Follow us

Sudden suspension of Raid Forum - famous Dark Web Forum

The famous underground website, Raid Forum, appears to be down as stated by the owner. DDoS attacks or domain suspension are the possible reasons.

Published: October 8, 2021 By Ozair Malik

The title image showing a Warning Sign with Dark web written beneath

Image source - idagent.com

Raid Forum, the famous dark web forum marketplace with 445,000 users allowing them to sell and purchase exclusive data leaks and sharing sources, was seen as unresponsive to users. The issue was reported earlier, on Oct 1, 2021.

The forum 'Omnipotent' owner addressed the issue, stating that the Website is down due to the domain's suspension and that the problem is in process.

The image of the Statement of owner Omnipotent quoting "The population is down because the whole website domain is suspended, so I have to deal with it

 Image source – cybernews.com

Meanwhile, some other trusted websites also reported the issue showing the Website's status as 'Client Hold.' Surprisingly, the researchers have claimed that the Website was still accessible to the users through the Tor browser.

From the last few months, Raid Forums has been seen in several controversies. The Website is a frequent target of DDoS attacks. In the previous week, the Website exposed their staff's personal information, which was available for five days as per reports.

Latest Update: The Website was again responding after a couple of hours. It seems that the issue was resolved but only to reoccur the next morning when the Website was again found closed. The developers still claim that they are solving issues.

The image of Raid Forums home page showing a message "Raid Forum is temporarily closed while we are having some issues

 Image source — bleepingcomputer.com

Disclaimer: Users who don't know much about the dark web are strongly discouraged from visiting these websites. They have malicious files that can steal your data and can cause severe damage. If you are going to access the Dark web, you are advised to use the Tor browser for your safety.

What does the status 'Client Hold' mean? What makes the site accessible through TOR?

The client hold status indicates an issue with your domain that needs resolution. This status usually appears during legal disputes, non-payment, or when your part is subject to deletion. These are the possible reasons by which the Raid Forums website domain got suspended.

The Cyber Security Research officers claimed that the Website was still live while accessing it with the TOR browser. TOR browser is like an internet browser that allows its users to surf the internet anonymously.

According to researchers, if a forum's domain gets suspended, the only possibility of gaining access to the forum through the TOR browser is if and only if "the forum servers are operational." It implies that Raid Forum servers were operational. However, the admin was updating the user's time and was asking for patience.


What research says

It's not yet clear why Raid Forum got suspended. However, the suspension might have originated from the forums' service providers and law enforcement agencies. The senior journalist reported the possible reasons for the suspension on different platforms.

 One of the famous journalists, Douglas Mun, tweeted by referring to last week's Incident involving accidental exposure of employee data. She says that Raid Forum's failure might be the reaction of the law enforcement agencies. She added that the staff info leakage might have given clues to the law enforcement agencies to take action.


The historical context

Last week on Sept 23, 2021, the Raid forums staff private data and intercommunication was exposed to everyone. Usually, the "Staff General" section on Raid forums is restricted to internal staff members only. Still, in an ironic twist of fate, this private section was accidentally left open for viewing by anyone. The personal communication between the members was visible to everyone using the Website.

This has not happened just for a moment; it stayed public for five days. Researchers noticed that Google had advised some private websites about account security by mid of August; Raid forums were one of them. Google advised them to use password managers and enable two-factor authentication privacy.

The image showing the general staff communications of Raidforums between the members

                                             Image source — bleepingcomputer.com

After the Incident, the users of the forum got into apprehension. The users on the dark web have hidden their identity to avoid any exposition. But this Incident made them worried about their identities and their sales, and previous history.

The site has also been accused of having poor security standards since the Incident occurred. Some of the users took this issue to social media, thus blaming the website owners for being negligent regarding the personal information of staff members.  This situation called for immediate action to maintain tighter security controls, so the personal data of users and internal stakeholders remains safe.

Also, the forum was a victim of frequent DDoS attacks. DDoS (Distributive Denial of Service) is a method where cybercriminals flooded a network with so much malicious traffic that it cannot operate as it normally would. Several times the Website is showing Error 503 means the Website is overloaded. But this time, the case seems to be different.


Russian and Indonesian allegations on Raid Forums

As mentioned above, Raid Forums have been in the news for a long time. On May 24, 2021, Indonesia has started a campaign against Raid forums as they had leaked personal data of more than 200 million Indonesians. Today one of the researchers stated that Indonesia might be the reason behind the domain suspension.

 Similarly, Russia banned Raid Forums as they made a joke of their 'Ban Ransomeware' campaign. As earlier, Raid forums announced that ransomware is now forbidden on Raid forums. Later, the site admin clarifies that they had made their announcement in jest. Also, in 2018, Russia accused Raid Forums of a data breach.

One of the popular social media applications, Linkedin, 70 million users' data was exposed and was sold on the Website earlier this year. This history of data breaches made the Website popular among the dark web forums. The majority of the data breaches information is available over the Website.


Response by Raid Forums

Later on Oct 2, the official statement from the website owner came to users providing the reasons for the Incident.

The site owner labeled this event as unprecedented and explained that it has resulted after Brazilian government authorities complained about content to their new registrar.

The site had just transferred to this new registrar NameSilo from CloudFare to ensure better risk controls in terms of operational security. Soon after, the registrar suspended the domain, hoisting down the site and refusing to provide the domain, the site decided to move back to the previous registrar.

However, this re-shift appeared out of possibility as a site needs 60 days for registrar transfer. The site has no other option to continue operational but to use a mirror domain to provide excess to users using a different address.

All traffic until then is redirected to the mirror domain temporarily until the end of October. The site owner apologizes for the inconvenience caused to the users and looks forward to seeing all traffic to the original domain by Oct 30.


Conclusion

The famous marketplace offering data leaks, Raid Forums, was found inaccessible yesterday. Although the site was reported to be accessible through the 'Tor' browser, most of its users were unable to access it or had limited accessibility. The site authorities soon responded to address the issues claiming that it had occurred due to a complaint lodged to the domain registrar.

The site also holds a history of being reported by several governments due to its content. There are also reports of loose security controls that resulted in accidental data exposure, including staff members' data. Also, there was news of the site being warned by google to strengthen security controls.

The site now aims to reverse a change in the domain, which requires 60 days to be completed. Until then, users would be able to access data through a different link.  The site owners would keep their users informed about any change in how the site can be assessed.

Tags: 
News
Author
Ozair Malik
A passionate Cyber Security researcher and writer with a keen interest in Digital Forensics. A community worker running a insta blog to raise cybersecurity awareness among laymen.

Write a review

click to select