Feds Shut Down Worldwide Malware Marketplace Darkode.com

The site, known as Darkode.com, was seized by federal authorities Tuesday. A dozen people associated with the site were charged or arrested in federal courts across the country.

by Cary Spivak, Milwaukee Journal Sentinel / July 16, 2015

(TNS) -- A 27-year-old suburban Milwaukee man created an Internet site used as a worldwide malware marketplace that was shut down Wednesday after an investigation by 20 law enforcement agencies across the globe, federal documents filed Wednesday show.

The site, known as Darkode.com, was seized by federal authorities Tuesday. A dozen people, including Daniel Placek of suburban Milwaukee, were charged or arrested in federal courts across the country.

Placek and a partner created Darkode in 2008 and the site grew to become “most sophisticated English-speaking forum for criminal computer hackers” and was known as “the best malware marketplace on the Web,” David J. Hickton, U.S. attorney for the Western District of Pennsylvania, said Wednesday. The FBI in Pittsburgh and the U.S. attorney’s office led the international investigation.

About 70 people were arrested, charged or searched in 20 countries, Hickton said in announcing the takedown of Darkode and the arrests. Charges filed include racketeering, fraud and money laundering that occurred while carrying out various computer hacking schemes including stealing data or taking control of computers.

Prosecutors say that Placek created Darkode “with the intention of bringing together computer hackers and other criminals to facilitate the production and sharing of malicious software,” a criminal complaint filed in federal court in Milwaukee on Wednesday states.

“It became (a forum where) computer criminal could obtain the tools of their trade,” said Jeremy Levinson, a Milwaukee criminal defense lawyer.

Neither Placek nor his attorney could be reached for comment Wednesday. The filing of a criminal complaint — as opposed to an indictment — generally leads to a plea agreement.

Placek, whose aliases include Juggernaut, Nocen and M1rrOr, is charged with conspiracy to access a computer without authorization, a crime that carries a maximum penalty of one year in prison.

Opting to file a misdemeanor charge against Placek could mean that authorities believe that despite creating the forum, he was actually a “bit player” in the total scheme of things, Levinson said. Or, he added, it could mean that Placek is cooperating with the investigation

The complaint charges that during an online chat in 2010, Placek sold for $500 malware “that he designed to monitor and harvest network traffic for email addresses and passwords to an individual known to Placek as Dethan78.”

The creation of the Darkode site “led to forum discussion about the creation and dissemination of botnets and the sending of spam,” the criminal complaint states. A botnet, sometimes called a zombie army, is a network of computers set up — often without the knowledge of the owners — to forward transmissions, such as spam or viruses, to other computers on the Internet.

“As an administrator of the forum, Placek was responsible for determining who was allowed to access the forum, overseeing daily activity, resolving disputes and, if necessary, banning members,” the complaint alleges.

Darkode was created by Placek and Marjaz Skorjanc, of Slovenia. Skorjanc was charged with racketeering and conspiracy in Washington, D.C., and is being held by Slovenian authorities.

Darkode grew to become “a crime bazaar for hackers,” Hickton said. “Of the roughly 800 criminal Internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world.”

“Darkode’s members conspired to generate ill-gotten cash through fraud, extortion and money laundering,” Hickton said. “Darkode members have compromised millions upon millions of computers, servers, cellphones, bank accounts and social media accounts.

A classified ad that had appeared on Darkode offered to sell 23,000 Social Security numbers with birth dates, according to a Wednesday story in the Pittsburgh Post-Gazette. The story said another ad on the now-shutdown site offered to sell “1 million email + (passwords) (quality).”

The site was shut down Tuesday. A statement on the site said that it had been seized by the FBI and U.S. Attorney’s Office in Pittsburgh after a “joint law enforcement operation by the FBI and International law enforcement agencies acting through Europol.”

©2015 Milwaukee Journal Sentinel Distributed by Tribune Content Agency, LLC.