Thursday, July 16, 2015

DOJ Cyber Security Takes Down Darkode Hacker's Website

The Department of Justice's Cyber Security division launched a 20 country coordinated takedown of the hacking website/forum Darkode, codename Shrouded Horizon. About 70 of its members have been identified and many arrested across the world, including 12 from America. Darkode has been a marketplace to purchase and trade hacking tools since at least 2008. It's considered the largest, most sophisticated English-language criminal marketplace in the world, and hackers go there when they need the latest malware, spam programs, and access to botnets and 0-day vulnerabilities.

Want to steal information from hundreds of Android phones? A member of Darkode was selling a program that does that for $65,000. Looking for a virus that can lock a computer or a network until the victim pays you a ransom? Darkode has that too. Darkode was the cyber clubhouse where all of these sophisticated hackers and coders could come together in secrecy and trade their wares.
Investigators say that while the forum's existence was widely known, they hadn't been able to penetrate it until recently. Darkode operated under password protections and required referrals to join.

Now however, if you go on, you'll see a splash board that indicates that it has been taken down by the FBI here in Pittsburgh and the U.S. Attorney's office.

Here are the defendants who are facing charges in the U.S., from the Justice Department news release:

  • Johan Anders Gudmunds, aka Mafi aka Crim aka Synthet!c, 27, of Sollebrunn, Sweden, is charged by indictment with conspiracy to commit computer fraud, conspiracy to commit wire fraud, and conspiracy to commit money laundering. He is accused of serving as the administrator of Darkode, and creating and selling malware that allowed hackers to create botnets. Gudmunds also allegedly operated his own botnet, which at times consisted of more than 50,000 computers, and used his botnet to steal data from the users of those computers on approximately 200,000,000 occasions.
  • Morgan C. Culbertson, aka Android, 20, of Pittsburgh, is charged by criminal information with conspiring to send malicious code. He is accused of designing Dendroid, a coded malware intended to remotely access, control, and steal data from Google Android cellphones. The malware was allegedly offered for sale on Darkode.
  • Eric L. Crocker, aka Phastman, 39, of Binghamton, N.Y., is charged by criminal information with sending spam. He is accused of being involved in a scheme involving the use of a Facebook Spreader that infected Facebook users' computers, turning them into bots that Crocker controlled through the use of command and control servers. Crocker sold the use of this botnet to others for the purpose of sending out massive amounts of spam.
  • Naveed Ahmed, aka Nav aka semaph0re, 27, of Tampa, Fla.; Phillip R. Fleitz, aka Strife, 31, of Indianapolis; and Dewayne Watts, aka m3t4lh34d aka metal, 28, of Hernando, Fla., are each charged by criminal information with conspiring to send spam. They are accused of participating in a sophisticated scheme to maintain a spam botnet that utilized bulletproof servers in China to exploit vulnerable routers in third world countries, and that sent millions of electronic mail messages designed to defeat the spam filters of cellular phone providers.
  • Murtaza Saifuddin, aka rzor, 29, of Karachi, Sindh, Pakistan, is charged in an indictment with identity theft. Saifuddin is accused of attempting to transfer credit card numbers to others on Darkode.
  • Daniel Placek, aka Nocen aka Loki aka Juggernaut aka M1rr0r, 27, of Glendale, Wis., is charged by criminal information with conspiracy to commit computer fraud. He is accused of creating the Darkode forum, and selling malware on Darkode designed to surreptitiously intercept and collect email addresses and passwords from network communications.
  • Matjaz Skorjanc, aka iserdo aka serdo, 28, of Maribor, Slovenia; Florencio Carro Ruiz, aka NeTK aka Netkairo, 36, of Vizcaya, Spain; and Mentor Leniqi, aka Iceman, 34, of Gurisnica, Slovenia, are each charged in a criminal complaint with racketeering conspiracy; conspiracy to commit wire fraud and bank fraud; conspiracy to commit computer fraud, access device fraud, and extortion; and substantive computer fraud. Skorjanc also is accused of conspiring to organize the Darkode forum and of selling malware known as the ButterFly bot.
  • Rory Stephen Guidry, aka, of Opelousas, La., is charged with computer fraud. He is accused of selling botnets on Darkode.
  • In a related case, Aleksandr Andreevich Panin, aka Gribodemon, 26, of Tver, Russia; and Hamza Bendelladj, aka Bx1, 27, of Tizi Ouzou, Algeria, pleaded guilty on Jan. 28, 2014, and June 26, 2015, respectively, in the Northern District of Georgia in connection with developing, distributing and controlling SpyEye, a malicious banking trojan designed to steal unsuspecting victims' financial and personally identifiable information. Bendelladj and Panin advertised SpyEye to other members on Darkode. One of the servers used by Bendelladj to control SpyEye contained evidence of malware that was designed to steal information from approximately 253 unique financial institutions around the world. Panin and Bendelladj will be sentenced at a later date.
Here are some screenshots of what Darkode used to look like before it was taken offline: Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot Screenshot

Here are some screenshots of some of the files from the Hacking Team's data breach (the torrent is currently available at

Hacking Team Data Dump Files

Hacking Team Data Dump Files

Hacking Team Data Dump Files

Hacking Team Data Dump Files

Wednesday, July 8, 2015

Install Tor Browser Bundle in Kali Linux

This video covers installing the Tor Browser Bundle v3.6+ (older versions work too, there is just an extra step with the new version,) on Kali Linux. There are 2 errors you will run into when trying to install it, and I cover how to easily fix them.

Why does the Tor Browser Bundle (TBB) give us this running as root error? In any operating system, you want as to have as few processes as possible running at root (or any privilege above their requirements,) especially user processes like TBB or a textpad, games etc. This greatly reduces the ability for a hacker to exploit a flaw in the service and gain root access to your machine. A web browser is more prone to attacks overall because it runs unknown code from anywhere (JavaScript, malicious HTML, ActiveX, Java, PDF exploits, favicon, and many MANY more,) so it is best to avoid running any browser as root if possible!

Despite the Firefox and TBB developers' best efforts, it is possible that there may be vulnerabilities in TBB, and since there is no actual need for it to be run as root and the good people at Tor are concerned for one's safety, they add the warning/error. It is simple to create a non-root account on Kali and install it fine from there, but most people don't need/want to. If you are concerned about the items I mentioned, I'd recommend doing that, and just remember to use `sudo` to run any apps in Kali as root from your non root account.

To extract Tor:
tar -xvf tor-browser-linux64-3.6.1_en-US.tar.xz

To fix the second problem, change to the directory where the Tor files are, then type:
chown -R root *

If you like my videos, please subscribe to me on YouTube:

Follow me on Twitter, @gFogerlie and Google+

If you have a video request you can let me know in the comments here or on my channel:

Kali Linux v2.0 - Kali Sana New Look and Lots of New Features

Kali Linux 2.0 pre-release video showcasing some of the new features and new user interface. New features include GNOME 3, built in screen capture, redesigned menus and tool categories, native Ruby 2.0, and updated wifi tools. Release date set to 11th of August, 2015.

Follow me on Twitter, @gFogerlie and Google+

If you like my videos, please subscribe to me on YouTube:

If you have a video request you can let me know in the comments here or on my channel: