Notorious cybercrime forum Darkode taken down, dozens arrested

Darkode forum taken down, dozens arrested in FBI and Europol operation

crime-scene-550Darkode, a notorious cybercrime marketplace, was permanently shut down by a massive law enforcement operation coordinated between agencies in the US, Europe and elsewhere.

The website and domain have been seized – visitors to the website now see a message from the FBI announcing its shutdown along with the seals of the law enforcement agencies participating in the operation.


This website and domain have been seized by the Federal Bureau of Investigation, Pittsburgh Field Office and the United States Attorney's Office for the Western District of Pennsylvania as part of a joint law enforcement operation by the FBI and international law enforcement agencies acting through Europol.

Law enforcement agencies in 20 countries participated in the operation, which resulted in the arrest of 28 individuals accused of cybercrimes, including 12 now facing charges in the US, the FBI and Europol announced Wednesday.

Described by the FBI as “the most sophisticated English-speaking forum for criminal computer hackers around the world,” Darkode was a hub of cybercrime that facilitated buying, selling and trading goods and services including malware, zero-day exploits, botnets and personally identifiable information (PII) used to commit fraud.

Although there are more than 800 criminal internet forums worldwide, Darkode was “the place to go” for English-speaking cybercrooks, according to Europol.

Darkode was an exclusive club of around 250-300 members, and hackers could only join the forum at the invitation of an existing member.

Members reportedly included some of the Lizard Squad hackers responsible for denial-of-service attacks on Sony and Microsoft.

Two individuals now facing charges in the US (but who were swept up by law enforcement before the Darkode takedown) allegedly used Darkode to advertise services for the SpyEye crime kit.

Darkode’s alleged administrator, Johan Anders Gudmunds, (also known as Mafi, Crim and Synthet!c), of Sollebrunn, Sweden, is accused of buying and selling malware used to create botnets (a term for networks of compromised computers).

Gudmunds allegedly ran his own botnet of up to 50,000 computers, and used the malware on those computers to steal data on approximately 200 million occasions.

Understandably, Darkode members were concerned about law enforcement, and had security protocols in place to keep the site from being shut down, including the use of so-called “bulletproof” hosting providers.

Despite occasional rumors that Darkode had been compromised, the members generally believed that Darkode was “impenetrable,” the FBI said.

But Darkode members were ultimately unable to prevent law enforcement from getting in – according to the FBI, the agency was able to infiltrate the group:

The takedown of the forum and the charges announced today are the result of the FBI's infiltration, as part of Operation Shrouded Horizon, of the Darkode's membership.

Darkode’s shutdown represents a huge victory for law enforcement, what the FBI called “a milestone” in its efforts to put cybercrooks out of business.

Although we frequently see arrests leading to prosecution of individual crooks, it’s rare to see a law enforcement action with such far-reaching effects.

Cybercrooks have been put on notice – even so-called “dark” forums cannot protect them from the long arm of the law.

Learn more about how cybercrime works

Listen to our Techknow podcast, Understanding Botnets. Learn, in plain English, the what, why and how of botnets – the money-making machinery of modern cybercrime.

(Audio player above not working for you? Download to listen offline, or listen on Soundcloud.)

Image of laptop crime scene courtesy of