The former administrator of RaidForums is contacting people in what might be an attempt to obtain a reduced sentence.
The United States government unsealed a six-count indictment charging Diogo Santos Coelho with creating and operating RaidForums. During the investigation into the forum, cooperating witnesses conducted undercover purchases from vendors on the site and relied on the middleman services provided by Omnipotent. For instance:
“On or about March 5, 2019, in the Eastern District of Virginia and elsewhere, Coelho, who was using the monikers “Downloading,” “Omnipotent,” and “Shiza,” arranged to both sell and serve as the middleman in the transaction to sell approximately 1.1 million stolen access devices to the undercover law enforcement officer. Coelho received a Bitcoin amount that was then equivalent to approximately $4,000; however, he did not provide the stolen access devices.”
Police in the United Kingdom arrested Coelho on January 31, 2022. In August 2022, a judge ruled that Coelho had substantial ties to the community in the UK and that he would not need to remain in custody for the duration of the extradition proceedings. Since then, Coelho has been “free.”
On September 14, 2022, pompompurin, the administrator of the RaidForums replacement BreachForums, posted the following:
“Recently, I’ve heard of multiple people (Me included) being contacted by Omni.
He’s using his real PGP Key, his real old Email address (He emailed me on firstname.lastname@example.org) and is contacting people at random. He originally messaged me on August 16 2022 but he is now reaching out to more people.
Today he put up a page with his new contact email and his old PGP Key ( https://rf.to ) and is sending it to people.
It should be obvious, but do not talk to him. It’s not clear if he is reaching out in order to try to get a lighter sentence by getting information on people. Talking to him as normal is fine I guess, but do not tell him absolutely anything incriminating.”
On the linked website, which Omnipotent purports is the only remaining RaidForums-affiliated domain, there is a PGP-signed message for people looking to contact Omnipotent. I have included it below:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 This is a PGP signed message from Omnipotent; The domain RF.TO is the only domain related to RaidForums that has not been seized, anyone intending in contacting me should send a PGP encrypted email to email@example.com using my known public key. I recommend you all take your security seriously and until you're personally convinced of my identity to not disclose any personally identifiable information in emails or otherwise. If you do contact me via email please include your public pgp key and please note that if I reply it will be from a different email address but my message will be signed, if you use Session please include your Session ID for ease of communication. https://rf.to - Signed ~1663278900 Godspeed to you all. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEECogno842/WIsJjnCusnASMulpNgFAmMjn3YACgkQusnASMul pNga+hAApFojVDWFqGR4Z42zxF1UezICm92/StQLv2DWjOHrjjFBHREpvMvEdUhH R8Ty+TXYLbvaJyZ4+E1bc5E/CNl+fB/8qF6dMvdfFRBCxfKUDXhDu4yXsnJLW9qV WyeikoxedmSmRGTLbJmVlZuUYvCyH2CeCTSIKYnOM8PV3KpZNIRJP1nEC9jik8+m o9ZPtjT765FxpUrvXKXmbzg9P1yhVBuHI1//wALrBIC9mtIv3WvBHN4i6vbqjNOX ZoEWApblmYd4qam7f/FgZwuIHStJJHh7Fs0/eQ/8GjMPHS+zOX9abhmvvg0tVfSm EqDwIBJ2PwFpZ4/kSIz33p03qs8l1lIQwr4UCrUcFiLfELLkWK061VItAH5O4Bub Y4KNuuQgbemzIQI2AjfHGxD4xF231BA6em3Lyd3BWsoWaSZEyxFAAd0XyiXwokrg BPxBnDDxBSwu9+P/+sq+0CulcGF29C4XlcVnl8EA8l2InjUQYVHvQoyvvNZVlu6I DsO1moOA63pS9O+YhzgLfUwxs84P42u0eREnvUfe6sB6ECUtxJ4Ggz2da5PpavlP Wk4jPNB6mei7RoLIf91oDFhGrVWZw7JUlzlhAKLu7OgofB8XVgKK7rvt1NDRt9V8 40UJD/BAS7uhS08Ljp5/SNfxqUL6gnRmInt3Tdw3K4fiES6wnMg= =NWxB -----END PGP SIGNATURE-----