Last updated
The message displayed on the homepage of Darkode upon its domain being seized during Operation Shrouded Horizon. Darkode domain seized during Operation Shrouded Horizon (DOJ image).jpg
The message displayed on the homepage of Darkode upon its domain being seized during Operation Shrouded Horizon.

dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". [1] [2] This site which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, and other illicit goods and services. [2] [3] [4]



In early 2013, it came under a large DDoS attack moving from bulletproof hosting provider Santrex to Off-shore, the latter being a participant of the Stophaus campaign against Spamhaus. [5] The site has had an ongoing feud with security researcher Brian Krebs. [6]

In April 2014, various site users were attacked via the Heartbleed exploit, gaining access to private areas of the site. [7]

Take down

The forum was the target of Operation Shrouded Horizon, an international law enforcement effort led by the Federal Bureau of Investigation which culminated in the site's seizure and arrests of several of its members in July 2015. [8] [9] According to the FBI, the case is "believed to be the largest-ever coordinated law enforcement effort directed at an online cyber criminal forum". [10] Upon announcing the 12 charges issued by the United States, Attorney David Hickton called the site "a cyber hornet's nest of criminal hackers", "the most sophisticated English-speaking forum for criminal computer hackers in the world" which "represented one of the gravest threats to the integrity of data on computers in the United States". [11] [12]

On Monday, September 21, 2015, Daniel Placek appeared on the podcast Radiolab discussing his role in starting Darkode and his eventual cooperation with the United States government in its efforts to take down the site. [13]


Only two weeks after the announcement of the raid, the site reappeared with increased security, employing blockchain-based authentication and operating on the Tor anonymity network. [2] [3] [4] Researchers from MalwareTech suggested the relaunch was not genuine, and almost immediately after, it was hacked and its database leaked. [14]

On December 13, a version of the site returned on the original domain name. [15]

See also

Related Research Articles

Cybercrime, or computer-oriented crime, is a crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Cybercrime may threaten a person, company or a nation's security and financial health.

Brian Krebs American journalist

Brian Krebs is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals. His interest grew after a computer worm locked him out of his own computer in 2001.

Shadowserver Foundation is a nonprofit security organization that gathers and analyzes data on malicious Internet activity, sends daily network reports to subscribers, and works with law enforcement organizations around the world in cybercrime investigations. Established in 2004 as a "volunteer watchdog group," it liaises with national governments, CSIRTs, network providers, academic institutions, financial institutions, Fortune 500 companies, and end users to improve Internet security, enhance product capability, advance research, and dismantle criminal infrastructure.

The Russian Business Network is a multi-faceted cybercrime organization, specializing in and in some cases monopolizing personal identity theft for resale. It is the originator of MPack and an alleged operator of the now defunct Storm botnet.

DarkMarket was an English-speaking internet cybercrime forum created by Renukanth Subramaniam in London that was shut down in 2008 after FBI agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.

Zeus, ZeuS, or Zbot is a Trojan horse malware package that runs on versions of Microsoft Windows. While it can be used to carry out many malicious and criminal tasks, it is often used to steal banking information by man-in-the-browser keystroke logging and form grabbing. It is also used to install the CryptoLocker ransomware. Zeus is spread mainly through drive-by downloads and phishing schemes. First identified in July 2007 when it was used to steal information from the United States Department of Transportation, it became more widespread in March 2009. In June 2009 security company Prevx discovered that Zeus had compromised over 74,000 FTP accounts on websites of such companies as the Bank of America, NASA, Monster.com, ABC, Oracle, Play.com, Cisco, Amazon, and BusinessWeek. Similarly to Koobface, Zeus has also been used to trick victims of technical support scams into giving the scam artists money through pop-up messages that claim the user has a virus, when in reality they might have no viruses at all. The scammers may use programs such as Command prompt or Event viewer to make the user believe that their computer is infected.

Jart Armin

Jart Armin is an investigator, analyst and writer on cybercrime and computer security, and researcher of cybercrime mechanisms and assessment.

There is no commonly agreed single definition of “cybercrime”. It refers to illegal internet-mediated activities that often take place in global electronic networks. Cybercrime is "international" or "transnational" – there are ‘no cyber-borders between countries'. International cybercrimes often challenge the effectiveness of domestic and international law and law enforcement. Because existing laws in many countries are not tailored to deal with cybercrime, criminals increasingly conduct crimes on the Internet in order to take advantages of the less severe punishments or difficulties of being traced. No matter, in developing or developed countries, governments and industries have gradually realized the colossal threats of cybercrime on economic and political security and public interests. However, complexity in types and forms of cybercrime increases the difficulty to fight back. In this sense, fighting cybercrime calls for international cooperation. Various organizations and governments have already made joint efforts in establishing global standards of legislation and law enforcement both on a regional and on an international scale. China–United States cooperation is one of the most striking progress recently, because they are the top two source countries of cybercrime.

