The content material of this put up is solely the duty of the creator. LevelBlue doesn’t undertake or endorse any of the views, positions, or data supplied by the creator on this article.
From stolen private information to whole company databases, Raid Boards was a digital black market the place probably the most precious commodities weren’t bodily items however delicate data.
What started as a hub for on-line trolls shortly spiraled right into a bustling market the place hackers auctioned off information to the best bidder. The platform advanced right into a haven for cybercriminals, with infamous figures turning stolen data into revenue.
However as legislation enforcement closed in, rookie OpSec errors led to this empire of deceit and information theft crumbling down.
Thus, let’s take a better have a look at how Raid Boards grew to become one of many web’s most notorious data-selling platforms, its operational mannequin and the way it all got here crumbling down.
Origins of Raid Boards: From Trolling to Extra Sinister Acts
Raid Boards started in 2015 as a infamous hub for trolling and harassment, with different disruptive actions like “swatting” and DDoS assaults additionally being mentioned and orchestrated. However, they had been thought of nothing greater than a gaggle of terminally on-line script kiddies on the time.
On the heart was its founder, Diogo Santos Coelho, or “All-powerful,” a 14-year-old Portuguese nationwide with a propensity for cybercrime. Frost and Pompompurin had been two different notable admins.
Initially, customers would attain out to him and the remainder of the neighborhood to carry out mass spam assaults—raids, justifying the discussion board’s identify.
The shenanigans quickly advanced—customers orchestrated faux police experiences, escalating the location’s actions from on-line pranks to real-world disruptions within the type of on-line harassment campaigns and smear assaults. Nonetheless, there was one main downside—these actions weren’t as worthwhile as Coelho as his companions in crime hoped.
Shifting Objectives: Transition to a Market for Stolen Information
Because the discussion board’s viewers expanded, its admin group figured it was time to pivot. Thus, Raid Boards progressively reworked right into a market for promoting stolen data, from SSNs to company monetary data, harvested from main information breaches.
This turned out to be a significant boon for the location, as among the world’s greatest freelance black hats noticed Raid Boards as an appropriate place to chain in on their digital loot.
On the similar time, Raid developed its personal group of information poachers and malware devs, ensuing of their escapades devolving into extra sinister, extra meticulous endeavors.
Whether or not it was extracting bill information from company emails to dig deeper into potential targets or compromising the FBI’s inner e-mail system, the discussion board’s actions advanced from easy monetary acquire to extra refined and far-reaching felony operations.
How Raid Boards Labored: The Internal Workings of a Clandestine Market
As All-powerful and different members of the location’s management crew additionally engaged in information theft, they noticed the location as a possibility to earn further funds. Due to this fact, the location relied on the next income streams:
- Public sale proceedings. Registered customers may add their databases and Raid Boards would take a share of every sale, within the type of mediation funds.
- Direct sale mediation. Oftentimes, hackers and information brokers have an get together to buy their information however aren’t trusting of their intentions. Therefore, All-powerful or one other admin would function escrow, guaranteeing either side that the info and the cash (normally Monero) had been actual.
- Memberships. Whereas the admins’ aim was to draw extra folks, extra customers meant extra scams, faux bids and different points. Because of this, they instituted a sequence of membership packages, with the God Tier offering entry to probably the most precious databases, secret auctions and personal bids.
This turned out to be a sustainable operational mannequin, with customers having the ability to confirm particular person sellers and databases via opinions. Fame was king, whereas admins used PGP to signal all their messages as a method of creating legitimacy and lowering suspicion of a possible LEO mole.
What Kind of Information May You Discover on Raid Boards
One of many issues that set Raid Boards aside was the variety of several types of information on the market, a logical results of the location being the epicenter for all such transactions. What caught the general public’s consideration probably the most, nonetheless, had been:
Private Identifiers
SSNs, DOBs, and residential addresses typically leak along with names and profile data, particularly when a social community or discussion board suffers an information breach. Hackers typically used Raid Boards to promote these stolen databases to scammers, who would try to commit id theft and do all the things from shopping for luxurious items to taking out loans, all in another person’s identify.
Monetary Information
Whereas private identifiers are nice for artificial id theft (for criminals, that’s), stealing monetary information is extra enticing to smaller-time criminals.
