The Justice Department on Wednesday announced the largest international takedown of an online criminal hackers’ forum, an illicit Web site for the trafficking of tools and talent.
Over a 24-hour period, officials said, authorities in the United States and 19 other countries jointly shut down Darkode, the world’s most sophisticated English-language Internet forum for criminal hackers.
During Operation Shrouded Horizon, the FBI infiltrated Darkode at high levels and began gathering evidence and intelligence on members, officials said.
“Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable,” said U.S. Attorney David J. Hickton of the Western District of Pennsylvania, whose office handled the joint investigation with the FBI and the department’s criminal division.
Darkode is a tightly controlled, invitation-only digital bazaar in which a prospective member can gain admission only after posting what amounts to a professional résumé of illegal hacking capabilities, Hickton said. It launched in 2008 and has 250 to 300 members, officials said.
The forum offered the means, including exploit kits, botnets, ransomware programs and tools for mass spamming, to attack and commandeer computers. It also offered “zero day” attack tools, which exploit flaws in software that the software makers did not know existed. Hackers describe it as “the best malware marketplace on the Web,” Hickton said. It also sold stolen data — Social Security numbers, credit card numbers, log-in information and passwords.
Darkode members have “compromised millions upon millions of computers, servers, cellphones, bank accounts and social media accounts,” he said, adding that losses to victims in terms of dollars and privacy “have been extreme.” Citing the ongoing investigation, Hickton could not provide a dollar amount.
Law enforcement authorities in the 20 countries arrested, charged or searched 70 Darkode members and associates. The FBI seized Darkode’s domains and servers. In the United States, charges have been filed against 12 people; in all, 28 have been arrested worldwide.
Those charged in the United States include Matjaz Skorjanc, an alleged organizer of the forum who is accused in federal court in the District with racketeering conspiracy and conspiracy to commit wire fraud, bank fraud and computer fraud. He is also accused of selling malware known as the Butterfly bot.
Also charged was Johan Anders Gudmunds of Sollebrunn, Sweden, who is accused of serving as the administrator of Darkode and of designing and selling malicious software that allowed hackers to create botnets.
He was charged in the Western District of Pennsylvania with conspiracy to commit computer fraud, wire fraud and money laundering.
Also charged was Morgan Culbertson, also known as Android, of Pittsburgh, who is accused of designing Dendroid, a coded malware designed to remotely access, control and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.
For $300, “Android” would sell the means to take over a person’s Android cellphone. With it, for instance, one “could take photographs of you remotely, making it look like you took them,” Hickton said. Or, for $65,000, he’d sell the malware code so buyers could adapt it to their own needs.
“Today marks a milestone in our efforts to bring to justice some of the most significant cybercriminals in the world,” said Scott Smith, special agent in charge of the FBI’s Pittsburgh division.
The other countries involved in the takedown were Australia, Bosnia and Herzegovina, Brazil, Canada, Colombia, Costa Rica, Cyprus, Croatia, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia, Sweden and the United Kingdom. Europol, the European Union’s law enforcement agency, also took part.