Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Feds Charge Four in New Darkode Case

All Four Charged With Racketeering Conspiracy
Feds Charge Four in New Darkode Case

Federal prosecutors have indicted four people, including one U.S. citizen, on racketeering and other charges for their role in developing and distributing malware through Darkode, a notorious online forum for hackers that international law enforcement closed four years ago.

See Also: Webinar | Everything You Can Do to Fight Social Engineering and Phishing

All four are charged with racketeering conspiracy and conspiracy to commit wire fraud and bank fraud, according to the U.S. Attorney's Office for the District of Columbia, which is overseeing the case.

The indictment was filed under seal on December 4, 2018, and unsealed on Wednesday this week. One person in the case, Thomas McCormick, 26, of Washington State, who also went by the name "fubar," has already been arrested by the FBI and remains in custody, according to the charging document in the case.

The three other indicted suspects in the case, Matjaz Skorjanc, 32, of Slovenia; Florencio Carro Ruiz, 40, of Spain; and Mentor Leniqi, 35, of Slovenia remain at large, according to court documents.

In addition to the new charges announced this week, prosecutors believe that Skorjanc, who also went by the names "iserdo" and "serdo," helped organize the original Darkode. Skorjanc is also suspected of selling malware known as the ButterFly bot, which was used to build the Mariposa botnet, which Spanish police dismantled in 2009.

Darkode Goes Dark

In July 2015, the FBI, along with Europol and its European Cyber Crime Center, shuttered Darkode, a notorious dark net site that specialized in the buying and selling of malware, zero-day exploits and access to compromised servers (see: Police Shutter Darkode Cybercrime Forum).

In addition to the buying and selling of malware and other hacking tools, Darkode functioned as a collective with 250 to 300 active members. Those members aimed to recruit new members who could enrich the forum with new skills or software that would allow the group to infect an ever-expanding number of PCs with malware, and then use them for criminal purposes, according to law enforcement.

"Darkode members allegedly used each other's skills and products to infect computers and electronic devices of victims around the world with malware and, thereby gain access to, and control over, those devices," according to the new court papers filed this week.

At the time of the police operation that brought Darkode down in 2015, law enforcement either searched, charged or arrested 70 different people worldwide as part of that case.

Although federal prosecutors believe that the four suspects indicted this week belonged to the Darkode collective, it's not clear why the charges against them were filed nearly four years after the site shut down. A spokesperson for the U.S. Attorney's Office did not return a call seeking additional comment.

If convicted of racketeering conspiracy, the suspects in this case could face a maximum of 20 years in federal prison. The maximum sentence for wire fraud and bank fraud is 30 years in federal prison, according to the U.S. Attorney's Office.

In addition to the other charges, McCormick was indicted on five counts of aggravated identity theft, according to the charging papers unsealed this week.

A Revived Darkode

While law enforcement closed the original Darkode site in 2015, there have been several attempts to revive the collective under new leadership over the past four years (see: Darkode Reboot: All Bark, No Bite?).

In April of this year, Forbes published a story that the forum is now back, including a new Twitter account, and is collecting new exploits to sell and share.

One the hackers involved in the new Darkode site told Forbes that Skorjanc has handed the leadership of the collective to another person to act as administrator. There about 1,000 people active on the site in any given week, according to the story.

About the Author

Scott Ferguson

Scott Ferguson

Former Managing Editor, GovInfoSecurity, ISMG

Ferguson was the managing editor for the media website at Information Security Media Group. Before joining ISMG, he was editor-in-chief at eWEEK and director of audience development for InformationWeek. He's also written and edited for Light Reading, Security Now, Enterprise Cloud News, TU-Automotive, Dice Insights and

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.