The Destruction of Darkode - Impact on Malware as a Service

One the most active underground hacking forums, Darkode, was dismantled and 70 of its members are under investigation in “the largest coordinated international law enforcement effort ever directed at an online cyber-criminal forum,” according to an official FBI press release.

A coalition of 20 countries, including Australia, Canada, Colombia, Cyprus, Croatia, Denmark, Finland, Germany, Israel, Nigeria, Romania, Sweden, the United Kingdom and the United States, is responsible for the takedown.

FBI agents secretly infiltrated the network and gathered intelligence for more than 18 months. While monitoring the daily activities of members, agents observed personal information of 39,000 people, 20 million e-mail addresses and user names used in a variety of scams, ransomware programs and other online criminal software, according to Ars Technica.

Darkode.com was an established black market used, much like the infamous Silk Road, by cybercriminals to trade stolen data, credit card information, email addresses, hacking tools and information. It had the reputation of an exclusive (invitation-only) hangout with impenetrable web servers that can resist law enforcemers.

“Of the roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said US Attorney Hickton.

A hit at malware as a service?

Anyone looking to rent a botnet by the hour, create his own or buy credit card numbers could find the proper tools on Darkode. Darkode is an example of a lucrative business in the relatively new industry of cyber-crime. You could have found commercial exploit tools ranging from $300 to zero-day exploits worth millions of dollars.

One of the most dangerous tools on the marketplace was Dendroid, an Android remote administration tool (RAT) used to spy on Android device users. It was first seen in 2014 and immediately compared with its predecessor, Androrat.

“Dendroid is a much improved remote access tool that is definitely aimed for commercial purposes,” Bogdan Botezatu, senior e-threat analyst at Bitdefender, said in an interview with PC Mag. “Although it roughly does the same as Androrat [an older Android RAT], it appears to be much more stable and allows cybercriminal groups to better manage the pool of mobile bots.”

Morgan C. Culbertson, the creator of Dendroid, was charged with conspiring to send malicious code.

This is just one example of how malware as a service is proliferating as a way of making money with minimum effort and costs.