More like this

Security

Cybercrime forum Darkode returns with security, admins intact

Revived invite-only site has cleared out snitches, will rely on blockchain authentication

Crime forum Darkode has relaunched with renewed security two weeks after it was obliterated in a global police raid that shut down the site and saw members arrested.

The English-speaking forum, established in 2007, was a major player in the cybercrime underground where vetted members could buy and sell zero days, trojans, and credit card numbers.

The site was eliminated earlier this month under the FBI and European Cybercrime Centre Operation Shrouded Horizon which netted at least 28 users and administrators from 20 countries, including the UK, the US, and Australia.

Now the site appears to be back with renewed vigour. The most recent Darkode administrator known as Sp3cial1st confirmed the legitimacy of the site to UK researcher known as MalwareTech.

The researcher confirmed to The Register that Sp3cial1st had in a conversation revealed information only the two had known in what appears to lend credibility to the relaunched site: "It's definitely legit," MalwareTech says.

Darkode.cc now operates with most of its staff and senior members intact, and uses the Tor routing service to provide users with unique web addresses, Sp3cial1st says in an update posted to the new site this week.

"It appears the raids focused on newly added individuals or people that have been retired from the scene for years," Sp3cial1st says.

"The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite [and] no-one else.

"Each user will have their own Onion, [and] authentication to the forum will be made via the Blockchain API."

Sp3cial1st says the new forum will store only a hash of the BTC user identity, BTC wallet, and an alias.

The administrator warns that anyone claiming to be a member who is not invited is a scammer, and that all users who joined the scuttled Darkode within the last eight months should be considered a snitch.

Darkode.cc

The new and improved Darkode.cc

They say attackers will need to steal a user's personal Onion and ID number to hijack their accounts making it more secure than the last.

"We believe full disclosure on how the new forum will function is necessary to allow members to have confidence in its security," Sp3cial1st says.

MalwareTech says the security overhaul is a "clever idea" that will help net white hat researchers but is not entirely surprising.

"Firstly it would allow the darkode admins greater control over who gets access, preventing people from accessing a hacked account without the owner's onion URL; it would also allow them to better monitor who views what by creating an individual log file for each onion, meaning they could quickly weed out leakers," he says.

"Even more interesting it states that Bitcoin wallets would be tied to accounts and used for users to authenticate on the forums [which] would mean that hackers could not use a hacked account to scam with unless they know the user's private key."

MalwareTech says the administrator known as Mafia was the biggest player to be arrested in the FBI sting, but agrees that the recent major Darkode identities seem to have escaped.

The FBI has been contacted for comment. ®

Sponsored: 2016 Cyberthreat defense report