Malware And Hacking Forum Darkode Is Shut Down; Dozens Arrested by FBI

Darkode : The open web marketplace for selling and buying malware and hacking tools shut down in international swoop

Federal Bureau of Investigation’s fight against the cyber criminals just that bit got stronger. The FBI in conjunction with other US federal authorities and International crime fighting  agencies conducted a midnight swoop on malware and hacking forum called DARKODE.

Announcing an international takedown of the malware marketplace, federal officials say that the forum called Darkode has been dismantled and dozens of its members have been arrested.

Darkode has been a marketplace where cybercriminals can purchase and trade hacking tools and it has been in existence since at least 2008.

Investigators say that while the forum’s existence was widely known, it was often operating in a hushed way making the authorities difficult to penetrate it until recently. Among the protections that Darkode used to keep the investigative agencies away as a unique referral system for membership. It also had multiple password protections in place.

On Wednesday, after the raid, the website put up an image saying that it had been seized by authorities.

the FBI and other officials say that they have made arrests in 20 countries with indictments for 70 individuals, including 12 in the U.S., from Wisconsin to Louisiana.

“The FBI has effectively smashed the hornets’ nest,” said U.S. Attorney David J. Hickton, “and we are in the process of rounding up and charging the hornets.”

Hickton called Darkode one of the greatest threats to online security, mentioning one forum member who put up software (for a price of $65,000) that can take over cellphones. In another case, he said, a user offered the ability to steal and sell lists of friends on Facebook.

Hickton said that Darkode was operated very differently to other Dark Web marketplaces and was also available on the normal net unlike them. He added that members could either “subscribe” to such hacking tools or buy them outright.

Those indicted include Johan Anders Gudmunds, identified by federal documents as an administrator of Darkode who created and owned one of the largest botnet of hacked computers collection, that stole private information “on approximately 200,000,000 occasions.”

John Lynch, chief of the criminal division’s Computer Crime and Intellectual Property Section, called Darkode “a self-contained market” with sophisticated relationships in which participants used their connections to maximize the amount of money and damage they could extract.

The arrests come after a two-year covert FBI undercover operation that infiltrated the forum, said FBI Special Agent in Charge Scott S. Smith.

Police and investigative agencies from Brazil and Costa Rica to Latvia and Macedonia actively collaborated with FBI to bring Darkode down.

The Pittsburgh Post-Gazette explains how the investigation started:

“Following a lead generated in Pittsburgh around 18 months ago, the FBI cybersquad here launched Operation Shrouded Horizon. The bureau’s local office assembled a coalition that started domestically with the bureau’s offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria.”

Federal officials say the investigation into Darkode is continuing.

Here are the defendants who are facing charges in the U.S., from the Justice Department news release:

• Johan Anders Gudmunds, aka Mafi aka Crim aka Synthet!c, 27, of Sollebrunn, Sweden, is charged by indictment with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He is accused of serving as the administrator of Darkode, and creating and selling malware that allowed hackers to create botnets. Gudmunds also allegedly operated his own botnet, which at times consisted of more than 50,000 computers, and used his botnet to steal data from the users of those computers on approximately 200,000,000 occasions.
• Morgan C. Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information with conspiring to send malicious code. He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android smartphone. The malware was allegedly offered for sale on Darkode.
• Eric L. Crocker, aka Phastman, 39, of Binghamton, N.Y., is charged by criminal information with sending spam. He is accused of being involved in a scheme involving the use of a Facebook Spreader that infected Facebook users’ computers, turning them into bots that Crocker controlled through the use of command and control servers. Crocker sold the use of this botnet to others for the purpose of sending out massive amounts of spam.
• Naveed Ahmed, aka Nav aka semaph0re, 27, of Tampa, Fla.; Phillip R. Fleitz, aka Strife, 31, of Indianapolis; and Dewayne Watts, aka m3t4lh34d aka metal, 28, of Hernando, Fla., are each charged by criminal information with conspiring to send spam. They are accused of participating in a sophisticated scheme to maintain a spam botnet that utilized bulletproof servers in China to exploit vulnerable routers in third world countries, and that sent millions of electronic mail messages designed to defeat the spam filters of cellular phone providers.
• Murtaza Saifuddin, aka rzor, 29, of Karachi, Sindh, Pakistan, is charged in an indictment with identity theft. Saifuddin is accused of attempting to transfer credit card numbers to others on Darkode.
• Daniel Placek, aka Nocen aka Loki aka Juggernaut aka M1rr0r, 27, of Glendale, Wis., is charged by criminal information with conspiracy to commit computer fraud. He is accused of creating the Darkode forum, and selling malware on Darkode designed to surreptitiously intercept and collect email addresses and passwords from network communications.
• Matjaz Skorjanc, aka iserdo aka serdo, 28, of Maribor, Slovenia; Florencio Carro Ruiz, aka NeTK aka Netkairo, 36, of Vizcaya, Spain; and Mentor Leniqi, aka Iceman, 34, of Gurisnica, Slovenia, are each charged in a criminal complaint with racketeering conspiracy; conspiracy to commit wire fraud and bank fraud; conspiracy to commit computer fraud, access device fraud, and extortion; and substantive computer fraud. Skorjanc also is accused of conspiring to organize the Darkode forum and of selling malware known as the ButterFly bot.
• Rory Stephen Guidry, aka [email protected], of Opelousas, La., is charged with computer fraud. He is accused of selling botnets on Darkode.
• In a related case, Aleksandr Andreevich Panin, aka Gribodemon, 26, of Tver, Russia; and Hamza Bendelladj, aka Bx1, 27, of Tizi Ouzou, Algeria, pleaded guilty on Jan. 28, 2014, and June 26, 2015, respectively, in the Northern District of Georgia in connection with developing, distributing and controlling SpyEye, a malicious banking trojan designed to steal unsuspecting victims’ financial and personally identifiable information. Bendelladj and Panin advertised SpyEye to other members on Darkode. One of the servers used by Bendelladj to control SpyEye contained evidence of malware that was designed to steal information from approximately 253 unique financial institutions around the world. Panin and Bendelladj will be sentenced at a later date.