Federal authorities in Pittsburgh yesterday announced the takedown of an international cybercriminal forum and charges against its administrators, members and users around the world.
David J. Hickton, U.S. Attorney for the Western District of Pennsylvania, Deputy Director Mark F. Giuliano of the FBI, and Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division spoke at the U.S. Courthouse in downtown Pittsburgh.
The charges contained in various indictments, information and criminal complaints represent one of the largest ever coordinated international law enforcement efforts directed at online cybercriminal forums.
Twenty countries from around the world are participating in the takedown.
The computer hacking forum known as Darkode was dismantled, and criminal charges have been filed in the Western District of Pennsylvania and elsewhere against 12 individuals associated with the forum, announced
“Hackers and those who profit from stolen information use underground Internet forums to evade law enforcement and target innocent people around the world,” said Assistant Attorney General Caldwell. “This operation is a great example of what international law enforcement can accomplish when we work closely together to neutralize a global cybercrime marketplace.”
“Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the United States and around the world and was the most sophisticated English-speaking forum for criminal computer hackers in the world,” said U.S. Attorney Hickton. “Through this operation, we have dismantled a cyber hornets’ nest of criminal hackers which was believed by many, including the hackers themselves, to be impenetrable.”
“This is a milestone in our efforts to shut down criminals’ ability to buy, sell, and trade malware, botnets and personally identifiable information used to steal from U.S. citizens and individuals around the world,” said Deputy Director Giuliano. “Cyber criminals should not have a safe haven to shop for the tools of their trade and Operation Shrouded Horizon shows we will do all we can to disrupt their unlawful activities.”
As alleged in the charging documents, Darkode was an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. Before becoming a member of Darkode, prospective members were allegedly vetted through a process in which an existing member invited a prospective member to the forum for the purpose of presenting the skills or products that he or she could bring to the group.
Darkode members allegedly used each other’s skills and products to infect computers and electronic devices of victims around the world with malware and, thereby gain access to, and control over, those devices.
The takedown of the forum and the charges announced today are the result of the FBI’s infiltration, as part of Operation Shrouded Horizon, of the Darkode’s membership. The investigation of the Darkode forum is ongoing, and the U.S. Attorney’s Office of the Western District of Pennsylvania is taking a leadership role in conjunction with the Criminal Division’s Computer Crime and Intellectual Property Section (CCIPS).
The charges announced today are part of a coordinated effort by a coalition of law enforcement authorities from 20 nations to charge, arrest or search 70 Darkode members and associates around the world.
The nations comprising the coalition include Australia, Bosnia and Herzegovina, Brazil, Canada, Colombia, Costa Rica, Cyprus, Croatia, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia, Sweden, the United Kingdom and the United States.
Five individuals face charges in the Western District of Pennsylvania:
• Johan Anders Gudmunds, aka Mafi aka Crim aka Synthet!c, 27, of Sollebrunn, Sweden, is charged by indictment with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He is accused of serving as the administrator of Darkode, and creating and selling malware that allowed hackers to create botnets. Gudmunds also allegedly operated his own botnet, which at times consisted of more than 50,000 computers, and used his botnet to steal data from the users of those computers on approximately 200,000,000 occasions.
• Morgan C. Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information with conspiring to send malicious code. He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.
• Eric L. Crocker, aka Phastman, 39, of Binghamton, New York, is charged by criminal information with sending spam. He is accused of being involved in a scheme involving the use of a Facebook Spreader which infected Facebook users’ computers, turning them into bots which Crocker controlled through the use of command and control servers. Crocker sold the use of this botnet to others for the purpose of sending out massive amounts of spam.
• Naveed Ahmed, aka Nav aka semaph0re, 27, of Tampa, Florida; Phillip R. Fleitz, aka Strife, 31, of Indianapolis; and Dewayne Watts, aka m3t4lh34d aka metal, 28, of Hernando, Florida, are each charged by criminal information with conspiring to send spam. They are accused of participating in a sophisticated scheme to maintain a spam botnet that utilized bulletproof servers in China to exploit vulnerable routers in third world countries, and that sent millions of electronic mail messages designed to defeat the spam filters of cellular phone providers.
• Murtaza Saifuddin, aka rzor, 29, of Karachi, Sindh, Pakistan, is charged in an indictment with identity theft. Saifuddin is accused of attempting to transfer credit card numbers to others on Darkode.
investigation, Operation Shrouded Horizon, is being conducted by the FBI with assistance from Europol and their European Cyber Crime Center (EC3).