The Birth of an Underworld
The forum was created sometime in 2007 by an unindicted co-conspirator who used the hacker handle “Iserdo” and who authorities identify in the Darkode documents only as M.S. Iserdo, however, has long been identified publicly as Matjaž Škorjanc, a 27 year old Slovenian, who was arrested in 2010 in Slovenia and charged with creating the massively popular botnet malware known as Mariposa. Mariposa (“butterfly”in Spanish) was designed to steal banking credentials and other passwords and was responsible for infecting an estimated 8 to 10 millions computers, including at least 40 banks and hundreds of companies. Škorjanc was sentenced to five years in prison in 2013. According to the Darode documents, Iserdo/M.S. created the site with another unindicted co-conspirator who used the monikers “nocen” and “Loki.” He allegedly created the site initially as a means to market his Mariposa toolkit and other products, but eventually it expanded into a wider marketplace as the user base grew.
As it developed, the aim became to provide an underground gathering place for the top hackers and cybercriminals online, but it was soon discovered by white hat security researchers, journalists and so-called script kiddies, who brought unwanted attention to the forum.
Darkode eventually became one of the hangouts of the notorious Lizard Squad—a loud and boisterous hacking crew who took credit for numerous DDoS attacks against Sony’s PlayStation Network and others and who famously caused a stir last year when it managed to get a flight carrying Sony Online Entertainment President John Smedley to make an emergency landing after the group sent out a tweet suggesting that the plane might have explosives on board. As the quality of the Darkode forums degraded, Gudmunds allegedly grew frustrated with the clientele it was attracting, complaining at one point in 2012 to another member that he wanted help bringing in new members “instead of the every day script kiddies.” By then, however, the site had already attracted the attention of undercover Feds who were working to unmask its administrator and members.
The Denizens of Darkcode
Those who have been arrested in the US in association with Darkode include: Morgan C. Culbertson, a 20-year-old from Pittsburgh who was known online as “Android,” allegedly created and sold a malicious program known as Dendroid for stealing data from Google Android phones. Eric L. Crocker, 39 and from Binghamton, New York, allegedly used a Facebook Spreader to infect Facebook users with bonnet malware before selling access to the botnet to others for spreading spam. Naveed Ahmed, 27, of Tampa, Florida; Phillip R. Fleitz, 31, of Indianapolis; and Dewayne Watts, 28, of Hernando, Florida, who have been charged with maintaining a spam botnet that authorities say used “bulletproof” servers hosted in China and vulnerable routers in third world countries to send millions of spam messages designed to cell phone users. According to aninformation sheet (.pdf) from Pittsburgh authorities, they used a program to generate a random list of millions of phone numbers, then added service provider domains to them to send SMS spam to the phone users attached to those accounts, offering free Best Buy gift cards. Daniel Placek, 27 from Glendale, Wisconsin, is accused of creating the Darkode forum and selling malware designed to intercept and collect e-mail addresses and passwords from networks.