Upstart crime site woos Raid Forums orphans

Breach Forums launches as alternative to mysteriously torpedoed illicit cyber crime community.

A new crime site for hackers is positioning itself as an alternative to Raid Forums, a popular watering hole for threat actors before it was mysteriously taken down in February.

The new site, Breach Forums, was launched by an old Raid Forum hand who goes by the handle "pompompurin," according to a blog post this week by Flashpoint, a threat intelligence company. In the welcoming thread to the forum, pompompurin stated that the new hacker community was being created as an alternative to Raid Forums.

“If RaidForums does ever return in any official capacity,” pompompurin wrote, “this forum will be closed and this domain will redirect to it.”

With a little more than 1,500 members, Breach Forums has a long way to go before it reaches the 748,348 members Raid Forums had before its demise.

A market for a forum to buy and sell stolen credentials

Raid Forums was a mid-tier English-language hacking forum that attracted a wide international audience of threat actors, Flashpoint explained. The forum was one of the most popular illicit online forums on the public internet and was notorious for its high-profile database leaks and offerings. Breach Forums aims to fill the vacuum in the fraud community created by the closure of Raid.

Breach Forums is on its way to replacing Raid Forums, observes Dan Piazza, technical product manager for Netwrix, an IT security software company. "However," he adds, "there are also dark web alternatives that previous Raid Forums users may flock to instead. Only time will tell," he says, "but there's clearly a market for a surface web forum where credential breaches can be bought and sold."

"At least a chunk of the activity and function of Raid Forums will make its way to Breach Forums," adds Casey Ellis, CEO and founder of Bugcrowd, which operates a crowdsourced bug bounty platform. “I wouldn’t be surprised if the starting from scratch aspect of that shift will result in some new and novel ways to use this type of community."

Single enforcement event not likely to have significant impact on cyber crime

Piazza downplayed the impact that the rise of a Raid Forums proxy will have on security professionals. "I personally don't think this will have much impact on security professionals," he says. "Raid Forums wasn't the only site offering this kind of community—especially when you consider the dark web and private discussion groups in chat software like IRC."

"I am not sure much really changes," added John Bambenek, principle threat hunter at Netenrich, an IT and digital security operations company. 

"On the internet, crime still pays, so until takedowns—and more importantly, arrests—radically increase, there isn’t much incentive against criminals remaining criminals. Much like a seizure of a large cache of drugs and guns, "no single enforcement event has a long-term significant impact on crime."

ESET Distinguished Researcher Aryeh Goretsky, though, maintains that monitoring criminal ecosystems can be tricky. "It requires not just time and patience, but specialised skill sets, temperaments and knowledge about the participants and their behaviours, interests, and activities," he says. "Having to restart learning, of course, can be difficult in a new and unknown environment."

Ellis adds that the main challenge for security professionals posed by the demise of Raid Forums is its disruption to breach and threat intelligence sources. 

"In some ways, having a stable criminal community, which can be observed or infiltrated by benevolent researchers, is as valuable a defensive asset as it is useful for the bad guys," he says. "When a source gets burnt like that, the ability to glean intelligence gets burnt as well."