Editor’s Note: For the last five years, RaidForums has made a name for itself for being a constant source of high-profile database leaks.
Its community of hacking enthusiasts (the site officially has more than 500,000 members, with about 20,000 active users on any given day) advertise tools that can be used in cyberattacks, sell access to compromised organizations, dump breached databases on the site, and chat about ordinary news—including politics and sports games.
RaidForums was started in 2015 by a user named Omnipotent, who still operates the site. Despite his Twitter account and thousands of posts on the forum, Omnipotent keeps a low profile. On RaidForums he gives his location as London, England, and lists his interests as “gaming, learning,” but doesn’t talk much about his personal life.
Omnipotent talked with Recorded Future expert threat intelligence analyst Dmitry Smilyanets about why he started RaidForums and what it’s like to operate it. The interview below has been lightly edited for length and clarity.
Dmitry Smilyanets: How did you decide to create a forum? Was your initial goal to make money?
Omnipotent: The initial purpose of making the website was to provide a stable platform for “Twitch raiders.” In 2015, there were many other forums or websites, but the owners lacked the experience to maintain their websites as they were constantly being taken down by DDoS attacks [editor’s note: DDoS, or distributed denial-of-service, attacks flood websites with junk traffic, making them unreachable]. So I went out of my way to create a stable website for this specific community, as a dear friend of mine was a big figure in “Twitch raids” who went by the name “Celaeon” and had a massive YouTube following. The idea was never to make any money as there were no options to pay us at the start. We eventually started accepting donations to help with upkeep, such as server costs, and as the website evolved to what it is today we offer ranks like many other websites but even still we are much cheaper and have never required subscriptions—everything is lifetime.
DS: Who came up with the idea of the default anime girl avatar and GOD user status?
Omni: Community members requested higher ranks to essentially “show off” to each other with special names and perks, but the main reason why these were actually added was to give new users another way of obtaining forum access. Currently, with a new account you can’t even message users via our system unless it is a staff member. This is due to the copious amount of spam that was happening, as bot accounts were being set up to flood our users’ inboxes with adverts and such. You can manually and free-of-charge build up your account to the point where you can send messages and post a lot more, or you have the option to skip all of that for a relatively small donation, which unlocks your account for life.
In relation to the mascot question, this was just a user submission—the community is large and many people submit logos and ideas to us, and sometimes we will take their work and imbue it into the website.
DS: Who are your role models? What do you think of Elon Musk?
Omni: I don’t really have a role model? I’m not trying to follow anyone’s footsteps. I am assuming you asked me this question about Elon Musk because I follow this person on Twitter. The sole reason for this is because I hold stock and own items from his companies, thus it’s in my personal interest to be in the know however I can.
DS: RaidForums is currently positioned as one of the biggest communities for a wide variety of online activities. There is also a very strong legal section and rules. But I can’t miss the “Leaks Market” that allows members to trade stolen personally identifiable information. Do you believe it is within legal boundaries to host such content?
Omni: You reference the “Leaks Market” subforum—it is apparently used to trade PII but it’s not my place to police it. Following our terms and my personal opinion, I should not be personally liable for what people sell or don’t sell on this section, as there is no way for me personally to know if these users are indeed in the possession of whatever data they claim to be trading. And I can not know personally if they have obtained said data legally or illegally.
At the end of the day, the sale of PII is commonplace in businesses such as Facebook and I see what these users are doing as no different from what a big corporation like [Facebook] does in this specific aspect. I don’t really follow this subforum that much—like I said, I don’t personally police it at all. In my view these are just articles without foundation, people can advertise whatever they want and a lot of them, as you can see by our scam reports, are completely false and just trying to scam people. Therefore, me hosting a bunch of “random” articles shouldn’t be illegal in the slightest. But if we receive any reports from authorities regarding an article which, for example, includes samples which we are hosting, those samples will be moved off our website to comply with those specific laws. But the article itself will remain, as it’s protected by free speech or freedom of the press—whatever you want to call it.
My personal goal with the website at the current moment is making data free, in essence taking away money from people who are illegally selling and buying this data for all the wrong reasons.”—Omnipotent, founder and operator of RaidForums.
DS: You mentioned that you were glad that the Ledger database was leaked on RaidForums, can you explain your position?
