Pittsburgh Officials Announce Shut Down Of Large Cybercrime Network
AUDIE CORNISH, HOST:
There is an Internet that most of us never see. It's called the Dark Web. It's where you'll find hackers, gangsters, terrorists, pedophiles. Today, law enforcement officials in Pittsburgh announced that they, in a major international effort, shut down a tiny corner of that illegal part of the Internet. And around the world, dozens of people linked to a cybercrime marketplace called Darkode have been arrested. NPR's Dina Temple-Raston explains.
DINA TEMPLE-RASTON, BYLINE: You could be excused if you've never heard of Darkode. It's considered the largest, most sophisticated English-language criminal marketplace in the world, and hackers go there when they need the latest malware or spam program. Want to steal information from hundreds of Android phones? A member of Darkode was selling a program that does that for $65,000. Looking for a virus that can lock a computer or a network until the victim pays you a ransom? Darkode has that too.
DAVID HICKTON: What Darkode was was the cyber clubhouse where all of these sophisticated hackers and coders could come together in secrecy and trade their wares.
TEMPLE-RASTON: That's Pittsburgh's U.S. attorney, David Hickton, and he announced today that the Justice Department, working with nearly two dozen other countries, had identified more than 70 individuals linked to Darkode. Twenty-eight of them have already been arrested.
HICKTON: And if you go on Darkode today, you'll see a splash board that indicates that it has been taken down by the FBI here in Pittsburgh and the U.S. Attorney's office here.
TEMPLE-RASTON: Darkode has been around since 2008, and it was thought to have several hundred members. It actually has an admissions process. Officials say you need to be recommended by someone else already in the group and then apply with a hacking resume that indicates you have skills to offer the enterprise. Again, U.S. Attorney Hickton.
HICKTON: There have been a lot of high-profile cybercrime cases like SpyEye and ZeuS and others where the hackers who were involved in those enterprises were connected to Darkode.
TEMPLE-RASTON: SpyEye infected more than 1.4 million computers and allowed users to steal online banking credentials, credit card information and passwords. ZeuS was a malware program that had been used to steal hundreds of millions of dollars from bank accounts in the U.S. and Europe.
MARC GOODMAN: As I was reading through the case in the news, it kind of reminded me of the narco bust.
TEMPLE-RASTON: Marc Goodman is the author of "Future Crimes," a book that maps out almost any cybercrime you can think of. He's a cyber-security consultant for both law enforcement and corporations.
GOODMAN: What we did today is we played a game of whac-a-mole, and we hit a really, really big mole.
TEMPLE-RASTON: A number of indictments were unsealed today. Among them, a 20-year-old Pittsburgh man who allegedly went by the name Android. He's accused of designing malware that could access, control and steal information from Google Android cell phones. For $300 a month, members of Darkode could subscribe to a service that would not only give them information stolen from the phone, but would also allow them to take photos remotely without the owner's knowledge. Another case - Eric Crocker from Binghamton, N.Y. He's charged with using something called a Facebook Spreader. It allowed him to take over a Facebook user's computer and then use it to send out massive amounts of spam. Goodman says that most of the hacking events that have happened recently, from Sony to Target to Anthem Blue Cross, were done with hacking toolkits that could have been purchased on market sites like Darkode.
GOODMAN: The cyber tools that are out there in these types of marketplaces are quite good.
TEMPLE-RASTON: Hickton said the Darkode investigation is continuing, and he expects more arrests and indictments around the world in the coming weeks. Dina Temple-Raston, NPR News.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.