A major cybercrime forum was just taken down by coordinated action between law enforcement agencies in nearly 20 countries. But that site, called Darkode, is just one of many forums that have become the primary hub for criminal hackers.
"These sites are the default place where cybercrime is going on," said Raj Samani, chief technology officer for the Europe, Middle East and Africa regions at Intel Security. But the marketplace is "incredibly fluid," he said, with sites appearing and disappearing constantly.
U.S. Attorney David J. Hickton of the Western District of Pennsylvania said there are "roughly 800 criminal internet forums worldwide" and that Darkode was "the most sophisticated English-speaking forum for criminal computer hackers in the world,” in a press release about the takedown.
Some of the forums can only be accessed using the anonymous browsing tool Tor, Samani said, but others are searchable from the public Internet. Darkode was a password-protected forum where prospective members were allegedly vetted by showing off their hacking skills, according to the Department of Justice. Some researchers and journalists, including Brian Krebs, were able to infiltrate the site -- as was the FBI.
These forums and black markets offering physical goods as well as digital services -- such as the now defunct Silk Road -- have helped drive the popularity of cybercrime, because the sites contain almost everything someone would need to get into hacking for profit, Samani said.
Even those without technical knowledge can visit the forums or black markets and hire people to do the individual components of a scam -- or outsource it altogether in a subcontractor-style set up, he said. As the Darkode takedown appears to show, forums can allow for international cybercrime collaboration.
Specific hacking software, translation services, secure hosting, botnets that can send powerful bursts of traffic to knock sites offline, lists of contacts for use in phishing schemes and even access to critical systems are all available for a price, Samani said. The cost of hacking tools can range from a few hundred dollars for access to a service to tens of thousands for the underlying software code, with batches of credit card numbers and other data going for bargain basement prices.
A cybercriminal could use the sites to get the means to hack a company and then turn around and sell the personal information gained from the breach. Customer records started to appear on underground forums "within days" of the Target compromise during the 2013 holiday season, according to a 2014 Rand Corporation report.
"People's entire lives are being sold," said Samani -- with full identities including names, Social Security numbers, financial data, addresses, social media accounts and other information sometimes being bundled together.
The cryptocurrency Bitcoin is one of the main payment mechanisms in these online black markets. "It's reliable, relatively instant, and pseudo-anonymous," he said, which means it can be hard to determine the actual amount of economic activity happening on through the sites.
After all, Samani said, "this is an enterprise, not just kids doing this for fun. It's driven by financial, monetary gain."