World’s Largest English-Language Malware Marketplace Shuts Down

16 June 2015

As we have discussed before on this blog, identity theft and credit fraud aren’t just committed by individuals looking to make a quick buck. Much of the theft of personal information is planned and organized by major crime rings who collect, sell and trade that information online.

Now, U.S. federal agents have announced they have shut down the largest known English-language malware marketplace in the world. Called Darkode, the website provided a forum for criminals to buy and sell hacked information and malicious software to help them gain access to computer systems.

According to U.S. Attorney David Hickton, the site, which was estimated to have 250 to 300 active members, was “a cyber hornet’s nest of criminal hackers.”

“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States,” Hickton said in a statement. However, the members of the site also stole information in Canada and other countries.

Darkode advertised a stunning amount of information about the criminals who visited the site. Personal information for about 39,000 people was up for sale after being stolen from a government database, in addition to 20 million email addresses that could be used for phishing and other schemes. Hackers also advertised their homemade malware for sale, or used the site to recruit people to install it on victims’ computers for them. In order to access the information on the site, prospective members had to be vouched for by criminals who were already active members.

“Darkode was unusual because it was a virtual crossroads for criminal hackers from a variety of languages, countries and backgrounds,” security expert Brian Krebs told the CBC. “For many years, some of the most accomplished cybercriminals sold their wares and services on this forum, including everything from denial-of-service attacks for hire to malicious software and stolen identities and credit cards.”

So far, 12 people have been charged with crimes associated with the site, including wire fraud, money laundering, conspiring to commit computer fraud and selling and using malware to hack into computers and cell phones. Seventy more people are currently under investigation. There were both criminals and victims of the site in 20 countries, including the United States, United Kingdom, Canada, Australia, Bosnia-Herzegovina, Brazil, Colombia, Costa Rica, Croatia, Cyprus, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia and Sweden. The alleged ringleader was a man named Johan Anders Gudmunds from Sweden, who was known online by the alias “Synthet!c”.

As this case demonstrates, it’s increasingly important to be aware of phishing techniques to protect yourself from fraud. Never open links embedded in an email, and make sure that any time you enter personal information into a website, the address begins with “https” and you see the lock icon next to the address bar.

To be alerted to possible fraudulent activity in your credit files, sign up for a credit monitoring service.