The U.S. Department of Justice and the FBI announced yesterday the results of Operation Shrouded Horizon, a multi-agency investigation into the Darkode forum that spanned over 20 countries worldwide. Among those results were charges, arrests, and searches involving 70 Darkode members and associates around the world; U.S. indictments against 12 individuals associated with the forum, including its administrator; the serving of several search warrants in the U.S.; and the Bureau’s seizure of Darkode’s domain and servers.
“Of the roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney David J. Hickton. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”
During the investigation, the Bureau focused primarily on the Darkode members responsible for developing, distributing, facilitating, and supporting the most egregious and complex cyber criminal schemes targeting victims and financial systems around the world, including in the United States.
Darkode was, in effect, a one-stop, high-volume shopping venue for some of the world’s most prolific cyber criminals. This underground, password-protected, online forum was a meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials, and other pieces of data and software that facilitated complex cyber crimes all over the globe.
The Darkode forum, which had between 250-300 members, operated very carefully — not just anyone could join. Ever fearful of compromise by law enforcement, Darkode administrators made sure prospective members were heavily vetted.
Similar to practices used by the Mafia, a potential candidate for forum membership had to be sponsored by an existing member and sent a formal invitation to join. In response, the candidate had to post an online introduction—basically, a resume—highlighting the individual’s past criminal activity, particular cyber skills, and potential contributions to the forum. The forum’s active members decided whether to approve applications.
Once in the forum, members—in addition to buying and selling criminal cyber products and services—used it to exchange ideas, knowledge, and advice on any number of cyber-related fraud schemes and other illegal activities. It was almost like a think tank for cyber criminals.
The takedown of the forum and the charges are the result of the FBI’s infiltration, as part of Operation Shrouded Horizon, of the Darkode’s membership. The investigation of the Darkode forum is ongoing. “Law enforcement infiltrated a closed criminal forum—no easy task—to obtain the intelligence and evidence needed to identity and prosecute these criminals.” the FBI said, “This action paid off with a treasure trove of information that ultimately led to the dismantlement of the forum and law enforcement actions against dozens of its worst criminal members around the world.”