Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Hacking Forum Darkode Resurfaces

The Darkode cybercrime forum will return online soon. The news comes less than two weeks after law enforcement authorities announced that they had brought down the website.

The Darkode cybercrime forum will return online soon. The news comes less than two weeks after law enforcement authorities announced that they had brought down the website.

Launched almost eight years ago, Darkode (darkode.me) was a secretive underground forum where users could buy and sell a wide range of cybercrime tools and services, including malware, exploit kits, spam services, and botnets.

Authorities announced on July 15 that the hacking forum, which according to Europol had between 250 and 300 members, was dismantled. A total of 28 people were arrested and 12 were charged as a result of an international law enforcement operation involving 20 countries.

The United States Department of Justice said Darkode was brought down after it was infiltrated by the FBI.

Despite the arrests and charges brought against its alleged members, Darkode is not out of the picture. On Sunday, the malware marketplace resurfaced on darkode[dot]cc.

The forum will be relaunched soon and its administrators are implementing new security measures to protect the website and its members.

“Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite (no-one else),” reads a message posted on the new website.

According to the security researcher known as MalwareTech, Darkode was resurrected by “Sp3cial1st,” the forum’s main administrator. Apparently, Sp3cial1st wanted to see which of the website’s users were arrested before bringing the forums back online.

Advertisement. Scroll to continue reading.

Sp3cial1st, who according to security blogger Brian Krebs is a core member of the Lizard Squad, says each user will have their own Onion (Tor) address and authentication will be made through the Bitcoin Blockchain API.

“We will not store any form of user information except a hash of the BTC Guid, a BTC Wallet (for default display NickName), and an alias if the user chooses to create one,” the administrator said.

MalwareTech believes that the use of individual Onion addresses gives Darkode administrators greater control over who has access to the service and helps prevent account hijacking. This method will also allow admins to log each users’ activities and quickly identify potential leakers.

“These new security measures don’t come as a huge surprise seeming as Darkode had a massive problem with people using hacked accounts to leak information to law enforcement and journalists as well as scam users,” MalwareTech said. “Ironically even the Darkode administrators were compromised at one point after one of them had reused his password on another forum, which had its database leaked a few weeks prior.”

Sp3cial1st has advised members to assume that anyone claiming to be a member of Darkode is a scammer. The administrator also urges members to assume that anyone they have dealt with over the past 6-8 months might have turned into an informant for law enforcement.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.

Vulnerabilities

The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.