The FBI and the Department of Justice took down what they called “one of the gravest threats” to US data integrity, ending an 18-month investigation to a “cyber-hornets nest of criminal hackers” that resulted in dozens of arrests around the world. The online marketplace known as Darkode had managed to stay in business for seven years in part because its attempts to enforce membership restrictions rivaled that of old-school country clubs … or the Mob:
Investigators shut down an online marketplace where cybercriminals bought and sold hacked databases, malicious software and other products that could cripple or steal information from computer systems, the Justice Department announced Wednesday.
More than 70 cybercriminals in the United States and 19 other countries are targets of the investigation, authorities said. Some of them have been charged, while others were the subject of search warrants because some countries require evidence to be seized before criminal charges can be filed, investigators said. …
The site targeted in the current shutdown, called Darkode, was the largest-known English-language malware forum in the world, authorities said.
“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said Hickton.
The collective did its best to keep from being penetrated by law enforcement:
The takedown comes in the wake of a series of high-profile data breaches that have left Americans unsure if any of their digitized information is safe. Earlier this month, the federal Office of Personnel Management was the victim of two separate hacks, leading to the theft of more than 21 million Social Security numbers and other data.
Cyberattacks in the last six months have also resulted in the theft of tax filings from the Internal Revenue Service and the release of a trove of embarrassing emails from Sony executives.
According to federal investigators, Darkode was a closed community that only accepted new members on the recommendation of someone who was already inside the forum. New members had to prove their skills and demonstrate their usefulness to the group, generally by providing new and effective spyware, before gaining membership.
The LA Times in the above article reports that investigators credit the Swedish administrator of Darkode, John Anders Gudmunds, with 200 million computer thefts. He’s still at large, but the scope of the roundup is massive, as is the damage allegedly caused by the collective:
Hackers could also sell the fruits of their labor: stolen email and personal information databases that others could use in identity theft and other schemes. Lists for sale included customers who participated in an automobile auction; personal information from 39,000 people on a Social Security database; and 20 million email and usernames stolen in another scheme.
One target, an 18-year-old man arrested in England in January, is allegedly responsible for hacking into Sony’s PlayStation Network and Microsoft’s Xbox Live services last year around Christmas.
Those targeted for arrest or searches live in the United States, United Kingdom, Australia, Bosnia-Herzegovina, Brazil, Canada, Colombia, Costa Rica, Croatia, Cyprus, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia and Sweden. There are victims in all of those countries, and others, authorities said.
The prosecution of such a collective will certainly be challenging. It will follow on the heels of the controversial Silk Road case, in which the administrator of an online marketplace ended up with a life sentence in part for its trafficking in illegal drugs and other criminal activity. Ross Ulbricht’s trial and life sentence put the so-called “dark web” onto the national media stage. That case, plus the mega-hacks of OPM and other government agencies as well as major retailers and credit-card systems, will leave these defendants with a less-than-sympathetic public from which juries must be found.
If this case is as egregious as it sounds, then this would be good work by the DoJ. Perhaps, though, it will still raise the question of how one part of the government can be so adept at outfighting the hackers while another part of it — OPM especially — was so clueless that they couldn’t even find their own hack for more than a year.