Technology & Science

Darkode cybercriminal hacker marketplace shut down

Investigators have shut down what they call the world's largest-known English-language malware forum, an online marketplace called Darkode.

12 charged in relation to forum where cybercriminals bought, sold malware, hacked databases

FBI Supervisory Special Agent J. Keith Mularski, displays a screen shot from the Darkode website, top left, where cybercriminals bought and sold hacked databases, malicious software and other products that could cripple or steal information from computer systems. (Gene J. Puskar/Associated Press)

Investigators have shut down what they call the world's largest-known English-language malware forum, an online marketplace called Darkode where cybercriminals bought and sold hacked databases, malicious software and other products that could cripple or steal information from computer systems, the Justice Department announced Wednesday.

Twelve people linked to the site have been charged.

U.S. Attorney David Hickton announced the charges in Pittsburgh and called Darkode "a cyber hornet's nest of criminal hackers."

"Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States," he said.

More than 70 cybercriminals in the United States and 19 other countries, including Canada, are targets of the investigation, authorities said. In addition to those who were charged, others were the subject of search warrants because some countries require evidence to be seized before criminal charges can be filed, investigators said.

On the forum, hackers sold malware, including hacking and spam tools and services, and methods for cyberattacks on governments and companies. They also solicited others to install it on unsuspecting victims' computers, investigators said. Marketplace members also bought and sold stolen databases, some containing millions of people's email addresses or personal information, often used in identity-theft and computer fraud schemes. 

The site, which had roughly 250 to 300 active members, was seized and shut down by authorities Tuesday.

Those arrested or searched live in the United States, United Kingdom, Australia, Bosnia-Herzegovina, Brazil, Canada, Colombia, Costa Rica, Croatia, Cyprus, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia and Sweden. There are victims in all of those countries, and others, authorities said.

By invitation only

Hackers couldn't just log onto the site. They had to be vouched for or nominated by current members to be able to buy, sell or solicit illegal wares or services on the site, authorities said.

Darkode's advertised products included personal information of 39,000 people from a database of Social Security identification numbers and 20 million emails and usernames that could be used to target people for identity theft, phishing emails or other schemes.

"Darkode was unusual because it was a virtual crossroads for criminal hackers from a variety of languages, countries and backgrounds," said Brian Krebs, who writes about cybercrime on krebsonsecurity.com and had infiltrated the forum in order to study it.

"For many years, some of the most accomplished cybercriminals sold their wares and services on this forum, including everything from denial-of-service attacks for hire to malicious software and stolen identities and credit cards."

Among those charged was Johan Anders Gudmunds of Sollebrunn, Sweden, known as Synthet!c, who the Justice Department said was Darkode's administrator. Residents of Pennsylvania, New York, Florida, Indiana, Wisconsin, Louisiana, Slovenia, Spain and Pakistan also were indicted.

Those charged are accused of crimes including conspiring to commit computer fraud, wire fraud and money laundering, selling and using malware programs that could steal data from computers and cellphones and using "bot" networks to take over computers and send spam emails.

With files from Reuters

Comments

To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.