The administrator of the popular Darkode hacking forum announced that the platform will back online soon with new security improvements.

A few days ago Darkode, a black market specialized in the sale of exploit kits and hacking tool was shut down by an international operation of law enforcement.

A joint operation run by the FBI and other law enforcement agencies in Europe and Brazil have allowed the identification and the arrest of more than 60 people suspected of carrying out hacking crimes. According to the media, all the suspects are associated with the online criminal forum Darkode.

The FBI along with Europol and the Brazil’s Federal Police were monitoring the cybercriminal forum since March, the operation has resulted in 62 arrests in 18 countries worldwide, Colombia, Germany, India and UK.

While the British NCA announced that in total five suspects had been arrested in relation to Darkode between November 2013 and March 2015, on 26 July the administrator of the controversial crime forum announced that its staff was not impacted by the operation of the law enforcement.

“Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite.”

According to the administrator which user the online pseudonym Sp3cial1st, following the seizure of Darkode on 14 July he waited for the disclosure of the identities of arrested in order to decide to before deciding to bring the forum back online.

The security expert who operates the MalwareTech blog published the list of arrested that had been active on the Darkode forum in recent years:

On 26 July, it seems the Sp3cial1st announced on darkode.cc that the popular crime forum Darkode is moving on the Tor network and that each he will assign to each user its own .onion address to the forum to improve authentication process. The countermeasure adopted by the Sp3cial1st will prevent Darkode from being abused by infiltrates giving admins a capillar control of over users’ access by creating an individual log file for each onion.

“Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite (no-one else). Each user will have their own Onion, authentication to the forum will be made via the Blockchain Api. We will not store any form of user information except a hash of the BTC Guid, a BTC Wallet (for default display NickName), and an alias if the user chooses to create one.” states the admin Darkode. “Check back for news and more information about the forum as it develops.”

Sp3cial1st warns Darkode users about the security measures implemented:

1. Assume anyone publicly claiming to have been (or be) a member of the forum is a scammer.
2. Assume anyone you have dealt with that was added to darkode in the last 6-8 months may have turned informant and act accordingly.
3. Access to the Onion Generation Site will be opened from this page shortly.

At time the I was writing, the Onion Address Generator does not work, but according to the Sp3cial1st it will be soon available.

Stay Tuned.

Pierluigi Paganini

(Security Affairs – Darkode, cybercrime)