The FBI Cyber Division is a Federal Bureau of Investigation division which heads the national effort to investigate and prosecute internet crimes, including "cyber based terrorism, espionage, computer intrusions, and major cyber fraud." This division of the FBI uses the information it gathers during investigation to inform the public of current trends in cyber crime. It focuses around three main priorities: computer intrusion, identity theft, and cyber fraud. It was created in 2002.

European Cybercrime Centre

The European Cybercrime Centre is the body of the Police Office (Europol) of the European Union (EU), headquartered in The Hague, that coordinates cross-border law enforcement activities against computer crime and acts as a centre of technical expertise on the matter.

Operation Tovar is an international collaborative operation carried out by law enforcement agencies from multiple countries against the Gameover ZeuS botnet, which is believed by the investigators to have been used in bank fraud and the distribution of the CryptoLocker ransomware.

GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet.

Lizard Squad was a black hat hacking group, mainly known for their claims of distributed denial-of-service (DDoS) attacks primarily to disrupt gaming-related services.

TheRealDeal was a darknet website and a part of the cyber-arms industry reported to be selling code and zero-day software exploits.

Operation Shrouded Horizon

Operation Shrouded Horizon was an 18-month international law enforcement investigation culminating in the July 2015 seizure of Darkode, an online cybercrime forum and black market, and the arrest of several of its members. The case involved law enforcement agencies from 20 countries, led by the United States Federal Bureau of Investigation (FBI) with the assistance of Europol, in what the FBI called "the largest-ever coordinated law enforcement effort directed at an online cyber criminal forum".

Carding (fraud) Crime involving the trafficking of credit card data

Carding is a term describing the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass procurement of details, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

The National Cyber-Forensics & Training Alliance or NCFTA established in 2002 in Pittsburgh is an American non-profit corporation focused on identifying, mitigating, and neutralizing cyber crime threats through strategic alliances and partnerships with subject matter experts (SME) in the public, private, and academic sectors.

A crime forum is a generic term for an Internet forum specialising in computer crime and Internet fraud activities such as hacking, Online Identity Theft, Phishing, Pharming, Malware Attacks or spamming.

Marcus Hutchins, also known online as MalwareTech, is a British computer security researcher known for temporarily stopping the WannaCry ransomware attack. He is employed by cybersecurity firm Kryptos Logic. Hutchins is from Ilfracombe in Devon.

Hack Forums Internet forum

Hack Forums is an internet forum. The website ranks as the number one website in the "Hacking" category in terms of web-traffic by the analysis company Alexa Internet. The site has been widely reported as facilitating criminal activity, such as the case of Zachary Shames, who in 2013 sold a keylogger which was used to steal personal information.


  1. "Cybercriminal Darkode Forum Taken Down Through Global Action". Europol. 15 July 2015.
  2. 1 2 3 Clark, Lian (28 July 2015). "Hacker forum Darkode is back and more secure than ever". Wired.
  3. 1 2 Kovacs, Eduard (28 July 2015). "Hacking Forum Darkode Resurfaces". Security Week.
  4. 1 2 Pauli, Darren (28 July 2015). "Cybercrime forum Darkode returns with security, admins intact". The Register.
  5. Krebs, Brian (May 2013). "Conversations with a Bulletproof Hoster" . Retrieved 31 July 2015.
  6. MalwareTech (December 2014). "Darkode - Ode to Lizard Squad (The Rise and Fall of a Private Community)" . Retrieved 4 August 2015.
  7. Pauli, Darren (30 April 2014). "Dark0de crime forum hacked through Heartbleed" . Retrieved 6 August 2015.
  8. Stevenson, Alastair (28 July 2015). "It only took 2 weeks for the world's most dangerous hacking forum to get back online after the FBI shut it down". Business Insider.
  9. Cox, Joseph (29 July 2015). "The Mysterious Disappearance, and Reappearance, of a Dark Web Hacker Market" . Retrieved 31 July 2015.
  10. "Cyber Criminal Forum Taken Down". FBI.gov. 15 July 2015.
  11. Trott, Bill (15 July 2015). "U.S. says computer hacking forum Darkode dismantled, 12 charged". Reuters.
  12. 1 2 Buncombe, August (15 July 2015). "Darkode: FBI shuts down notorious online forum and cracks 'cyber hornet's nest of criminal hackers'". The Independent.
  13. "Darkode". Radiolab. NPR. Retrieved 2 October 2015.
  14. Cox, Joseph (19 January 2017). "Hackers Hack Hacking Forum As Soon As It's Launched" . Retrieved 24 January 2017.
  15. Cox, Joseph (19 December 2016). "Malware Exchange Busted by the Feds Relaunches, At Least in Name" . Retrieved 19 December 2016.