Due to this fact, you’ll typically see Raid Boards listings for tons of of 1000’s of stolen bank cards. Oftentimes, it was like a lottery, with some playing cards being blocked and a few having no restrict in any way.
There have been additionally cases of full fee histories and knowledge being leaked, which additionally helped scammers goal folks with different forms of fraud. However, as at all times, company monetary information used to fetch the best costs.
Company and Personal Information
Past monetary data and firm financial institution accounts, company methods additionally maintain a treasure trove of different information. It doesn’t must be R&D paperwork, proprietary IP or commerce secrets and techniques—even one thing as inconspicuous as worker data may very well be invaluable to criminals.
What if somebody came upon that the janitor is usually late, has ingesting issues and lately received divorced? That appears like a straightforward blackmail goal to look the opposite means when crucial…
Excessive-Profile Breaches that Raid Boards Facilitated
Chances are high, if there was a major information breach within the late 2010s or early 2020s, Raid Boards’ palms had been throughout it.
One notable instance was the sale of data from the 2021 T-Cell breach, which resulted in 37 million folks being unwillingly doxxed by cyber criminals. Nonetheless, that is simply the tip of the iceberg, as Raid was the public sale place of alternative in the course of the breaches of:
● LinkedIn (2021): This incident concerned the scraping of information from 700 million LinkedIn customers. The dataset included private particulars reminiscent of full names, e-mail addresses, cellphone numbers, job positions, office data, and different profile-related information. The hacker accountable listed the info on the market on RaidForums, offering a pattern of 1 million data as proof.
● Fb (2019): The breach affected 533 million Fb customers throughout 106 international locations. The uncovered information included cellphone numbers, Fb IDs, full names, places, birthdates, bios, and, in some circumstances, e-mail addresses. This information was obtained via a vulnerability that was later patched by Fb in 2019. Regardless of being an older dataset, it nonetheless posed important dangers for phishing and id theft.
● Astoria Firm (2021): A advertising and marketing and lead technology agency, Astoria Firm, suffered an information breach that uncovered over 10 million data. The leaked information included names, addresses, cellphone numbers, e-mail addresses, and credit score scores. The dataset was offered on RaidForums, making it a precious useful resource for id thieves and fraudsters.
● Brazilian Authorities (2021): A large information breach affected 243 million Brazilian residents, together with deceased people. The leaked data included full names, tax identification numbers, dates of delivery, and different delicate information.
What was significantly harrowing about these breaches was that US netizens realized that their safety may nonetheless be compromised by the very entities entrusted with their information.
Even when prospects are utilizing digital signatures and chansing their passwords commonly, a enterprise or authorities company could make important errors, and now that all the things is so interconnected, their lapses expose you to dangers past your management.
How Raid Boards Admins Grew to become the Architects of their Personal Arrests
The downfall of Raid Boards can largely be traced again to 2 principal causes—the location merely received too huge and demanding OpSec errors had been made by All-powerful.
Recognition-wise, the location was changing into too profitable for its personal good. This gave legislation enforcement and intelligence businesses from dozens of nations a robust cause to place an finish to Raid for good.
Nonetheless, it turned out that the location’s creator ended up being its unmaker, too. Though All-powerful was identified for utilizing personal emails, VPNs and signing all the things along with his PGP key, he wasn’t, effectively—all-powerful.
He made the cardinal error of making an attempt to enter the US illegally in 2018, which allowed the FBI entry to information about his unlawful actions. To make issues even worse, All-powerful used the identical e-mail he used to register the Raid Boards area to contact the FBI about getting his units again!
To not point out, Coelho additionally used his private system to run the official Raid Boards Telegram channel. With all of this, the April 2022 takedown of Raid was however a formality and its former head admin and founder is going through extradition to the US, together with a possible 52-year sentence if extradited.
Conclusion
The autumn of Raid Boards wasn’t the leviathan being bested—it was extra like a single smack in a endless sport of Whack-a-Mole. That is evident by Breach Boards and its fast rise to recognition, adopted by its head admin and former Raid Boards admin, additionally being arrested.
Thus, the message is evident—this battle is an ongoing on, and solely fixed vigilance and well timed rules may even the taking part in subject. Your information will at all times be on the market; the purpose is making getting it prohibitively tough and costly for any hacker, be it a freelancer or a discussion board.
