Darkode, the black market where hackers buy and sell malware, is back less than two weeks after it was seized by the FBI and taken offline.
On 14 July, a joint operation by the FBI, Europol, the US Department of Justice and the UK's National Crime Agency (NCA), as well as over a dozen national police forces, resulted in the arrests of 28 people around the world, bringing the total number of arrests related to Darkode to 70 in 20 different countries - including five in the UK.
In the UK, the NCA announced that in total five men had been arrested in relation to Darkode between November 2013 and March 2015, suggesting that the members arrested first were used to identify other members.
In a message posted to the new website on 26 July, the administrator said:
"Most of the staff is intact, along with senior members. It appears the raids focused on newly added individuals or people that have been retired from the scene for years. The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite."
After Darkode was taken offline on 14 July, the site's main administrator – known as Sp3cial1st – said he wanted to wait and see the identities of those arrested before deciding if he would bring the forum back online.
According to a UK security researcher who writes the MalwareTech blog, only two of those arrested had been active on the Darkode forum in recent years.
Darkode going to the dark web
On 26 July, what looks like a holding site returned at darkode.cc with the message from Sp3cial1st that seems to suggest the new Darkode, when it launches fully, will be only available on the Tor network and that each user will will be given their own onion address to the forum – a rather sophisticated way of securing the site.
As the MalwareTech blog points out, this system will help prevent Darkode from being used by people other than hackers:
"It would allow the Darkode admins greater control over who gets access, preventing people from accessing a hacked account without the owner's onion url; it would also allow them to better monitor who views what by creating an individual log file for each onion, meaning they could quickly weed out leakers."
In recent years, Darkode had been plagued with law enforcement, researchers and journalists using hacked accounts to monitor what was happening on the forums and leaking information about malware being traded on the site.
These latest security measures will seek to reassure those using Darkode that it is still safe for them to use anonymously.
Sp3cial1st posted some warnings to those who previously used Darkode, including the need to assume "anyone publicly claiming to have been or be a member of the forum is a scammer".
He adds that users should also "assume anyone you have dealt with that was added to Darkode in the last 6–8 months may have turned informant and act accordingly".
For now, access to the Onion Generator does not work, but the message says it will be up and running "shortly".