FBI, International Law Units Smash Infamous Hacker Bazaar Darkode

coondoggie writes: The FBI in concert with Interpol and other worldwide law enforcement teams say they have taken down the international cybercriminal site marketplace Darkode and arrested 70 people involved with the site. Darkode was an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share malware, ransomware, information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices, the FBI said.

Hackers

[farrellj]

Not all Hackers are cyber criminals. Despite what CSI:Cyber might say.

Re: Hackers

Too late for that. In the mind of the majority hacker == criminal. Good luck changing that, especially with all the popular media against you. It's done. We lost. Get over it.

Re:Hackers

Absolutely not. If they sell their exploits to governments, they become security professionals or even law enforcement officers! Unless they sell to the wrong government, in case of which they become terrorists or enemy combatants.

Then again, in reality hackers are people who can manipulate systems (locks, vending machines, humans, computers) in unconventional and unforeseen ways with minimum effort. But who cares about definitions.

Re:Hackers

[CaptainDork]

Not any remote controlled toy airplanes are drones, but put that one in the dictionary with hackers and move on.

Re:Hackers

[ubrgeek]

> Despite what CSI:Cyber might say.

I'm proud to say I have no clue what CSI:Cyber says.

Re:Hackers

Not all Hackers are cyber criminals. Despite what CSI:Cyber might say.

"CSI:Cyber" is so unrealistic even for a television show. Not to mention at least two of the characters were specifically recruited by the Federal Bureau of Investigation due to their cybercrime activity. You are correct the term hacker has been perverted to the extent it is associated with criminal activity in the mind of many people. The 1980s television show "Whiz Kids" [ https://www.youtube.com/watch?v=-yQ3LCeGLvU ] was closer to the true definition and was definitely more accurate.

Re:Hackers

Not all Hackers are cyber criminals. Despite what CSI:Cyber might say.

"CSI:Cyber" is so unrealistic even for a television show. Not to mention at least two of the characters were specifically recruited by the Federal Bureau of Investigation due to their cybercrime activity. You are correct the term hacker has been perverted to the extent it is associated with criminal activity in the mind of many people. The 1980s television show "Whiz Kids" [ https://www.youtube.com/watch?v=-yQ3LCeGLvU ] was closer to the true definition and was definitely more accurate.

Even though the "Based on a true story" back story is dubious, I think the show Scorpion is a much better representation of hackers, and the term can be extended beyond computers and computer programming to mechanical and electronic and game theory, psychology and other fields. (This is what makes the show Scorpion better than vanilla "hacker" dramas on TV.)

Re: Hackers

I saw the first episode. Where was the realism? It was a complete laughing stock between my friends for how stupid the plane plot was.

The USA networks show is more realistic, but I donâ(TM)t watch it because the lead characters eye's are annoying as fuck to me.

Guuuuud. Guuuuuud.

Just how safe do you feel, dumbass punk?

Arent botnets

[invictusvoyd]

a primarily windows thing?

Re:Arent botnets

If you think that then please steer the hell away from any computer with another OS, because you're obviously far too naive to ensure that it's secure against becoming a bot in a botnet.

Re:Arent botnets

No, there are plenty of Linux boxes out there that are vulnerable. Think about it. Sysadmins are on defense, they have to block and make sure every attack is blocked, while the innumerable attackers only have to make it through once to cause damage. And that's just with the sysadmins who know what they are doing and give a shit.

Sometimes it's not vulnerabilities that cause you to fall into the hands of a botnet, but misconfiguration or lack of knowledge.

Re:Arent botnets

Mac and Linux don't get malware.

Re:Arent botnets

[ArchieBunker]

I guarantee if the market share of Windows and Linux were switched, you would see just as much malware.

Re:Arent botnets

Uhmmm, there are billions more Linux devices than Windows devices. So you say that Linux will have more malware if there were billions less machines running Linux?

Re:Arent botnets

LOL BILLIONS. I can't believe you actually typed that and sent it.

