The content material of this submit is solely the duty of the writer. LevelBlue doesn’t undertake or endorse any of the views, positions, or info offered by the writer on this article.
From stolen private information to total company databases, Raid Boards was a digital black market the place essentially the most priceless commodities weren’t bodily items however delicate info.
What started as a hub for on-line trolls rapidly spiraled right into a bustling market the place hackers auctioned off information to the best bidder. The platform advanced right into a haven for cybercriminals, with infamous figures turning stolen info into revenue.
However as regulation enforcement closed in, rookie OpSec errors led to this empire of deceit and information theft crumbling down.
Thus, let’s take a better have a look at how Raid Boards grew to become one of many web’s most notorious data-selling platforms, its operational mannequin and the way it all got here crumbling down.
Origins of Raid Boards: From Trolling to Extra Sinister Acts
Raid Boards started in 2015 as a infamous hub for trolling and harassment, with different disruptive actions like “swatting” and DDoS assaults additionally being mentioned and orchestrated. Nonetheless, they have been thought of nothing greater than a gaggle of terminally on-line script kiddies on the time.
On the middle was its founder, Diogo Santos Coelho, or “All-powerful,” a 14-year-old Portuguese nationwide with a propensity for cybercrime. Frost and Pompompurin have been two different notable admins.
Initially, customers would attain out to him and the remainder of the neighborhood to carry out mass spam assaults—raids, justifying the discussion board’s identify.
The shenanigans quickly advanced—customers orchestrated pretend police studies, escalating the location’s actions from on-line pranks to real-world disruptions within the type of on-line harassment campaigns and smear assaults. Nevertheless, there was one main downside—these actions weren’t as worthwhile as Coelho as his companions in crime hoped.
Shifting Objectives: Transition to a Market for Stolen Information
Because the discussion board’s viewers expanded, its admin staff figured it was time to pivot. Thus, Raid Boards regularly remodeled right into a market for promoting stolen info, from SSNs to company monetary data, harvested from main information breaches.
This turned out to be a significant boon for the location, as among the world’s greatest freelance black hats noticed Raid Boards as an acceptable place to chain in on their digital loot.
On the identical time, Raid developed its personal staff of knowledge poachers and malware devs, ensuing of their escapades devolving into extra sinister, extra meticulous endeavors.
Whether or not it was extracting bill information from company emails to dig deeper into potential targets or compromising the FBI’s inner electronic mail system, the discussion board’s actions advanced from easy monetary acquire to extra subtle and far-reaching felony operations.
How Raid Boards Labored: The Inside Workings of a Clandestine Market
As All-powerful and different members of the location’s management crew additionally engaged in information theft, they noticed the location as a possibility to earn further funds. Subsequently, the location relied on the next income streams:
- Public sale proceedings. Registered customers might add their databases and Raid Boards would take a proportion of every sale, within the type of mediation funds.
- Direct sale mediation. Oftentimes, hackers and information brokers have an occasion to buy their information however aren’t trusting of their intentions. Therefore, All-powerful or one other admin would function escrow, guaranteeing either side that the information and the cash (normally Monero) have been actual.
- Memberships. Whereas the admins’ purpose was to draw extra individuals, extra customers meant extra scams, pretend bids and different points. Consequently, they instituted a sequence of membership packages, with the God Tier offering entry to essentially the most priceless databases, secret auctions and personal bids.
This turned out to be a sustainable operational mannequin, with customers having the ability to confirm particular person sellers and databases by means of critiques. Fame was king, whereas admins used PGP to signal all their messages as a method of building legitimacy and lowering suspicion of a possible LEO mole.
What Kind of Information Might You Discover on Raid Boards
One of many issues that set Raid Boards aside was the variety of several types of information on the market, a logical results of the location being the epicenter for all such transactions. What caught the general public’s consideration essentially the most, nonetheless, have been:
Private Identifiers
SSNs, DOBs, and residential addresses usually leak along with names and profile info, particularly when a social community or discussion board suffers a knowledge breach. Hackers usually used Raid Boards to promote these stolen databases to scammers, who would try and commit identification theft and do every part from shopping for luxurious items to taking out loans, all in another person’s identify.
Monetary Information
Whereas private identifiers are nice for artificial identification theft (for criminals, that’s), stealing monetary information is extra engaging to smaller-time criminals.
