Why won’t law enforcement answer questions about RaidForums? Or have they just winked?
“Oh for f*** sake,” a February 25th message on Signal to me began.
RaidForums had been seized, I was told. But had it been?[Note: this article does not link to RaidForums’ site as it is may still be a phishing page.]
A WHOIS lookup on the domain today shows that the registration for RaidForums[.]com was last updated on February 25. But what happened that day? And where is the site’s owner?
Weeks earlier, the owner, “Omnipotent,” had seemingly left a message on his Telegram account that he would be away on vacation from January 31 – February 7. But he didn’t return as scheduled. RaidForums was down for a number of days until an administrator issued an announcement that Omnipotent was off dealing with some things and things might be a bit slower and inconvenient for a while for those who wanted to buy forum credits or upgrades.
But normalcy never returned and on February 25, an administrator (“Jaw”) posted a notice on the forum’s Telegram account saying that domain had been seized. In a companion message, a second administrator (“Moot”) locked the chat and instructed everyone to wait for further updates.
The raidforums.com domain has been seized. I encourage anybody that attempted logging in to change your passwords and clear any logs you have. The new domain will be https://rf.to for anybody interested in staying.
Although the message said the domain had been seized, there was no seizure notice on the site, and as user @Pompompurin spotted immediately, the home page didn’t look like RF’s normal login page. In fact, as he informed DataBreaches.net, the home page had been replaced by a phishing page to get users’ login credentials.
Attempting to sabotage the as-yet unidentified phishers, Pompompurin began DDoSing the site. That appeared to work for a while until CloudFlare imposed rate-limiting which made that attempt futile.
It is now three days later and there is still no seizure notice on the site. If a government seized it, would they really use such an amateurish looking phishing page? Is it possible it is not a government that is involved?
And what happened to “Omnipotent?”
According to a source with some knowledge of the situation, Omnipotent was allowed to call an administrator to say the domain was seized. But where is he and why hasn’t he been in subsequent communication?
DataBreaches.net reached out to three law enforcement agencies to ask whether they had any involvement in any seizure of RaidForums or any possible arrest of “Omnipotent.”
Because DataBreaches.net believes that Omnipotent may be a British citizen, both the National Crime Agency and Metropolitan Police were contacted. The Met Police (probably better known to Americans as Scotland Yard) responded promptly that they were not the right agency to query and that this site should contact the National Crime Agency.
As it turns out, this site had already queried NCA, who also promptly responded that they weren’t the right agency to query:
This is not an issue the National Crime Agency can comment on as we
cannot comment on.
The National Crime Agency is not a crime reporting Agency.
In a follow-up inquiry, this site asked the NCA who would be the correct agency, noting that the Met Police had said that NCA was the correct agency. So far, no further reply from NCA has been received.
As to the FBI/USDOJ, well, it took multiple attempts to get a response from their press office. In its last version, this site asked them:
Does DOJ/FBI have any knowledge of or any involvement in any seizure of the hacking website known as RaidForums.com? If so, what can DOJ/FBI tell me? Has the government seized that site and/or server and if so, were other governments also involved?
The response from Joshua Stueve, Spokesman for the U.S. Department of Justice read:
Thanks for reaching out. Decline to comment.
I will let readers speculate about what that means. For my part, I replied to Mr. Stueve by noting that I will obviously need to rule the world to get answers.
Working on it….