Omni: I have already explained my position on the unfortunate event that was the Ledger incident. But in the real world, these incidents are happening every single day and people are using the dark web and other means such as my website to trade this data between each other, which is illegal. I personally don’t believe in attempting to sell data for hundreds of thousands of dollars as these “hackers” do. I personally believe in letting this data be public and in essence allowing any person to view how they were affected and protect themselves by changing emails, changing passwords, and taking precautions in the future. This is what our “Databases” section was made for: sharing to the community and by extension to the public any and all data you have free of charge. So seeing that this community was able to alert Ledger and its users of what had been going on in the background between “hackers” for months made me happy, as it leads to people being educated on how to defend themselves from phishing attempts and leads them to see how important their online security is.
DS: In the past year, RaidForums attracted some skillful hackers who have begun selling initial access to networks. Aren’t you afraid that the access can be purchased by the ransomware affiliates and bring unwanted attention to the forum?
Omni: My personal goal with the website at the current moment is making data free, in essence taking away money from people who are illegally selling and buying this data for all the wrong reasons. Therefore any attention we draw to ourselves will just further this goal. The more people that know about us the better, as this will lead to more data being publicly released for the public to defend themselves. Like I stated previously, I have no intention of policing users’ sale attempts as I cannot myself verify these claims and do not know if the data being sold has been legally or illegally obtained or if it is even real at all. In conclusion, I am not afraid about the attention as it will lead to more data out there in the public domain for legal uses.
DS: I observed several doxing incidents on RaidForums. In the Russian-speaking cybercriminal underground this is usually against the rules. What do you think when forum members dox each other?
Omni: I don’t think much honestly, for all intents and purposes we do not allow doxing on the website itself. But we can’t stop people from doxing—we therefore have a subforum in which you are allowed to post a hyperlink to off-site Pastebin-like services with the victim’s information. Honestly, I see both sides of doxing… Some people such as pedophiles or malicious “hackers” kind of deserve to be doxed and have their information leaked not only for public safety but also to help federal associations in the arrest of these criminals. On the other hand, there are malicious people who dox for extortion etc., which is not great but will always happen regardless of what we do. But I do what I can—for example, there are various rules in an attempt to protect our users from being doxed, but in reality the best we can do is ban the offender, which if anything just fuels the fire.
DS: How do you see the future for RaidForums? Do you plan any special events for 2021?
Omni: Personally I don’t like to plan things, as things never ever really go to plan. Who knows what is to happen tomorrow to the website. I know that no matter what, the community will live on regardless of me or this website. On the topic of any ideas for the website itself, we are always developing and working on new features for the website, so hopefully in 2021 we can release more security and feature updates but nothing special.
DS: How big of an issue is it for you that law enforcement surveils the forum? What percentage of accounts do you think are law enforcement?
Omni: Well, I just assume that the forum is being surveilled but then again in this day and age everyone is being surveilled. It’s very likely that any website of this size would be surveilled by multiple federal and non-federal entities. In conclusion, I am not bothered by it as I try my best to be a law-abiding citizen.
DS: You mentioned that you are paying taxes on the income from the RaidForums operation. Is this true? How much income did it bring in 2020?
Omni: I am sure anyone reading this would expect this reply but I am not comfortable sharing any information about my personal finances. The website is not a registered business and any payment is seen as a donation, but in reference to my previous comments I try to be a law-abiding citizen always, so I pay all the taxes that I am legally required to pay. But, for example, in my country of residence cryptocurrencies do not pay any tax whatsoever, and therefore I too don’t pay tax on any earnings made in this form.
DS: Tell me a secret, what’s your day-to-day like, and how many hours a week do you spend on running RaidForums?
Omni: My day-to-day isn’t really a secret, everyone nowadays is under some kind of lockdown so it doesn’t surprise me if my life resembles 90% of the population. I rarely ever exit my place of residence, so my day-to-day is staying indoors, talking to friends online, and providing support to the community essentially is my whole day. It’s quite plain, but it’s all any of us can do to keep the public safe these days with the pandemic. So technically if you were to ask me how long I spend on my website it would be from when I wake up to when I go to sleep—I am essentially always online as long as I am awake.