Thursday08 December 2022

Law Enforcement Celebrates Another Hacker Forum Takedown as the Seizure of RaidForums is Announced.

Reading time is around minutes.

2022 has been a busy year for the information security industry on both sides of the playing field. We have seen an increase in target attacks on businesses, a larger number of Zero-Day vulnerabilities disclosed that were being actively exploited in the wild, several major companies had data stollen and leaked, and we cannot forget the threat actor war going on over the Russian Invasion of Ukraine. With all these items, law enforcement agencies have also been very busy with the seizure and shut down of two major “hacker” marketplaces, Hydra and RaidForums.

The announcement of the shutdown of Hydra last week was part of a combined announcement with US and German authorities and represented the disruption of one of the largest and longest running dark web marketplaces known. The site was known for the sale of drugs, cybercrime as a service, and other illegal items. It has always been believed to be operated by a Russian-based team due to the primary language used. In connection with the seizure of servers associated with the site, German officials announced they had captured bitcoin with an estimated value of roughly 25.3 million dollars (23 million Euros). The Office of Foreign Assets Control also posted a list of more than 100 digital currency addresses that are linked to Hydra and the group behind it. It was a good day.

This week the FBI and Europol announced the seizure and shuttering of another marketplace called RaidForums. RaidForums is another long running marketplace, but unlike Hydra they seemed to be much more focused on the sale of stollen data, in fact it has been touted as one of the largest marketplaces for stollen data. The site was complex with multiple levels of verification for both the data and the payment for the information including using middleman services that were available for a fee. The site is said to have hosts more than 10 billion unique records of individuals around the world and included banking information, social security numbers, credit card numbers, and usernames and passwords for individual accounts.

Both seizures resulted in arrests of people alleged to be responsible for site administration and/or creation. Law enforcement is celebrating this as a major impact to criminal organizations that utilize services like this, and it is. The downside, as told by security researchers, is that dismantling marketplaces like this always push the criminal organizations further underground. They are likely to switch to more secure methods of communication and transactions. It will make them harder to track and stop. Nature abhors a vacuum, so the take down of these sites is not going to stop things, it may slow them down for a while, but only until new sites are established. This is not meant to say that law enforcement should not do anything about these sites, just that the seizure of them does have consequences and can make future impacts more challenging. Still, the dismantling of infrastructure dedicated to illegal activity is never a completely bad thing so we can always be happy about that.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.