The Darkode black market, once a hotbed of software exploits and hacking tools, is clinging on to life despite the best efforts of law enforcement -- but is now little more than a shadow of its former self.
The Darkode forum, launched in 2007, was once a hotbed for criminals to snap up everything from hacking software to access to compromised company servers. However, the original .com domain was seized by law enforcement agencies several years ago.
Another version quickly popped up and was once again shut down, this time by the FBI, earlier this year. Over 70 people were arrested in connection with the forum.
Senior threat researcher Loucif Kharouni from Damballa says the company has been keeping an out for a resurrected version of the forum, and its vigilance was rewarded this week with the discovery of a new version of Darkode.
While nestled in the Dark Web to prevent unwanted eyes from spying upon the black hat trade of exploits, software vulnerabilities and hacking tools, the forum has received a failing mark when it comes to its own security thanks to poor design elements.
Kharouni first noticed Darkode's forum search is wide open for anyone to use without credentials or invitation -- a stark contrast to Darokode originally, which was password-protected and relied on a referral system to acquire new members.
In this case, once a search term is entered you can view member lists, topics and threads without any restrictions whatsoever.
A forum's security is only as good as its administrator, and the site's admin, dubbed Sven, is believed to be a former member of the original Darkode forum -- but he's not of the security caliber the previous admins were.
"Sven is a very generic handle but we know that he's a previous member of Darkode," Kharouni writes.
"As for the rest of the members, there is a mix of HackForum members usually called HF skids and DamageLab members. This gives you an idea about the quality of the forum.
In terms of security, the forum is also accessible without the Tor software. It can be accessed from any browser without anonymity. Another poor design of the forum."
Sven also offers members a Jabber service, an open protocol for instant messaging otherwise known as XMPP. However, the Russia-based server is poorly configured, with ports wide open on default settings -- giving anyone the opportunity to listen in.
The Openfire version installed to support Jabber is also out-of-date and subject to a number of severe security vulnerabilities.
The forum has shown no serious activity when it comes to the trade of Trojans, high-profile malware, access to compromised websites or the sale of hacking tools. Add this to the obvious issues with the forum and the conclusion that this version of Darkode is nothing more than a poor imitation of its former self, and there is little trust in the criminal community when it comes to using the forum.
Luckily for us, as this type of trading leads to data breaches, information theft and compromised systems which can threaten everything from our identities to our bank accounts.
"The criminal community has low trust in the 'new' Darkode forum. The lack of security and misconfiguration shows that Darkode can't be trusted and will never regain its former glory. Another Darkode fail. In previous times, we'd provide the link, but this time we aren't because it's just not worth anyone's time."
Read on: Top picks