US and international law enforcement agencies announced they have shut down Darkode, an international hacker forum used by cyber-criminals, and charged 12 of its members with crimes ranging from fraud and spamming to spreading malicious code.
According to the indictments announced Wednesday, Darkode was a password-protected online forum where “hackers and other cyber-criminals” met to share information, ideas and tools to hack computer networks and devices. To become a member, one would have to be invited by an existing member and demonstrate skills and products that would benefit the group, the Department of Justice said in a statement.
“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” US Attorney David Hickton said, announcing the charges in Pittsburgh.
“Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable,” Hickton added.
The FBI worked with law enforcement agencies in 20 countries to investigate, search and arrest some 70 members and associates of Darkode around the world, as part of the multi-national ‘Operation Shrouded Horizon.’ According to the DOJ, it was the largest coordinated international law enforcement effort ever directed at a cyber-criminal forum.
“This is a milestone in our efforts to shut down criminals’ ability to buy, sell, and trade malware, botnets and personally identifiable information used to steal from U.S. citizens and individuals around the world,” FBI Deputy Director Mark Giuliano said. “Cyber criminals should not have a safe haven to shop for the tools of their trade and Operation Shrouded Horizon shows we will do all we can to disrupt their unlawful activities.”
Police in Australia, Bosnia-Herzegovina, Brazil, Canada, Colombia, Costa Rica, Cyprus, Croatia, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia, Sweden, the UK and the US took part in the operation.
Daniel Placek, 27, of Glendale, Wisconsin, reportedly created Darkode, and used it to sell malware designed to collect email addresses and passwords. He operated under several user names, including “Loki,” “Juggernaut” and “M1rr0r.”
The US government accused Johan Anders Gudmunds, 27, of Sweden of serving as the administrator of Darkode. Known as “Mafi,” “Crim” and “Synthet!c,” Gudmunds also reportedly operated his own botnet, which – at times – consisted of more than 50,000 computers. He is accused of stealing data from those computers on 200 million occasions.
A Pittsburgh man identified as Morgan C. Culbertson, 20, was charged with conspiring to send malicious code. The authorities say that Culbertson designed ‘Dendroid,’ malware intended to remotely access, control and steal data from cell phones using the Android operating system.
Eric L. Crocker, 39, of Binghamton, New York was charged over his involvement in a scheme to send spam via computers infected by malware called ‘Facebook Spreader.’ Crocker, also known as “Phastman,” would use the hijacked computers to send spam, the government claims.
Wednesday’s announcement also mentioned a conspiracy to send millions of spam emails to cell phones, by using servers in China to exploit vulnerable routers in third-world countries. The indictments name two Florida residents, 27-year-old Naveed Ahmed (also known as “semaph0re”) and 28-year-old Dewayne Watts (aka “m3t4lh34d”), and 31-year-old Indianapolis, Indiana resident Phillip R. Fleitz (aka “Strife”).
Slovenian residents 28-year-old Matjaz Skorjanc (“iserdo”), and 34-year-old Mentor Leniqi (“Iceman”), as well as 36-year-old Spaniard Florencio Carro Ruiz (“Netkairo”), were charged in the US for racketeering conspiracy, as well as conspiracies to commit wire and bank fraud, computer fraud, access device fraud and extortion.