Operation TOURNIQUET: Authorities shut down dark web marketplace RaidForums

Pierluigi Paganini April 12, 2022

The dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of Operation TOURNIQUET.

The illegal dark web marketplace RaidForums has been shut down and its infrastructure seized as a result of the international law enforcement Operation TOURNIQUET coordinated by Europol’s European Cybercrime Centre.

Operation TOURNIQUET was conducted by law enforcement agencies from the United States, United Kingdom, Sweden, Portugal, and Romania. The law enforcement arrested the administrator of the marketplace and two of his accomplices. 

The Department of Justice published a press release to announce the seizure of RaidForums and unseal criminal charges against RaidForums’ founder and chief administrator, Diogo Santos Coelho (21) of Portugal. The police arrested Coelho in the United Kingdom on Jan. 31, at the United States’ request and remain in custody pending the resolution of his extradition proceedings.

Coelho allegedly served as the chief administrator of RaidForums between Jan. 1, 2015, and on or about Jan. 31, 2022. The youngster also operated a subforum titled “Leaks Market” that described itself as “[a] place to buy/sell/trade databases and leaks.” 

“Court records unsealed today indicate that the United States recently obtained judicial authorization to seize three domains that long hosted the RaidForums website. These domains were “raidforums.com,” “Rf.ws,” and “Raid.lol.”” reads the press release published by DoJ. “According to the affidavit filed in support of these seizures, from in or around 2016 through February 2022, RaidForums served as a major online marketplace for individuals to buy and sell hacked or stolen databases containing the sensitive personal and financial information of victims in the United States and elsewhere, including stolen bank routing and account numbers, credit card information, login credentials and social security numbers.”


RaidForums was launched in 2015, its community reached over half a million users. The marketplace gained popularity for the sale of high-profile database leaks belonging to a number of US corporations across different industries.

“This marketplace had made a name for itself by selling access to high-profile database leaks belonging to a number of US corporations across different industries. These contained information for millions of credit cards, bank account numbers and routing information, and the usernames and associated passwords needed to access online accounts.” reads the announcement published by Europol. “These datasets were obtained from data breaches and other exploits carried out in recent years.”

According to Europol, the joint effort and intense information sharing were the key to the success of Operation TOURNIQUET. The investigators were able to identify the structure of the RaidForums and the roles and responsibilities of each operator behind the marketplaces (i.e.: the administrator, the money launderers, the users in charge of stealing/uploading the data, and the buyers).  

“Disruption has always been a key technique in operating against threat actors online, so targeting forums that host huge amounts of stolen data keeps criminals on their toes. Europol will continue working with its international partners to make cybercrime harder – and riskier –to commit. ” said the Head of Europol’s European Cybercrime Centre, Edvardas Šileris. 

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, cybercrime)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment