Security Experts:

Hacking Forum Darkode Resurfaces

The Darkode cybercrime forum will return online soon. The news comes less than two weeks after law enforcement authorities announced that they had brought down the website.

Launched almost eight years ago, Darkode (darkode.me) was a secretive underground forum where users could buy and sell a wide range of cybercrime tools and services, including malware, exploit kits, spam services, and botnets.

Authorities announced on July 15 that the hacking forum, which according to Europol had between 250 and 300 members, was dismantled. A total of 28 people were arrested and 12 were charged as a result of an international law enforcement operation involving 20 countries.

The United States Department of Justice said Darkode was brought down after it was infiltrated by the FBI.

Despite the arrests and charges brought against its alleged members, Darkode is not out of the picture. On Sunday, the malware marketplace resurfaced on darkode[dot]cc.

The forum will be relaunched soon and its administrators are implementing new security measures to protect the website and its members.

“Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite (no-one else),” reads a message posted on the new website.

According to the security researcher known as MalwareTech, Darkode was resurrected by “Sp3cial1st,” the forum’s main administrator. Apparently, Sp3cial1st wanted to see which of the website’s users were arrested before bringing the forums back online.

Sp3cial1st, who according to security blogger Brian Krebs is a core member of the Lizard Squad, says each user will have their own Onion (Tor) address and authentication will be made through the Bitcoin Blockchain API.

“We will not store any form of user information except a hash of the BTC Guid, a BTC Wallet (for default display NickName), and an alias if the user chooses to create one,” the administrator said.

MalwareTech believes that the use of individual Onion addresses gives Darkode administrators greater control over who has access to the service and helps prevent account hijacking. This method will also allow admins to log each users’ activities and quickly identify potential leakers.

“These new security measures don't come as a huge surprise seeming as Darkode had a massive problem with people using hacked accounts to leak information to law enforcement and journalists as well as scam users,” MalwareTech said. “Ironically even the Darkode administrators were compromised at one point after one of them had reused his password on another forum, which had its database leaked a few weeks prior.”

Sp3cial1st has advised members to assume that anyone claiming to be a member of Darkode is a scammer. The administrator also urges members to assume that anyone they have dealt with over the past 6-8 months might have turned into an informant for law enforcement.

view counter
Eduard Kovacs is an international correspondent for SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.