dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date".[1] [2] The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.[2] [3] [4]
In early 2013, it came under a large DDoS attack moving from bulletproof hosting provider Santrex to off-shore, the latter being a participant of the Stophaus campaign against Spamhaus.[5] The site has had an ongoing feud with security researcher Brian Krebs.[6]
In April 2014, various site users were attacked via the Heartbleed exploit, gaining access to private areas of the site.[7]
The forum was the target of Operation Shrouded Horizon, an international law enforcement effort led by the Federal Bureau of Investigation which culminated in the site's seizure and arrests of several of its members in July 2015.[8] [9] According to the FBI, the case is "believed to be the largest-ever coordinated law enforcement effort directed at an online cyber criminal forum".[10] Upon announcing the 12 charges issued by the United States, Attorney David Hickton called the site "a cyber hornet's nest of criminal hackers", "the most sophisticated English-speaking forum for criminal computer hackers in the world" which "represented one of the gravest threats to the integrity of data on computers in the United States".[11] [12]
On Monday, September 21, 2015, Daniel Placek appeared on the podcast Radiolab discussing his role in starting Darkode and his eventual cooperation with the United States government in its efforts to take down the site.[13]
Only two weeks after the announcement of the raid, the site reappeared with increased security, employing blockchain-based authentication and operating on the Tor anonymity network.[2] [3] [4] Researchers from MalwareTech suggested the relaunch was not genuine, and almost immediately after, it was hacked and its database leaked.[14]
On December 13, a version of the site returned on the original domain name.[15]