there was no tomorrow – why wouldn’t they? RaidForums was available on the clear web, and the administrators of RaidForums were so lenient that users felt that they could do whatever they want without any consequences whatsoever.

RaidForums and Law Enforcement

According to some sources, law enforcement including the FBI, and others were aware of RaidForums a couple of years prior to the date they started taking action to bring RaidForums down. That may have been as early as 2015 when RaidForums started to gain some traction in regards to raiding and has not yet been known as the haven for data breaches. It may have well been the case – the FBI and other law enforcement agencies may have been waiting for more “users” (black hat hackers) to gain access to the forum so that they could obtain as much information as possible.

According to DarkOwl, more serious problems for RaidForums have began to brew in late 2021 and early 2022 with RaidForums users noticing strange MyBB-based errors when attempting to visit the website saying “MyBB has experienced an internal SQL error and cannot continue.” Among other things.

DarkOwl also says that around that time, it was suggested (perhaps as a joke) that the administrator of the forum – Diogo Santos Coelho going by the alias of Omnipotent – “was on life support after fighting a mountain lion” and thus, understandably, causing even more suspicion and unease.

Some think that such errors within RaidForums have been the cause of the Brazilian government contacting the registrar of the website going by the name of NameSilo shutdown the forum. This theory was pretty much confirmed by the administrator of the website Diogo Santos Coelho or Omnipotent, himself (Source – Bleeping Computer):

Omnipotent (probably Diogo Santos Coelho) Introducing a Mirror for RaidForums

Some say that the Brazilian government interfering with the operations of RaidForums wasn’t the end either – some sources say that law enforcement actually controlled the servers (or at least a part of them) before seizing RaidForums. That’d make sense too – after all, law enforcement would want to collect as much information on cybercriminals as possible without them noticing.

Advice for Staff on RaidForums

According to BleepingComputer, staff on RaidForums was even advised to use VPN services, split tunneling or a VM, a password manager, and two-factor authentication on all of their accounts, and advised to refrain from sharing too much personal information about themselves as well:

RaidForums Advice for Current and Future Staff Members

That may have been because the staff on RaidForums was already thinking that the end was inevitable.

Takedown of RaidForums

Finally, the servers and the domain hosting RaidForums were seized by international law enforcement partners including Department of Justice, the U.S. Secret Service, FBI, IRS, Swedish police, EUROPOL, NCA, INTERPOL, and Portuguese police agencies in the middle of April 2022.

After the takedown, it was said that the administrator of RaidForums – Diogo Santos Coelho – was fighting against extradition to the United States because he was said to be scared of the US “seeking retribution” whereas he saw the European courts to be more lenient as he said to be “exploited by adults” perhaps referring to black-hat hackers.

We’re yet to see where the founder of RaidForums – Diogo Santos Coelho – will end up, but we at BreachDirectory hope that he will be given a chance to rehabilitate himself and start a new chapter in his life.

The Role of BreachDirectory

We at BreachDirectory are committed to making the Internet a safer place by offering free access to the data breach search engine and offering access to the BreachDirectory API which is used by individuals, known companies, as well as prominent universities. Make use of the data breach search engine and BreachDirectory API today to protect your customers, employees, and those close to you, be safe from cyber threats, and until next time.

Summary

RaidForums was one of the most prominent English-speaking hacking forums in the world that was founded by a young male named Diogo Santos Coelho. The founder of RaidForums apparently knew that the forum was leaning towards a black-hat hacker haven but did nothing allowing hackers to have free reign on the forum and build a name for the forum, at the same time, risking being arrested.

After some time, in April 2022, the servers belonging to RaidForums were seized by law enforcement. The fate of the founder of RaidForums – Diogo Santos Coelho – remains unclear, but we do hope that he will be given a chance to rehabilitate himself after thinking of his actions.

For now, make sure you keep yourself safe from cyber threats by utilizing the data breach search engine by BreachDirectory, and until next time.

Frequently Asked Questions

What was RaidForums About?

RaidForums was one of the most prominent hacking forums that started somewhere around 2015 and its founder was a Portuguese national Diogo Santos Coelho.

Why was RaidForums Taken Down?

RaidForums was taken down after an international police operation involving dozens of countries to stop the spread of leaked data breaches and other illicit activity that was given free realm within the forum.

Are There Forums or Websites Similar to RaidForums?

Yes, there are. Stay safe, and stay tuned for more stories!

Nirium

Recent Posts

Schneider Electric: JIRA Server Breached

There have been rumors about a data breach targeting Schneider Electric. Did a data breach…

1 month ago

The Makers of Fiskars Scissors Got Breached: What’s Known

There have been rumors about the Fiskars Group – the company behind Fiskars scissors and…

1 month ago

Russia Fines Google for $20,000,000,000,000,000,000,000,000,000,000,000

Russia has fined Google more than two undecillion roubles because Google has refused to pay…

1 month ago

RockYou 2024.txt Looks Like a Binary File – Here’s Why

Why does RockYou 2024.txt look like a binary file when you open it up? Find…

1 month ago

Duolicious Data Leak: What You Need to Know

Duolicious is a dating app that connects people who are “chronically online.” Did the Duolicious…

2 months ago

What is RockYou 2024.txt and How Did RockYou 2024 Come to Be?

This blog will tell you what RockYou 2024 is, how RockYou 2024.txt came to be,…

2 months ago