A new crime site for hackers is positioning itself as an alternative to the Raid Forums, a popular watering hole for threat actors before it was mysteriously taken down in February.
The new site, Breach Forums, was started by a Raid Forum alumnus who goes by the handle “pompompurin”, according to a blog post published this week by Flashpoint, a threat intelligence firm. In the forum welcome thread, pompompurin said that the new hacker community is being created as an alternative to the Raid forums.
“If RaidForums ever returns in an official capacity,” pompompurin wrote, “this forum will be closed and this domain will be redirected there.”
With just over 1,500 members, Breach Forums has a long way to go before it reaches the 748,348 members that Raid Forums had before its demise.
A marketplace for a forum for buying and selling stolen credentials
Raid Forums was a mid-level English-language hacking forum that attracted a large international audience of threat actors, Flashpoint explained. The forum was one of the most popular illicit online forums on the public Internet and was known for its database leaks and high profile offerings. Breach Forums aims to fill the void created by the Raid shutdown in the fraud community.
Breach Forums is set to replace Raid Forums, observes Dan Piazza, technical product manager for Netwrix, an IT security software company. “However,” he adds, “there are also dark web alternatives that former Raid Forums users can flock to. Only time will tell,” he says, “but there is clearly a market for a Surface web forum where credential breaches can be bought and sold.”
“At least some of the activity and function of the Raid forums will go to the Breach forums,” adds Casey Ellis, CEO and founder of Bugcrowd, which operates a crowd-sourced bug bounty platform. “I wouldn’t be surprised if the start-from-scratch aspect of this change translates to new and new ways to use this kind of community.”
A single law enforcement event is unlikely to have a significant impact on cybercrime
Piazza downplayed the impact that the rise of a Raid Forums proxy will have on security professionals. “I personally don’t think it will have much of an impact on security professionals,” he says. “Raid Forums wasn’t the only site to offer this kind of community, especially considering the dark web and private discussion groups in chat software like IRC.”
“I’m not sure much really changes,” added John Bambenek, principal threat hunter at Netenrich, an IT operations and digital security firm. “On the internet, crime always pays, so until takedowns – and more importantly, arrests – increase dramatically, there’s not much incentive to keep criminals from staying criminals. Just like the seizure of a large cache of drugs and weapons, “no single event has a significant long-term impact on crime”.
ESET Researcher Emeritus Aryeh Goretsky, however, argues that monitoring criminal ecosystems can be tricky. “It requires not only time and patience, but also specialized skills, temperaments and knowledge about the participants and their behaviors, interests and activities,” he says. “Having to restart learning, of course, can be difficult in a new and unfamiliar environment.”
Ellis adds that the primary challenge for security professionals posed by the demise of Raid Forums is its disruption of breach and threat intelligence sources. “In a way, having a stable criminal community, which can be watched or infiltrated by benevolent researchers, is a valuable and useful defensive asset for bad guys,” he says. “When a source is burned like this, the ability to glean intelligence is also burned.”
Copyright © 2022 IDG Communications, Inc.