Re:Arent botnets

[QuasiSteve]

No, he's probably right. Don't forget that things like a Raspberry Pi and Beaglebone Black and TiVos and smartphones and so forth and so on all run some flavor of Linux as well. It could very well easily be billions when you include all of the platforms from the simplest device (that could have done with a simpler microcontroller but using a more beefy chip meant cost savings on not having to use a separate display driver and running a lightweight Linux distro on there seemed like a perfect fit) to supercomputer clusters.

What GP should have said was 'desktop share'. Where people use the computers more directly. Where people are fallible. Where people will click "Yes" when they're asked if they really, really want to run a program after they downloaded it from a site that kind of looked like their bank's so it must have been legit, etc. There's little to no defense against botnet type behavior in any operating system when the attack vector is human ignorance, gullibility, or straight out stupidity

Re: Arent botnets

That's news to the rest of the world.

Anyone who got hacked by jboss vulnerability using Google search to track them down and infect them and send a nice email letting you know, would like to punch you in the face.

Re: Arent botnets

I'll take that bet. You're neglecting the skills of the typical user who clicks on or falls for unsafe links, so the typical linux user is more educated on clicking links and preventing infections in the first place.

Re:Arent botnets

I'd love to see if you're right.

Why even say that?

[fleabay]

Most Slashdot readers know that hacker does not correlate to cyber criminal, but that it is sometimes the case.

Imagine an article that says a few black men raped a woman. Would you feel the need to post that not all black men are rapers?

So I say to your post, DUH

Re:Why even say that?

"in which hackers and other cyber-criminals" If you apply this same sentence with your example "in which .... and other criminals" it would be equally noteworthy.....

More proof that the goverment hates competition.

[KDiPietro]

The irony of the FBI, an organization which is demanding the ability to access your data whenever they choose, taking down an organization involved in making similar tools is beyond description.

In fact, basically none are

Being a s'kiddie does not a hacker make.

The thing is, it's now enshrined in law, after hollywood made the case and the security industry cemented it with the "ethical haxx0r" shtick and the hat colour discussion. It's quite clever how they deliberately went for the scare words tactic of cheap marketeering, only to find themselves utterly confused as to who was whom again.

"Hacker" was originally a badge of honour, given and never claimed, for mindbending creativity with great technological skill. Clearly, there isn't enough of that in the computer security industry to warrant its own word. Its overuse leaves us with an empty husk of a word, now stripped of all meaning. The only thing to do is to refuse to use the words "hacker", "hacking", "hacked", etc. until people have forgotten this hollywood-and-security-industry imposed scare-word meaning.

Use precise and accurate words instread. While at it, don't forget to lobby your representatives to get that overly broad "computer hacking" law repealed and replaced with something that has accurate scope and precise wording.

Re:In fact, basically none are

The thing is, it's now enshrined in law, after hollywood made the case

Yeah, but Angelina Jolie was hot in that movie.

Re:In fact, basically none are

Being a s'kiddie does not a hacker make.

The thing is, it's now enshrined in law, after hollywood made the case and the security industry cemented it with the "ethical haxx0r" shtick and the hat colour discussion. It's quite clever how they deliberately went for the scare words tactic of cheap marketeering, only to find themselves utterly confused as to who was whom again.

"Hacker" was originally a badge of honour, given and never claimed, for mindbending creativity with great technological skill. Clearly, there isn't enough of that in the computer security industry to warrant its own word. Its overuse leaves us with an empty husk of a word, now stripped of all meaning. The only thing to do is to refuse to use the words "hacker", "hacking", "hacked", etc. until people have forgotten this hollywood-and-security-industry imposed scare-word meaning.

Use precise and accurate words instread. While at it, don't forget to lobby your representatives to get that overly broad "computer hacking" law repealed and replaced with something that has accurate scope and precise wording.

Well, based on how the Dread Pirate Roberts / Silk Road case went, Accurate wording, the law (in terms of entrapment, in terms of disclosure of evidence from prosecution to defense in a timely manner and most importantly, accountability of law enforcement in terms of respecting the 4th amendment rights of the defendant.) is pretty irrelevant if this ends in a case where the judge just refuses to hear all of the prosecution's evidence and witnesses and then just says "Guilty on all counts" without making any kind of case or following proper legal procedure to ensure a fair trial. We will see, but I won't be holding my breath. As it stands, the government and law enforcement can do whatever they like (including entrapment, hacking foreign servers and being just as 'criminal' as the people they are trying to catch!) so long as they get their man. Privacy rights are just the tip of the iceberg here it seems.

