On Wednesday, news broke the the Department of Justice dismantled the storied computer hacking forum Darkode and filed criminal charges against 12 people in the US who were allegedly associated with the website.
Darkode, which has been around since 2007, was one of the few online marketplaces for English-speaking hackers (most others are in Russian). US attorney David J. Hickton described Darkode as “the most sophisticated English-speaking forum for criminal computer hackers in the world,” in the Department of Justice’s press release.
Getting access to the website was a mini feat. Every user had to be vetted by another user, and also provide proof of their own hacking prowess.
“Only those proposed for membership by an existing user could join, but not until they posted a resumé of the skills and achievements that could contribute to the criminal community. There was a hierarchical membership structure, and the status of users determined who they could communicate with, and their access to the commodities and services on offer,” wrote the UK’s National Crime Agency.
But once users gained access to Darkode, they were given access to an insane cornucopia of hacking products.
Journalist Brian Krebs was granted access, and kept a low profile for years on the website to keep tabs on what hackers were talking about and what new pieces of malware were about the hit the mainstream.
Thanks to investigators like Krebs, we have an idea about what people could see and purchase, once they were given access to Darkode. Here’s a non-exhaustive list:
- Exploit Kits: Hackers frequently bought and sold exploit kits, which are prepackaged software bundles of malware. Think of them sort of as a malicious grab bag of things hackers can use all coming from one place.
- Spam services: These are codes build specifically to send out endless spam emails
- Ransomware services: These are a specific type of malware that, when a victim downloads, encrypts all their files and holds it ransom for a price (usually in bitcoin). It’s one of the most successful ways to get money out of unsuspecting web victims
- Botnets: They are a network of zombie computers. Hackers infect numerous computers with malicious code, which can then be controlled remotely from these hackers. They are often used for spamming purposes
- Zero-days: These are vulnerabilities in software that have yet to be disclosed. They are the holy grail of hacking because if a hacker learns of a zero day, they can wreak havoc since no one else knows about it.
Though Darkode is a pretty big get for the Feds, it’s only a drop in the bucket. The DOJ itself estimates that there are at least 800 other online criminal forums.
Source: Business Insider