This article is more than 1 year old
Darkode 3.0 is so lame it's not worth your time reading this story
Supposed sekrit crimeware den can be searched through Google. Even HackForums makes you sign in
The FBI-scuppered Darkode crime forum appears truly dead after a promised resurgent site failed to surface and a recent spin-off has proven horribly insecure.
Darkode was the white-hat-infested crime den for English-speaking carders and VXers who bought and sold software and services that plundered the pockets of corporations and internet users.
The service was annihilated in one of the most successful anti-crime efforts to date after the FBI, Europol and other national police agencies arrested dozens of hackers, coders, and other net scum, including some Darkode admins.
Forum boss "Sp3cial1st" slipped the sting and claimed to be building a new and more secure version of the site. That sequel now appears to have disappeared after initially opening with an under construction page holder.
Damballa's senior threat researcher Loucif Kharouni says the new site is poorly configured running the Jetty and the Openfire Jabber software, and allows the entire site to be searched without even needing to login.
"The criminal community has low trust in the new Darkode forum," Kharouni says.
"The lack of security and misconfiguration shows that Darkode can’t be trusted and will never regain its former glory.
"Another Darkode fail."
Kharouni says it was not "just not worth anyone’s time" to provide the link because of the site's pathetic state of security.
El Reg has spotted the site (on the Tor hidden service) and has found it had thrown up a login requirement likely made after Kharouni's disclosure.
Former admin and Darkode co-founder Daniel Placek, previously known as Nocen, Loki, or Juggernaut, for the first time spoke publicly last month with NRP's RadioLab program.
Placek says he named the forum after a discussion with members of the BotTalk chat room in which he proposed creating a site free of script kiddies and home only to competent hackers.
He left the site in 2009 and was arrested. Placek says he has cooperated with police and become a professional consultant since then. ®
Biting the hand that feeds IT