I am a law abiding citizen, and a former IT professional, but I am too dumb to do any of the 'epic hacks' that would land someone in a situation like this, however it does beg the question what the constraints on law enforcement and our rights are in the spirit of the law. I have been called naive for believing that if you are innocent, you have nothing to fear, however it is also clear that 70% of the time, people lie for personal gain, so you are better off not believing people's bullshit no matter who they are.. all things being equal.

Re:In fact, basically none are

The thing is, it's now enshrined in law, after hollywood made the case

Yeah, but Angelina Jolie was hot in that movie.

"Hack the planet!" That movie was good, however it suffered from the problem from a lot of hacker movies where:

1- Hackers never use mice and type at millions of words a minute while apparently a screensaver with trip visuals is going on the screen constantly.
2- All hackers have all hacker skill sets in equal measure and solve hacking problems in 4 minutes or less, no research or contemplation AFK required.
3- Almost all hackers are models, only the crappy ones have weight problems, baldness or other prejudicial conditions.
4- Someone like Penn Gilette is a network admin.
5- Only 1% of the time is the hacking technique of "Social Engineering" used to gain entry to a target, when in reality it is more like 60-70% of the time (ok it was used 2 times in Hackers that I count.. to get control of the TV station video tape machine at the beginning and When Matthew Lillard's character (CerealKiller) poses as a telecom tech to hack the company.) More often it is some poorly explained "deus ex" crap that amounts to someone just "breaking in"

The movie did a good job of portraying hackers as being mostly non-criminal, and the little dude from short circuit being the big bad guy criminal. 0 cool/Crash Override, Lord Nikon, PhantomPhreak, AcidBurn, CerealKiller and both Razor and Blade do not appear anywhere to be malicious terrorists in any measure.

The movie does stand the test of time, but most of the actual "Hacking" was more poorly depicted than the hacking in the movie "SwordFish" which is on my list of the top 10 worst movies ever made. Hackers did a good job of showing a snapshot of the 'culture' that you encounter at a DEFCON conference in a convincing manner. (not hard to do, but was more of a new thing in the 1990s than it is now, rather cliche.)

Re:In fact, basically none are

[barbariccow]

"Hacker" was originally a badge of honour, given and never claimed, for mindbending creativity with great technological skill.

I thought it was a term given to trial-and-error programmers, who just kinda "hack things together" when there is no documentation or direction.

voted down

The nsa and every other intelligence agency would of course say this is an futile vote. Since I'm posting this anonymously this would get voted down to -1.

Let's analyze this. -1 down vote means either the intelligence agencies:
1) Can't analyze this.
2) Can but won't react.
3) Civilian agencies are more equipped to protect the civilian population.

feel free to add scenarios.

Thought crime

[nospam007]

The FBI goes after thoughtcrime, ideas and tools that _may_ be used to commit a crime who would have thought.

How about guns?

Re:Thought crime

[DNS-and-BIND]

They do that all the time. It just doesn't make the news because it's about as newsworthy as "dog bites man". Are you here to tell me you've really never heard of selection bias, nor were unable to think critically before posting?

Re:Thought crime

Are you one of those fools who thinks that only bad guys can have guns and law abiding citizens have no need for firearms?

And are _you_ one of those people who knee-jerk responds to a post about guns without knowing wtf the person is even talking about?

Calm down, breathe... Their point was that owning a gun does not make someone necessarily a "bad guy", and made the comparison that having certain tools and expertise does not necessarily make someone a hacker with malicious intent.

Re:Thought crime

No, no, no guns are fine. Dead people can't lose money. All we care about is losing money.

Anyway, as every USAian knows, guns only kill baddies.

Re:More proof that the goverment hates competition

[gweihir]

Probably they wanted discounts and did not get them. Hence the take-down.

Who fed you that bullshit?

http://www.itworld.com/article...

and

http://apple.slashdot.org/stor...

There's 100's more out there I could put up from my bookmarks/favs, but an example of each respectively for Linux &/or Mac does the job.

