On July 2015, an international joint effort of law enforcement allowed the arrest of dozen people active on the popular Darkode crime forum.
The FBI along with Europol and the Brazil’s Federal Police were monitoring the cybercriminal forum since March, the operation has resulted in 62 arrests in 18 countries worldwide, Colombia, Germany, India and UK.
According to the administrator which uses the online pseudonym Sp3cial1st, following the seizure of Darkode on 14 July he waited for the disclosure of the identities of arrested in order to decide to before deciding to bring the forum back online.
At the end of July, the administrator of the Darkode hacking forum announced the imminent return online of the platform with new security improvements.
Last July, Damballa’s Threat Discovery Center discussed the infamous web forum, Darkode, that was supposed to be resuscitated by sp3cial1st.
Since then, Damballa’s Threat Discovery Center has been monitoring the dark web searching for a new Darkode forum. The experts discovered the revive Darkode Reloaded. Obviously, the Darkode forum was deployed in the dark web for “security” reasons and anonymity, but the forum remains also accessible without the Tor client a circumstance that manifests a poor design.
Sven has implemented a Jabber service that runs on the domain darkode.club and is hosted on a dedicated server at 86.105.227[.]13 located in Russia.
Also in this case, the experts noticed serious security issues and a poor design, the Openfire version installed on the server (ver. 3.10.2) is affected by a number of vulnerabilities.
“The server is poorly configured. We know that this server runs a software called Jetty 9.2 Snapshot. This software comes along with Openfire. Openfire is a Jabber server software and the version 3.10.2 is installed. The Jetty software listens on port 7070 by default and this port is wide open on the server. The administration interface for the jabber server is also accessible with the default configuration port 9090.” states a blog post published by Damballa.
The lack of security and poor a configuration shows that Darkode cannot be trusted.
The Darkode reloaded is far from the previous one.
(Security Affairs – cybercrime, Darkode forum)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.