A hacking forum the FBI lists as “one of the most dangerous in the world” has returned, a mere two weeks after law enforcement agencies shut it down.
The forum, known as Darkode, was shut down on July 15 as a part of an 18-month operation, codenamed Shrouded Horizon, that involved law enforcement from 20 countries.
The operation lead to the arrest of 28 people, including three men believed to have created some of the hacking tools being traded on the forum.
The Darkode forum granted its members access to an underground network where they could buy, sell, or trade attack tools and stolen goods. It also had discussion forums where members could share information and ideas about hacking.
The original site was shut down and currently displays the below notice from the FBI:
The new Darkode site appeared on Monday with a placeholder message containing instructions for returning members:
Security researcher MalwareTech claims the site is being run by one of Darkode’s old admins, who goes by the moniker Sp3cial1st.
The site has also added a new onion routing Tor service that generates unique web addresses for its users. The varied addresses make it harder for law enforcement to track or monitor the site.
It is unclear how many of the original Darkode members will return to the new site. Europol says Darknode had 250 to 300 active members before it was shut down and housed some of the most infamous hackers in the world.
These included members of the Lizard Squad group that mounted high-profile attacks on the Xbox Live and PlayStation Network gaming platforms in 2014.
According to the US Department of Defence (DoJ), Darkode has a strict vetting process for new members. The DoJ said the process required an existing member to invite a prospect to the forum.
After being invited, the DoJ said the “candidate” would then have to demonstrate their skills and persuade the remaining members they could be useful.
It’s not the first time this has happened
Darkode is not the first hacker forum, cyber blackmarket or online criminal operation to reappear following a take-down operation. Key forums and hacking operations to return to action after suffering takedowns include:
- Silk Road: In 2013 when law enforcement shut down the infamous Silk Road underground digital market a new Silk Road 2.0 opened mere weeks later.
- GameOver Zeus: Law enforcement agencies, including the FBI and NCA, temporarily shut down the Gameover Zeus botnet, which was estimated to have enslaved between 500,000 and one million computers at its peak in June 2014 — botnets are criminal operations that enslave victim machines using special forms of malware, leaving them in control of the hacker.
- A more resilient version of the GameOver Zeus botnet appeared in July 2014.
Business Insider has reached out to the FBI and NCA for comment on Darkode’s return.