Crime & Justice

Malware and hacking forum darkode is shut down; dozens arrested

The Darkode malware forum was replaced by an image announcing its seizure by police Wednesday.
The Darkode malware forum was replaced by an image announcing its seizure by police Wednesday.
/Justice Department

Announcing an international takedown of a malware marketplace, federal officials say that the forum called Darkode has been dismantled and dozens of its members have been arrested. Darkode has been a marketplace to purchase and trade hacking tools since at least 2008.

Investigators say that while the forum's existence was widely known, they hadn't been able to penetrate it until recently. Darkode operated under password protections and required referrals to join. Today, the site consists of an image saying that it's been seized by police.

Announcing the crackdown Wednesday, the FBI and other officials say that it includes arrests in 20 countries and indictments for 70 individuals, including 12 in the U.S., from Wisconsin to Louisiana.

"The FBI has effectively smashed the hornets' nest," said U.S. Attorney David J. Hickton, "and we are in the process of rounding up and charging the hornets."

Hickton called Darkode one of the greatest threats to online security, mentioning one forum member who put up software (for a price of $65,000) that can take over cellphones. In another case, he said, a user offered the ability to steal and sell lists of friends on Facebook.

And the marketplace was sophisticated enough, Hickton said, that members could either "subscribe" to such hacking tools or buy them outright.

Those indicted include Johan Anders Gudmunds, identified by federal documents as an administrator of Darkode who created a large botnet of hacked computers that stole private information "on approximately 200,000,000 occasions."

John Lynch, Chief of the Criminal Division's Computer Crime and Intellectual Property Section called Darkode "a self-contained market" with sophisticated relationships in which participants used their connections to maximize the amount of money and damage they could extract.

The arrests come after a two-year FBI undercover operation that infiltrated the forum, said FBI Special Agent in Charge Scott S. Smith. Today's announcement reflects work in countries that range from Brazil and Costa Rica to Latvia and Macedonia, the Justice Department says.

The Pittsburgh Post-Gazette explains how the investigation started:

"Following a lead generated in Pittsburgh around 18 months ago, the FBI cybersquad here launched Operation Shrouded Horizon. The bureau's local office assembled a coalition that started domestically with the bureau's offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria."

Federal officials say the investigation into Darkode is continuing.

Here are the defendants who are facing charges in the U.S., from the Justice Department news release:

Copyright 2015 NPR. To see more, visit