* The ONLY real reason neither was attacked for so long was that there weren't enough users to justify doing so (not enough "ROI" for the efforts expended due to low usership/usershare/mindshare vs. Windows @ roughly 95% of the PC market & 50% of the server market).

Hacker/cracker types (malware makers/botnet herders, whatever) are like pickpockets - they don't operate in rooms by themselves & go to crowded throughfares where there are "many pickings".

APK

P.S.=> You've got to be kidding, right? apk

Re:Who fed you that bullshit?

[bouldin]

That first link is to a rootkit proof-of-concept, not Linux malware in the wild.

Also, not like the malware you find in the wild that speaks DNS itself, bypassing the hosts file.

New tools needed

[Varenthos]

After Hacking Team got hacked and all of the exploits that they used became known and got patched, they just needed a new source for their "malware, ransomware, information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices."

When you can simply take what you want, you can't beat the price.

Re:New tools needed

[AHuxley]

Re "just needed a new source"
How many nations are setting up front group "contractors" and "private sector" teams that are a direct link back to their own military counterintelligence units?
Watching diverse state and federal police forces offer complex tenders for and accepting code thats then used live around the world.
Front door, back door, trap door, skylight.... just watching day to day network use would be useful to see what is been whitelisted, tracked or allowed to go under patched for week, months, years...

Re:New tools needed

[Kyogreex]

If all they just wanted the materials they could get from the website, I don't see why they would take it down and therefore break the supply. I'm sure they could get access to the forum somehow without rendering it useless. Though I could imagine a scenario in which this would serve to help them move these users to a website they control. It wouldn't be without precedence either; I remember information about a government-controlled forum coming out after another agency took it down.

This happened in my neighborhood.

[xenotransplant]

They arrested one of these guys in my area. This is of no real importance, just makes me shudder a little bit. Eric L. Crocker, aka Phastman, 39, of Binghamton, New York,

What will they smash next?

Lightode? Darktojoy?

National police and private contractors

[davidwr]

How many nations are setting up front group "contractors" and "private sector" teams that are a direct link back to their own military counterintelligence units? [emphasis added]

If they are smart, "zero."

If they are smart, national police who set front groups will make sure it's done indirectly enough that it will be hard to tie the "front" group back to the government entity in question.

As to the number of nations whose police forces use private groups as fronts in some way, shape, or form? The answer is probably close to or equal to the total number of nations with police forces. Sigh.

Re: National police and private contractors

Lots. They retire from military service, start these companies, and rake in contracts.

Criminal intent

The issue here is criminal intent.
Many jurisdictions have a "criminal tools" statute. Criminal tools are intentionally left vague - the specific circumstances then determine whether a crime exists. A classic example is lock picks owned by a locksmith vs lock picks found on a person at 2 AM while loitering near someone's homer. Criminal tool possession is hard to prove, it normally requires intent to commit a "real' crime. I presume in these cases various computers logs and intercepted emails or phone calls show the necessary intent. I understand that techie types dislike vagueness but the real world isn't just 1's or 0''s.

How to research without going to jail?

Any slashdotters got tips on how to access and research content on these sites without getting caught up in some dragnet?

Seems like security research is turning riskier every day........

Law enforcement is utterly useless to average joes

When your typical person has a problem and goes to the police they do nothing. Short of specific types of cases. They're not required to. Then they go and waste tax-payers resources going after non-crimes. That is people who are in the eye of the elite/government/etc for political reasons or are otherwise committing no real crime (hacking). Computer security is mostly an issue of correctly written code and there is little that traditional law enforcement can do to improve that. Unless traditional law enforcements going to start fixing bugs and submitting those fixes to projects your a complete waste of good resources.

Most crime is thought crime

[Etherwalk]

The FBI goes after thoughtcrime, ideas and tools that _may_ be used to commit a crime who would have thought.

How about guns?

Almost all crimes have a thought element. It's not a crime to take someone else's car by accident because you're color blind and someone left the key in it. It's not even illegal to break in and hotwire the car thinking it's yours. (Good luck convincing a jury of that, of course.) Crimes have thought elements.

