United States law enforcement agencies and their counterparts in 19 countries on Wednesday announced they had dismantled the Darkode hackers’ forum.
Charges, arrests and searches were launched against 70 Darkode members and associates around the world, and 12 people associated with the forum were indicted in the U.S.
The agencies also served several search warrants in the U.S., and the FBI seized Darkode’s domain and servers.
The operation was code-named “Shrouded Horizon.”
G-Men Save the World!
The U.S. Federal Bureau of Investigation described Darkode as “a one-stop, high-volume shopping venue for some of the world’s most prolific cybercriminals” whose admins vetted prospective members.
Like the Mafia, Darkode required that candidates be sponsored by an existing member before receiving a formal invitation to join, the FBI claimed.
Candidates had to submit a resume highlighting their past criminal activity, their particular cyberskills, and their potential contributions to the forum, and then wait for approval of their application.
Despite that vetting, the FBI claimed it infiltrated Darkode at the highest levels.
It’s a Gecko, Not Godzilla!
Darkode may not have been as much of a threat as it has been painted to be.
It’s “fairly easy for researchers and law enforcement, who have contact with many skilled individuals,” to prove they have enough cyberskills to get the backing of existing members, said MalwareTech, an individual security researcher who described Darkode as pretty much dead in the water in December.
The site’s security precautions were overblown. The domain registrar had vulnerabilities that let the domain be hijacked. Also, one of the forum’s proxies previously had been hacked, and one admin was using “a very simple password which he also used on other sites,” MalwareTech told the E-Commerce Times.
Further, Darkode “was a very small and exclusive English community,” most of whose members did business through Jabber and other forums, he remarked.
It “was best known for being an English-language forum, as most of the others are Slavic,” noted Gavin Reid, VP of threat intelligence for Lancope.
In fact, the Eastern European and Russian cybercrime forums and groups are far larger and pose more of a threat, he told the E-Commerce Times.
Rising From the Ashes
Cybercrime sites are notoriously difficult to eradicate. A month after Silk Road was busted in 2013, its successor emerged.
Silk Road 2.0 was taken down, along with more than 400 other cybercrime services, late in 2014, in Operation Onymous.
Opinion is divided as to whether we’ve seen the last of Darkode.
“Darkode has slowly lost in value over the past years, and I wouldn’t be surprised if it never comes back,” Damballa Senior Threat Researcher Loucif Kharouni told the E-Commerce Times.
“Sites like this are based on trust with the user base, and that has forever been broken,” Lancope’s Reid said.
On the other hand, “cybercriminals have too much to gain, and there will always be markets for [malware],” Proficio CEO Brad Taylor told the E-Commerce Times.
The takedown will have little to no effect on hackers, who “will learn very well from every aspect … and pop up elsewhere hardened and much better prepared,” contended Secure Channels CEO Richard Blech.
Hackers “are some of the most sophisticated and technically capable people around,” he told the E-Commerce Times. “They don’t have to follow rules or regulations, don’t have to be FIPS– or HIPAA-compliant, so the law enforcement won’t wipe them out completely.”
The market for buying and selling cybercrime tools is “tremendous, so when one marketplace falls, others will rise to take its place,” observed Satnam Narang, senior security response manager at Symantec.
Darkode’s takedown “will be largely forgotten in time,” he told the E-Commerce Times.
Most importantly, the main admin was not arrested in the takedown, MalwareTech said.He’s “pretty stubborn. I wouldn’t be surprised if he didn’t have some kind of new forum up within the week.”