FBI investigation spanning 20 countries ends in extensive arrests operation of members of malware forum Darkode; one Israeli suspected of aiding terror groups.

Lahav 433’s cyber unit arrested on Tuesday three Israelis involved in the world’s largest-known English-language malware forum, an online marketplace called Darkode, where cybercriminals bought and sold hacked databases, malicious software and other products that could cripple or steal information from computer systems.

More than 70 cybercriminals in 20 countries are targets of the FBI investigation. Some have been charged, while others were the subject of search warrants because some countries require evidence to be seized before criminal charges can be filed, investigators said.

The three Israelis are suspected of launching attacks against websites, taking over webstores, stealing credit card details and other offenses. In return for their criminal services, the suspects were paid with Bitcoin.

Lahav 433's cyber unit (Photo: Police Spokesman's Unit)
Lahav 433’s cyber unit (Photo: Police Spokesman’s Unit)


Two of the arrested are brothers suspected of selling credit card information. The third is suspected of aiding a terror organization transfer funds, and a gag order has been placed on the details of the case.

The Rishon LeZion Magistrate’s Court extended their remand until Sunday.

One of the suspects (Photo: Motti Kimchi)
One of the suspects (Photo: Motti Kimchi)


On the forum, which started operating at the end of 2007, hackers sold malware or solicited others to install it on unsuspecting victims’ computers, investigators said. Marketplace members also bought and sold stolen databases, some containing millions of people’s email addresses or personal information, often used in identity-theft and computer fraud schemes.

The site, which had roughly 250 to 300 active members, was seized and shut down by American authorities on Tuesday.

One of the suspects (Photo: Motti Kimchi)
One of the suspects (Photo: Motti Kimchi)


Those arrested or searched live in the United States, United Kingdom, Australia, Bosnia-Herzegovina, Brazil, Canada, Colombia, Costa Rica, Croatia, Cyprus, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia and Sweden. There are victims in all of those countries, and others, authorities said.

Hackers couldn’t just log onto the site. They had to be vouched for or nominated by at least two current members to be able to buy, sell or solicit illegal wares or services on the site, authorities said. Hackers also had to present an example of their work which includes proof they hacked websites and caused harm, while leaving a personal signature.

Darkode’s advertised products included personal information of 39,000 people from a database of Social Security identification numbers and 20 million emails and usernames that could be used to target people for identity theft, phishing emails or other schemes.

As reported by Ynetnews