Darkode forum returns with lousy security that keeps serious users away
The newest version of the infamous Darkode cybercriminal forum is up, and it’s the worst one ever, says Loucif Kharouni, a senior threat researcher with Damballa.
As you might remember, the original forum, started way back in 2007, was the most prolific English-speaking cybercriminal forum there ever was, and becoming a member was dependent on the whether a current member would vouch for you.
Ultimately, that didn’t help to keep out law enforcement and, ultimately, the forum was shuttered by the FBI and Europol in July 2015.
An administrator of the forum (who was obviously not arrested in the first sweep) announced a reboot of the forum two weeks after the aforementioned takedown, but it apparently didn’t take off, despite the security improvements he said it would sport.
So now we have another forum up that uses the Darkode name, and as things look now, it will be another failure, because its security is laughable.
“As promised, the administrators moved the forum to the dark web for ‘security’ reasons and anonymity,” Kharouni shared, but noted that the forum is also accessible without the Tor software, via any browser (and with no anonymity).
In addition to this, the search page allows unrestricted access to the entire forum – no username or password required – and anyone can access a list of the members, active topics, etc. (click on the screenshot to enlarge it):
“The forum administrator Sven is a very generic handle but we know that he’s a previous member of Darkode. As for the rest of the members, there is a mix of HackForum members usually called HF skids and DamageLab members. This gives you an idea about the quality of the forum,” Kharouni pointed out.
The admin also offered a Jabber service to its members (for messaging), but the server on which it is hosted is poorly configured, has a bucketload of ports open, and uses outdated software that is subject to several known vulnerabilities.
At the moment, the forum can’t boast of any significant activity – whether that’s because the users don’t trust the admin or each other, or whether their security expectations haven’t been met is difficult to tell. What is plain to see is that Darkode is currently a shadow of its former self.