In an international coordinated action against the hacking forum and its users, investigators from all over the world targeted cybercriminals using the Darkode forum to trade and barter their hacking expertise, malware and botnets and to find partners for their next spam runs or malware attacks.
The operation was led by the FBI and supported by Europol’s European Cybercrime Center (EC3) with the involvement of law enforcement officers from 20 countries in and outside the European Union.
The takedown and arrests were coordinated from command posts set up by the FBI and Europol’s EC3. From the command post in EC3, representatives of the Republic of Srpska (Bosnia and Herzegovina), Cyprus, Denmark, Finland, Germany, Latvia, former Yugoslav Republic of Macedonia, Romania, Serbia, Sweden, United Kingdom and the FBI coordinated the technical take down of the forum, alongside further law enforcement actions which resulted in 28 arrests, 37 house searches and numerous seizures of computers and other equipment.
The curtain fell on the cybercriminal forum when the site was taken down and a banner was put up online indicating the FBI, EC3 and international partners had control of the site. This signified the end of Darkode, the most popular English-speaking hacking forum ranking in the top five of the most prolific criminal forums worldwide, a ranking otherwise dominated by Russian-speaking criminal platforms.
The more than 250-300 users of Darkode formed a closed community. Membership was by invitation only, and only after being vetted by a trusted member of the forum. Although there were several scandals, changes and rumors the forum was compromised during the course of its existence, Darkode remained the place to go to if you were an English-speaking cybercriminal. The popular cybercriminal hub facilitated the trade in goods and services including malware (malicious software), Zero Day Exploits (cyber attacks exploiting software flaws) and access to compromised servers.
Europol Director Rob Wainwright said the takedown operation caused significant disruption to the underground economy and is a stark reminder that private forums are no sanctuary for criminals and are not beyond the reach of law enforcement.
The takedown of Darkode also marks the end for its criminal community of users and severely disrupts their malicious activity, ranging from hacking and stealing credit card and bank credentials to botnets for rent and DDoS attacks.
One of the forum members’ creations was Dendroid – a type of android malware known as a RAT (Remote Access Toolkit) – that could take photos using the victim’s phone camera, record audio and video, download existing photographs, record calls and send texts. Dendroid was available for purchase for as little as $300, making it easily obtainable.