Police action shuts German hacking forum

Filed Under: Law & order, Malware

LKA sign
Police in Germany have shut down a website message board where hackers were exchanging malicious spyware and password-stealing programs designed to commit identity theft.

According to investigators at the LKA (Landeskriminalamt) police internet crime unit in the Baden-Württemberg, the www.codesoft.cc forum was being used by hackers to exchange information about malware, spying and the creation of fake credit cards.

A 22-year-old Swiss man from Lucerne is suspected of being the administrator of the forum, which is quite well known in the community.

The man is accused of selling password stealing software under the disguise of his online handle, "tr1p0d". With the assistance of the Swiss authorities, the man's flat has been searched, and computer hardware confiscated for forensic examination. Police claim that they found incriminatory evidence on the hard disks, and a database of codesoft.cc's users and their IP addresses was also confiscated.

Two further men, aged 25 and 28, from the Black Forest and German federal state of Lower Saxony are suspected to have infected some 80,000 computers worldwide with tr1p0d's 'Codesoft PW Stealer' password-stealing Trojan, and to have sold the data to other hackers.

Obviously the authorities will be keen to identify victims as they put their case against the suspects together, and the public are being reminded of the importance of changing their passwords if they have been compromised.

Whether this investigation will act as a wake-up call to other internet forums that are playing with fire remains to be seen.

There is more information about the case in this media release (German-language PDF) from the LKA.

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.