Subsequently, you’d usually see Raid Boards listings for a whole lot of 1000’s of stolen bank cards. Oftentimes, it was like a lottery, with some playing cards being blocked and a few having no restrict in any way.
There have been additionally cases of full fee histories and data being leaked, which additionally helped scammers goal individuals with different forms of fraud. However, as at all times, company monetary information used to fetch the best costs.
Company and Personal Information
Past monetary data and firm financial institution accounts, company techniques additionally maintain a treasure trove of different information. It doesn’t should be R&D paperwork, proprietary IP or commerce secrets and techniques—even one thing as inconspicuous as worker data could possibly be invaluable to criminals.
What if somebody came upon that the janitor is usually late, has ingesting issues and just lately received divorced? That appears like a straightforward blackmail goal to look the opposite method when crucial…
Excessive-Profile Breaches that Raid Boards Facilitated
Chances are high, if there was a big information breach within the late 2010s or early 2020s, Raid Boards’ fingers have been throughout it.
One notable instance was the sale of data from the 2021 T-Cell breach, which resulted in 37 million individuals being unwillingly doxxed by cyber criminals. Nevertheless, that is simply the tip of the iceberg, as Raid was the public sale place of alternative through the breaches of:
● LinkedIn (2021): This incident concerned the scraping of knowledge from 700 million LinkedIn customers. The dataset included private particulars akin to full names, electronic mail addresses, telephone numbers, job positions, office info, and different profile-related information. The hacker accountable listed the information on the market on RaidForums, offering a pattern of 1 million data as proof.
● Fb (2019): The breach affected 533 million Fb customers throughout 106 international locations. The uncovered information included telephone numbers, Fb IDs, full names, places, birthdates, bios, and, in some instances, electronic mail addresses. This information was obtained by means of a vulnerability that was later patched by Fb in 2019. Regardless of being an older dataset, it nonetheless posed important dangers for phishing and identification theft.
● Astoria Firm (2021): A advertising and marketing and lead technology agency, Astoria Firm, suffered a knowledge breach that uncovered over 10 million data. The leaked information included names, addresses, telephone numbers, electronic mail addresses, and credit score scores. The dataset was bought on RaidForums, making it a priceless useful resource for identification thieves and fraudsters.
● Brazilian Authorities (2021): A large information breach affected 243 million Brazilian residents, together with deceased people. The leaked info included full names, tax identification numbers, dates of start, and different delicate information.
What was notably harrowing about these breaches was that US netizens realized that their safety might nonetheless be compromised by the very entities entrusted with their information.
Even when clients are utilizing digital signatures and chansing their passwords usually, a enterprise or authorities company could make essential errors, and now that every part is so interconnected, their lapses expose you to dangers past your management.
How Raid Boards Admins Turned the Architects of their Personal Arrests
The downfall of Raid Boards can largely be traced again to 2 important causes—the location merely received too huge and important OpSec errors have been made by All-powerful.
Reputation-wise, the location was turning into too profitable for its personal good. This gave regulation enforcement and intelligence businesses from dozens of nations a robust purpose to place an finish to Raid for good.
Nevertheless, it turned out that the location’s creator ended up being its unmaker, too. Though All-powerful was identified for utilizing non-public emails, VPNs and signing every part along with his PGP key, he wasn’t, effectively—all-powerful.
He made the cardinal error of attempting to enter the USA illegally in 2018, which allowed the FBI entry to information about his unlawful actions. To make issues even worse, All-powerful used the identical electronic mail he used to register the Raid Boards area to contact the FBI about getting his gadgets again!
To not point out, Coelho additionally used his private machine to run the official Raid Boards Telegram channel. With all of this, the April 2022 takedown of Raid was however a formality and its former head admin and founder is going through extradition to the US, together with a possible 52-year sentence if extradited.
Conclusion
The autumn of Raid Boards wasn’t the leviathan being bested—it was extra like a single smack in a unending recreation of Whack-a-Mole. That is evident by Breach Boards and its fast rise to reputation, adopted by its head admin and former Raid Boards admin, additionally being arrested.
Thus, the message is evident—this struggle is an ongoing on, and solely fixed vigilance and well timed rules may even the enjoying discipline. Your information will at all times be on the market; the purpose is making getting it prohibitively tough and costly for any hacker, be it a freelancer or a discussion board.