Tools which are designed to commit crime and are primarily used for that are regulated. I should probably be able to pick up one of those locksmith's guns because they're really cool and I'd enjoy playing with one, but they're still prohibited because they let anyone break into most houses on the block with a minimum of skill and noise. My wanting to play with it isn't a good enough reason to let everyone pick them up at walmart.

Hey, there's nothing wrong with hacking. But a market for malware is about as fucked up as you can get. It's a marketplace for products designed to hurt people without their consent. It's not like bittorrent where there's a legitimate use and an illegitimate one; there's pretty much just an illegitimate one.

Re:Most crime is thought crime

Almost all non-crimes have a thought element too. Singling out 'thought' as a primary element does nothing extra in reducing potential crimes.

Wrong

See subject: Hosts query BEFORE remote or local DNS servers do by default.

* Want me to produce MORE Linux issues? Android does it for me BETTER THAN ANYTHING ELSE does... lol!

APK

P.S.=> Bouldin, lastly: Shall I post your "greatest hits" fails list vs. myself regarding security? I will in my next reply here, for laughs... apk

Right: Android malwares galore! apk

Android's a Linux (stupidly using java/dalvik too full of bugs) & routers using Linux get bushwhacked too!

APK

P.S.=> See subject... apk

Bouldin's golden top 10++ 'greatest hits' fails

"Nobody uses hosts files for security" - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

SpyBot S&D does!

---

NOD32/ESET's says hosts = good security http://slashdot.org/comments.p... as I "overturned" an expert on a false positive on my Hosts program who gave in!

(MalwareBytes' employee VETTED it & hosts + RECOMMENDS it-> http://hosts-file.net/?s=Downl...

---

Mr. Oliver Day @ Symantec/Norton does: http://www.securityfocus.com/c...

Bouldin denied it:

"I don't see Oliver Day of SecurityFocus on there" - by bouldin (828821) on Thursday May 21, 2015 @08:43PM (#49747763)

FROM-> http://it.slashdot.org/comment...

---

Bouldin wrote a ware that secures you + SPEEDS YOU UP (vs antivirus - not as effective vs. online modern threats, mine is stopping infestation BEFORE it gets you & IF in you stops communique BACK to C&C!) security pros second me on? No.

---

Bouldin AGREES hosts give users security, speed, reliability, & anonymity:

"Hosts files are NOT effective at blocking command&control of botnets. I actually agree with most of the rest of the list, but hosts files are not the silver bullet you make them out to be." - by bouldin (828821) on Thursday May 21, 2015 @05:53PM (#49746865)

FROM -> http://it.slashdot.org/comment...

I never said hosts "cure all" + challenged him to show where I have - he couldn't.

Then Bouldin RAN vs. https://zeustracker.abuse.ch/m... since served up by host names hosts block.

(He *tried* DGA botnets later & they're ephemerals - LOW infection odds & below KILLS 'em + e.g.: 0.0.0.0 DGABotnetCandC#.com )

---

Bouldin tried Python scripts w/ DNS to rogue DNS server (firewalls stop this)!

Can't sneak it in: I CUTOFF AVENUES TO IT in my security guides:

E.G.-> http://forums.tweaktown.com/wi...

http://forums.pcpitstop.com/in...

(Based on CIS Tool an esteemed security tool I've put fixes in)

APK

P.S.=> You fail claiming to be a security pro... apk

New Linux Rootkit Emerges

See subject: No mere "proof of concept" -> http://linux.slashdot.org/stor...

Malware Attack Infected 25,000 Linux/UNIX Servers -> http://it.slashdot.org/story/1...

* NEED MORE? Ask & "ye shall receive"...

APK

P.S.=> Then, there's ALWAYS good ole' ANDROID too, lol (loaded with security issues galore for a decade++ now)... apk

First Shellshock botnet attacks Akamai, US DoD

http://www.itnews.com.au/News/...

* Want MORE? Ask "& ye shall receive"...

APK

P.S.=> More are coming, lol... apk

Linux Kernel Exploit Rooting 64-Bit Machines

http://linux.slashdot.org/stor...

* :)

(Don't even TRY to tell us Linux hasn't been exploited all the way up from its KERNEL into botnets & by trojans galore (ANDROID again does the job even better proving this point for me)).

APK

P.S.=> You FAIL as always vs. myself... apk