Police raids shut down the Darkode forum and within 10 days it was back up and running, researchers said.
This time the forum returned with extra security protocols to make sure law enforcement agencies will have a harder time getting in and shutting them down again, said researchers at Malware Tech.
The new version of the site is back together courtesy of a former admin that escaped the FBI and Europol raids, known only as Sp3cial1st.
According to a statement published on darkode.cc, the domain where the new forum will reside, “most of the staff is intact, along with senior members.”
Sp3cial1st said “the raids focused on newly added individuals or people that have been retired from the scene for years.”
The new version of Darkode will only invite previous members and no one else, except users registered in the past six to eight months, Sp3cial1st said considering these users “may have turned informant,” Darkode members should “act accordingly.”
Alongside a new domain name, the old one being darkode.com, now seized by authorities, Darkode will also feature a new platform on which the forum will be run from.
As with the original, this new version will be using Onion to mask user location under random IPs, but will also feature Bitcoin credentials in the user authentication process.
Unless an attacker holds the Onion URL and the Bitcoin ID, they won’t be able to access the forum by hijacking accounts.
Only “a hash of the BTC Guid, a BTC Wallet (for default display NickName), and an alias if the user chooses to create one” will end up stored in the forum’s database.
While in the past everything surrounding Darkode remained shrouded in secrecy, this new approach of sharing inside information with the public seemed necessary, Sp3cial1st said.
“We believe full disclosure on how the new forum will function is necessary to allow members to have confidence in its security,” Sp3cial1st said.
The FBI broke up the original Darkode in early July, The forum was a one-stop, high-volume shopping venue for some of the world’s most prolific cyber criminals. Darkode was an underground, password-protected, online forum that was a meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally identifiable information, credit card information, hacked server credentials, and other pieces of data and software that facilitated complex cyber crimes all over the globe, the FBI said.
This invitation-only, English-speaking forum ended up infiltrated by the FBI which got into the communication platform at the highest levels and began collecting evidence and intelligence on Darkode members.