On July 2015, an international joint effort of law enforcement allowed the arrest of dozen people active on the popular Darkode crime forum.
The FBI along with Europol and the Brazil’s Federal Police were monitoring the cybercriminal forum since March, the operation has resulted in 62 arrests in 18 countries worldwide, Colombia, Germany, India and UK.
According to the administrator which uses the online pseudonym Sp3cial1st, following the seizure of Darkode on 14 July he waited for the disclosure of the identities of arrested in order to decide to before deciding to bring the forum back online.
At the end of July, the administrator of the Darkode hacking forum announced the imminent return online of the platform with new security improvements.
Last July, Damballa’s Threat Discovery Center discussed the infamous web forum, Darkode, that was supposed to be resuscitated by sp3cial1st.
Since then, Damballa’s Threat Discovery Center has been monitoring the dark web searching for a new Darkode forum. The experts discovered the revive Darkode Reloaded. Obviously, the Darkode forum was deployed in the dark web for “security” reasons and anonymity, but the forum remains also accessible without the Tor client a circumstance that manifests a poor design.
Sven has implemented a Jabber service that runs on the domain darkode.club and is hosted on a dedicated server at 86.105.227[.]13 located in Russia.
Also in this case, the experts noticed serious security issues and a poor design, the Openfire version installed on the server (ver. 3.10.2) is affected by a number of vulnerabilities.
“The server is poorly configured. We know that this server runs a software called Jetty 9.2 Snapshot. This software comes along with Openfire. Openfire is a Jabber server software and the version 3.10.2 is installed. The Jetty software listens on port 7070 by default and this port is wide open on the server. The administration interface for the jabber server is also accessible with the default configuration port 9090.” states a blog post published by Damballa.
The lack of security and poor a configuration shows that Darkode cannot be trusted.
The Darkode reloaded is far from the previous one.
(Security Affairs – cybercrime, Darkode forum)