The Darker side of Darkode

 

Posted by Martin Zinaich on July 19, 2015.

Information about a Cyber Criminal Forum Take Down was recently released on the FBI website. The website Darkode was an Amazon for some of the world’s most high-volume cyber criminals. Not as pretty of course, just a general forum selling Rats’ (Remote Access Tools), Botnets, Credit Card Information, and the general sharing of information on how to be a better person.

Membership had to be sponsored and members had to approve access. The good news is this take-down not only involved the FBI but Europol and partners in 19 countries. This shows law enforcement is getting its cross-border legs.

For me, the story inside the story of the Darkode take-down is that of one member – Morgan Culbertson. Morgan was a member of Darkode and was also doing intern work with… wait for it … FireEye. FireEye is a well-known threat Intelligence and security product company. Of course, the benefit here could flow either way. Most assuredly, if you are working with threat Intel you have to be in these dark places. On the other hand, if you know what one of the most popular security appliances is looking for, it helps improve your own malware. Apparently, for Morgan it was the latter:

Morgan C. Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information with conspiring to send malicious code. He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.

I do not know if I should feel sorry for FireEye because how do you effectively background someone who is twenty years old, or if I should be annoyed because someone of that age got so close to the secret sauce. The Target breach pushed FireEye into the InfoSec spotlight because their system had reportedly discovered the breach (and could have stopped it, if the system was in prevent mode). This latest revelation is a completely different kind of spotlight.