The Columbia District Federal Court has unsealed an indictment against four individuals, namely Thomas McCormick (aka fubar), US citizen, Matjaz Skorjanc (aka iserdo and serdo), citizen of Slovenia, Florencio Carro Ruiz (aka NeTK and Netkairo), Spanish citizen, and Mentor Leniqi (aka Iceman), also from Slovenia. The four are accused of conspiracy to commit wire fraud and bank fraud, identity theft, hacking, extortion, as well as for distribution of malware, all done on the Darkode hacking forum. The particular forum was taken down in 2015, following an attack in 2014 that revealed the information of its users, possibly carried out by the FBI and Europol.
The only person to have been arrested by the authorities so far is Thomas McCormick, as he is the only one who lives in the US. The other three, all European citizens remain fugitives. According to the indictment, the group is responsible for about $4.5 million in financial losses suffered by a number of victims between September 2008 and December 2013. The operation of the Darkode forum was a multi-dimensional one, combining the development and selling of malware tools, bank credential stealing trojans, the exchange of expertise, and the blooming of hacking ideas through coordinated hacking action.
While McCormick is accused of acting as the last administrator of the forum, Skorjanc, for example, is charged for the founding of the Darkode, as well as the development of the BFBOT (Butterfly Bot) malicious software. This was a bot that was capable of stealing usernames and passwords of victims through Firefox or Internet Explorer, running on Windows NT. The bot was also capable of launching DDoS attacks, so the extent of the damage that was done by the various Darkode tools required much time for the prosecutors to estimate with accuracy.
Other popular malware tools that were spewed out of Darkode include the Zeus trojan, and the Mariposa botnet, which was based on the Butterfly Bot. The name “Darkode” continues to exist on the darknet, as there have been numerous revivals of the notorious forum, even after a couple of weeks following the raid and seizure of the original domain. However, these revivals have nothing to do with the original forum, and the group behind them does not include any of the three fugitives.
Have something to say on the above? Feel free to do so in the comments down below, or on our socials, on Facebook and Twitter.