FBI agents for the Pittsburgh cyber squad monitor cyber criminal activities at National Cyber Forensic and Training Alliance Center, a nonprofit based in South Oakland.
U.S. Attorney David J. Hickton announced today the takedown of the criminal online hacking forum known as Darkode.
Scott Smith, Pittsburgh FBI special agent in charge, looks on as U.S. Attorney David J. Hickton speaks today.
John Lynch. chief of the Department of Justice Computer Crime & Intellectual Property section, looks on as U.S. Attorney David J. Hickton speaks.
By Rich Lord / Pittsburgh Post-Gazette
Nobody got into Darkode.com without references.
It took even more credibility to move through the online crime bazaar’s “tiers of membership based on knowledge, skill, illegal activity and reputation,” John Lynch, chief of the Department of Justice Criminal Division’s Computer Crime and Intellectual Property Section, said Wednesday.
Yet the FBI penetrated Darkode, which led to criminal charges that were unsealed Wednesday, the site’s shutdown and dozens of arrests across the globe, all coordinated from Pittsburgh.
The Darkode takedown was different from last year’s big cyber indictments, in which some of the victims were local, but the accused were (and probably still are) in Russia and China.
This time one of the accused, a Churchill man, is local, and some 28 others were under arrest Wednesday, charged in courts ranging from Louisiana to Romania. And like most cyber busts, the Darkode bust involved technology — but it also took old-fashioned undercover work.
“The FBI has effectively smashed the hornets’ nest, and we are in the process of rounding up and charging the hornets,” said U.S. Attorney David Hickton. He characterized Darkode as “a crime bazaar for hackers” and the “best malware marketplace on the Web.”
Into the Darkode
Darkode was created around 2008 as a haven for the brightest hacking talent in the Western world.
Ads recently posted there showed that the bazaar’s fare included personal information and the tools for stealing it. One ad offered 23,000 Social Security numbers, with dates of birth, for a few hundred dollars. Another advertised “1 million email + [passwords] (quality).” Credit card numbers, counterfeit passports, tools for infecting hardware — Darkode had it all, at prices ranging from $100 to $5,000, depending on the extent, quality and freshness of the material.
By 2010, an FBI undercover agent got far enough into Darkode to negotiate with site administrator Johan Anders Gudmunds, 27, of Sollebrunn, Sweden, according to the indictment against him. The Swede, in an online chat with the agent, offered to sell access to hacked computer servers.
In a case filed in federal court in Atlanta in 2011, men from Russia and Algeria were accused of using Darkode in a mail fraud scheme, distributing malware called SpyEye, which stole victims’ financial information.
Officials said the Pittsburgh FBI’s probe into Darkode intensified around 18 months ago, and took the name Operation Shrouded Horizon.
At that time, according to charges, Morgan C. Culbertson, 20, of Churchill, was on Darkode, using the code name Android. He marketed malware called Dendroid, which allowed criminals to remotely manipulate infected cell phones to spy on their owners, according to the charges.
Mr. Culbertson was not indicted, but rather charged through a document called an information, which usually indicates that the defendant has agreed to plead guilty. He could not be reached for comment.
FBI agents and analysts sorted through mounds of electronic data. Others gathered intelligence on the players, participating in undercover chats in which cyber criminals dropped hints of their identities and physical locations.
When an institution’s credit cards went up for sale on Darkode, or when an actor marshaled forces for a denial-of-service attack against a company, the FBI warned the target.
Pittsburgh led a coalition that started domestically with the bureau’s offices in Washington, D.C., San Diego, New Orleans and San Francisco, and extended to online enforcement teams in 20 countries, including numerous European countries, Israel, Australia, Colombia, Brazil and Nigeria.
The goal, officials said, was not just to pick off a few Darkode merchants, but to pull the weed out, roots and all.
FBI Special Agent in Charge Scott S. Smith said agents “infiltrated the underground criminal forum Darkode at the highest level.”
Down goes Darkode
Starting Monday, a half-dozen Pittsburgh-based agents and analysts worked 24 hours to coordinate the multi-country bust.
Down went Darkode, replaced by a screen featuring the logos of involved law enforcement agencies, and an announcement that it had been “seized by the Federal Bureau of Investigation, Pittsburgh Field Office,” plus Mr. Hickton’s office and Europol.
Mr. Culbertson, Mr. Gudmunds — who was searched and questioned Tuesday — and five others are being prosecuted in Pittsburgh.
Eric L. Crocker, of Binghamton, N.Y., is charged with spamming for using a “Facebook Spreader” program that infected computers via the social networking site, sending messages replete with infectious code to “friends” and creating a “botnet” of infected, remotely manipulable machines.
Two Florida men, Naveed Ahmed, 27, of Tampa, and Dewayne Watts, 28, of Hernando, plus Phillip R. Fleitz, 31, of Indianapolis, are charged with conspiring to use Darkode and China-based computer servers to send millions of spam text messages including links that, if clicked, compromised information stored on victims’ phones.
Indicted for identity theft, and not yet in custody, is Murtaza Saifuddin, 29, of Karachi, Pakistan.
Unlike last year’s Pittsburgh-led indictments of five members of the Chinese People’s Liberation Army cyber espionage unit, and of Russian superhacker Evgeniy Mikhailovich Bogachev, Darkode will almost certainly lead to convictions. That process may enhance federal law enforcement’s understanding of the cyber underworld.
The Darkode bust is also billed as the premier effort at international cyber crime investigation, building on the usual U.S. and European partnership to add collaborative agencies in Asia, South America, Africa and Australia.
Experts said that coalition couldn’t be emerging at a better time, as American cyber security reels from successful attacks, apparently engineered abroad.
“It’s almost like every day we are hearing about attacks, and every day it’s getting worse and worse,” said Bhavani Thuraisingham, executive director of the Cyber Security Research Institute at the University of Texas at Dallas.
She hailed Pittsburgh’s ability to build a multi-country coalition to take on Darkode.
“If we can have more countries participate and we share information, I would say that would be a very positive thing.”
Rich Lord: firstname.lastname@example.org or 412-263-1542. Twitter @richelord
To report inappropriate comments, abuse and/or repeat offenders, please send an email to
email@example.com and include a link to the article and a copy of the comment. Your report will be reviewed in a timely manner.