The U.S. Department of Justice (DOJ) announced it has dismantled the Darkode hacking community in an international...
law enforcement effort, and has charged 12 defendants in connection with conspiracy to commit computer fraud.
The takedown -- part of a cooperative effort between the U.S. and 20 countries -- is said to be the largest coordinated international law enforcement effort ever directed at an online cybercriminal forum. The coalition included Australia, Bosnia and Herzegovina, Brazil, Canada, Colombia, Costa Rica, Cyprus, Croatia, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia, Sweden, the United Kingdom, and the United States.
The DOJ described Darkode as an online, password-protected forum where cybercriminals had to be vetted before they were allowed entry, after which they were able to buy, sell, trade, and share information, ideas, and tools to facilitate unlawful intrusions on others' computers and electronic devices.
Assistant Attorney General William B. Caldwell called the operation "a great example of what international law enforcement can accomplish when we work closely together to neutralize a global cybercrime marketplace."
According to U.S. Attorney David J. Hickton, "Of the roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world."
The question remains whether this move will have a lasting impact on the hacking community.
U.S. Deputy Director Mark F. Giuliano called the takedown "a milestone in our efforts to shut down criminals' ability to buy, sell, and trade malware, botnets, and personally identifiable information used to steal from U.S. citizens and individuals around the world."
However, experts said the hacking community has already begun efforts to rebuild Darkode, but it is possible this move will have an effect on hacker behavior moving forward.
Chase Cunningham, Ph.D., threat intelligence lead at FireHost, said the takedown will force cybercriminals to move to another forum on the Dark Web to find the same information and tools, but there could be an effect after those prosecuted face real penalties.
"It is already being rebuilt, and while it does at least show that arrests can happen, until someone is prosecuted and there is real pain felt, it is just an inconvenience rather than a show of force," Cunningham said. "Plus, with international concerns and the majority of malicious code coming out of countries other than the U.S., these types of operations are not going to make much real impact. I can find at least seven other forums right now on the Dark Web that are selling exploits and much more malicious stuff than what Darkode had on it."
Robert Hansen, vice president of security at WhiteHat Labs, said this is a good first step towards establishing an international rule of law against hacking communities.
"Darkode's dismantling will not have much of a lasting effect on the underground. It might have a tactical effect of modifying user behavior for a while and a further chilling effect as people rethink their security, but ultimately where there is money to be made, people will usually find a way," Hansen said. "International law enforcement cooperation is definitely increasing, as good will spreads, but laws and their application are far from homogeneous worldwide. Even interstate laws are confusing and regularly conflict. There's a long way to go."
However, Steve McGregory, director of application and threat intelligence at Ixia, saw more hope than others and said this will impact criminal behavior and give strength to international law enforcement.
"The full picture of the impact will not be known for some time, but it will definitely spur paranoia in the hacker communities," McGregory said. "This ability to infiltrate forums by covert means is an advantage to law enforcement. It also puts a positive light on the abilities of global law enforcement to work together, gathering intelligence, synchronizing efforts, and taking down an identified malicious hacker community once they have collected enough evidence. I'd say most hackers are looking over their shoulders and wondering if they have been tied to any of those taken down with Darkode."
The U.S. DOJ has not responded to requests for comment as of this writing.
Learn more about targeted attacks and how to defend against them.