Court unseals indictment against alleged Darkode hacking forum members

News by Bradley Barth

The Europol describes the cyber-crime forum and black marketplace, as the most prolific English-speaking cyber-criminal forum to date

An American and three Europeans have been charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud for allegedly distributing malware on the now-defunct Darkode computer hacking forum.

A federal court in the District of Columbia, USA, has unsealed an indictment against the four individuals, who are identified as Thomas McCormick (aka fubar), 26, of Washington state; Matjaz Skorjanc (aka iserdo and serdo), 32, of Maribor, Slovenia; Florencio Carro Ruiz (aka NeTK and Netkairo) 40, of Vizcaya, Spain; and Mentor Leniqi (aka Iceman), 35, of Gurisnica, Slovenia. The indictment was originally filed under seal on 4 December 2018.

McCormick, who is also charged with five counts of aggravated identity theft, was arrested on 10 December 2018, but the three other suspects remain fugitives. McCormick was allegedly was among the last administrators of Darkode, while Skorjanc is accused of being the underground marketplace’s founder and first administrator.

According to the indictment, the first charge of racketeering conspiracy stems from a series of alleged acts involving bank fraud, wire fraud, access device fraud, identity theft, hacking and extortion. Justice officials say the invitation-only group was responsible for US$ 4.5 million (£3.5 million) in victim losses between September 2008 and December 2013, at which time the FBI first contacted McCormick about his alleged role in the operation.

Ultimately, Darkcode was taken down by international law enforcement officials in a July 2015 crackdown called Operation Shrouded HorizonThe Europol described the cyber-crime forum and black marketplace as "the most prolific English-speaking cyber-criminal forum to date".

"Darkode was a criminal organisation built around an online password-protected criminal forum where high-level international hackers and cybercriminals convened to develop, buy, sell, trade and share hacking tools, information and ideas," the indictment says.

"The schemes included selling and using tools – malware – to hack into victim computers and steal personally identifying information (‘PII’), bank account and other login credentials, and credit cards," the indictment continues. "The schemes also included developing and selling tools – malware – for taking over victims’ computers and using them to attack victims’ web sites; hold victims’ websites for ransom; and hide the criminals’ identities on the internet."

For instance, Skorjanc is accused of creating a bot software called Butterfly Bot or BFBOT and selling it on Darkode. The indictment describes a forum posting that said the bot runs on Windows NT-based systems and can steal usernames and passwords for online financial services from Firefox and Internet Explorer users. The bot was also said to launch DDoS attacks and alter text entered into MSN Messenger.

Other malware programs allegedly put up for sale by one or more of the defendants included the Mariposa botnet (a modified version of BFBOT), and the Zeus trojan known for stealing banking credentials. The Darkode members also allegedly sold access to compromised computers.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews