Print Save PDF

About 18 minutes

 The dark web is the wild west of the internet. 

There are no governments or laws limiting what can and cannot be sold. 

There are only codes of conduct amongst the organized crime lords and the subservient dwellers seeking a supply of illegal goods.

It is the place where, for the right price, you could acquire:

— High-quality narcotics, like cocaine and heroin
— A program to access the microphone or camera on your ex's cell anytime you wanted to
— A malicious cyber-attack to take down a corporate competitor
— Humans, since it is a hub for human trafficking
— Lists of stolen credit card numbers, Social Security numbers, and other private information
— Cases of military-grade, automatic weapons and ammunation 
— A hitman to murder your enemy or your rival
— Or even child pornography

Now, imagine sending a virtual drone into the ghettos of the dark web underworld. 

Imagine being able to take a peek at the hidden lair where cybercriminals consort.

Imagine witnessing the creation of the next big malware, botnet, or Dedicated Denial of Service (DDoS) attack to take down the next Target or Home Depot.

Here, we give you a glimpse into the dark, secret shadowland of the internet where browsers like Google, Firefox, and Internet Explorer don’t reach. 

Here, we expose the story behind Darkode, the forbidden site.

We break down the history of how this site came to be, and we explore what it has morphed into over the years.

What Is Darkode?

Darkode is the biggest English-speaking site on the dark web today. It’s like the evil twin of

Run by super-organized crime groups, Darkode is the platform on which the corporate, big-business criminal organizations center their digital economy.

The underground web forums that make up Darkode’s black market are password-protected. 

For more amateur purchases, like a few ounces of cocaine, you have to know someone to get in. 

For higher-stake buys, like contract hits and enough guns to supply a small revolution, you have to have a group of people vouch for you.

And, if you’re looking to sell your latest malicious code or a new cryptolocker cyber-attack invention, then you need a different clearance level. 

To join groups where hackers trade tips and secrets, you must apply with your hacker’s resume that details your hacking exploits.

The bigger the bragging rights, the bigger the reputation, and the more people you are able to have vouch for your skill and trustworthiness, the further you are allowed to enter into this dark world. 

The Darkode Community

The appeal of the Darkode community comes from its exclusivity and apparent protection from government interaction.

It’s a place for programmers and gangsters alike to sell the illegal items they create or steal to those willing to buy.

“Organized” is one of the best ways to describe the Darkode community. 

Like any crime organization, there are the head bosses who accumulate the mass of wealth and drive the big decisions. 

And there are also the young computer-savvy geniuses who operate the day-to-day operations of malicious cybercrime organizations. 

Most people that frequent Darkode are young, male, and in their early 20s.

In this community, you have a few sets of different groups:

— Rippers – This term is dubbed to those who are just there to rip people off. They sell you the goods, yet vanish with your money and leave you without a product. With damaged reputations, these individuals can get banned from the forum, but they still pop up every now and then.

— Script-kiddies – These individuals are lower-level coders that have enough development skill to manipulate code packages sold by more advanced hackers. It is typically an insult to be labeled as this group.

— Botnet Renters – These individuals sell access to groups of computers. These sly hackers hijack computers that are infected with their sneaky codes. These malicious yet typically undetectable codes allow the hacker to access any infected computer that is connected to the internet. In the background, these computers can be fed commands to execute. And, at the ripe price of $10 worth of Bitcoin, you can rent a botnet of a thousand computers to do your bidding.

— Malicious Programmers – These are the mad scientists behind many of the far-spread cyber attacks, like the cryptolocker Gameover Zeus or the 2014 outbreak of Heartbleed. For the right price, you can buy your own malicious programs, a botnet to run it from, and steal from hundreds or thousands of people.

— Hackers – Need someone with specialized hacking skills? You can hire your own hacker for an hourly rate or long-term engagement, if you so desire.

Although there are many different roles to play on Darkode, one thing is certain: the real-life evil-doers are there. And they can be as crafty as a James Bond super-villain. 

Marketing on Darkode

If you are a merchant on Darkode, chances are you want to get the word out about your product.

For those creating malicious software, this means marketing what your bug or virus can do.

Many users do this by loading screenshots and videos of their software in action. Crypto-virus software is an example of a popular program sold on the dark web today. 

The main goal of these attacks is simple enough: Infect user computers and hold all data on the device for ransom. The programming evil geniuses behind their unique crypto-formulas will market how their unique virus blends work.

Creators of malicious software can even conveniently recommend a reasonably-priced botnet starter kit to run their software from. 

Installs of their malicious software, like a cypto-virus, can be bought for around $10 per 1,000 installs.

But, before you can buy on Darkode, you have to know how to access the site. 

The Gateway: How to Access Darkode

To reach Darkode, you need a browser that’s more private than Google, Firefox, or Internet Explorer.

You need a browser that will mask your IP address with clever encryption software.

That encryption software will then routes your IP address to multiple locations around the globe, thus cloaking your location and identity.

Tor is the most popular browser used to access dark web sites, like Darkode. Ironically enough, Tor was created as a U.S. Naval intelligence project. Now, Tor is the epicenter for illegal, anti-government black market trading.


g0d4ather / 

What It’s Like to Shop on Darkode

In terms of user experience, Darkode has every amenity you would expect from an online marketplace.

Just like eBay and Amazon, Darkode lists thousands of products from vendors all over the world.

Each product has a high-res image, a detailed product description, and a price. There’s a shopping cart button. There’s even a review section and clearly noted “Report this Item” button for each product.

That’s because reviews drive every purchase, just like on any other vendor site. Feedback forms drive reputation, and a vendor’s reputation and perceived reliability is everything. As a result, vendors cater to their customers.

To keep customers happy and coming back, sellers offer promotions like:

— Free delivery
— BOGO deals
— Free product samples (like mini packs of cocaine)
— And other incentives

If you’d like to contact your vendor, there is an internal emailing system. All messages are, of course, encrypted to maintain anonymity.

And, just like eBay and Amazon, you browse through the site and look for your desired item of purchase. 

When it comes time to pay, though, you won’t see a link to your PayPal account. A covert purchase requires a currency that is untraceable: Bitcoin. 

How to Pay for Services and Products on Darkode


The crypto-currency Bitcoin is easily exchangeable for real-world currencies. It does not, however, rely on banks to trade, giving it a high degree of anonymity to its users.

To get Bitcoins, you can either wire money to a reputable Bitcoin dealer or use a Bitcoin ATM to make an exchange. Just like any other currency, rates change every minute.

Once you have your Bitcoin and are ready to buy your chosen product, Darkode offers a nifty multi-signature escrow payment plan (explained below). How did this come to be, you ask?

Well, in the beginning stages of Darkode, users recognized a pattern from unscrupulous vendors who were taking Bitcoins, yet disappearing before filling any orders. 

The community, therefore, came up with a money-laundering solution.

Escrow Payment Plans

As a mini form of escrow, a third party vendor on Darkode held the Bitcoin until the buyer, vendor, and site administrator sign off that a transaction is completed.

Once a digital signature is sent from all parties, the Bitcoin will then be released to the vendor.

And, if you’re worried that this would leave a record trail of your Bitcoin spending, then worry no more. 

The Darkode community came up with a solution for that, as well.

Cue the Darkode Tumbling Service.

Darkode Tumbling Service

This service takes hundreds of people’s Bitcoins in a hundred different transactions and stores them all under one address before tumbling them, so no one can be deciphered as a particular buyer.

The right amount is sent to the right vendors, but it is impossible to tell which transactions were paid from which Bitcoin accounts. Now, you can shop worry-free.


How Darkode Started

There are various iterations of the creation story for Darkode.

This one comes from Daniel Placek, a former hacker who was a part of the first group that founded Darkode.

Before the days of Tor and super-encrypted browsers, there were chat rooms on the open internet that users would join to demonstrate skills and talk shop.

Around 2008, a group of advanced hackers decided to form a private room to talk hacking and code. 

They wanted to distance their advanced skills from the “script-kiddies” and other coding posers that lacked true understanding and talent.

To gain access to this elite clubhouse, users required an invite and a password to make an account. 

Initially, Darkode was founded by 25 individuals over the span of a few months. 

Conversations in this chat room covered everything from the projects that members were working on to technologies, security, and botnet programming.

The Search for Anonymity to Attract Buyers

In 2009, governments started cracking down on public online forums where users could patron illegal hacking products and services.

Meanwhile, the users on the elite chat room Darkode were eager to start inviting buyers to turn a profit on their illicit labors. Not wanting to join the many other forums that were getting shut down easily, the group decided to bring in more than programs.

The goal was simple: Divide the site to make it completely private. Then court a larger community of users to join and begin consuming the products up for sale.

The Malicious Bazaar Begins

The elite programmers who started Darkode acted as consultants in the beginning. They guided potential buyers to their creations.

They had sales pitches at the ready. Their presentations came complete with screenshots, videos, offer demonstrations, trial software, and more.

It was in this environment when one of the most popular botnets of the time was born: The Butterfly Botnet.

This botnet is very similar to a zombie virus, as it was install itself on a device and then monitor activity to steal away credit card numbers, SSNs, banking information, and more.

And, since this virus could spread so easily between servers and UBS drives, it allowed even the most novice user to set up a world-wide cybercrime organization.

It is projected that the Butterfly Botnet has infected over 11 million computers and servers, causing over $850 million dollars in damages.

The Slovenian hacker known by the alias “Iserdo” was the creator of this particular botnet. He was arrested in 2010 by authorities for his global cybercrime operations.

But authorities were out for more than a hacker. They were out to take down the site that was quickly growing and producing more malicious software and worse things. 

The Shutdown of Darkode

On July 15, 2015, the FBI announced that they had finally shutdown Darkode

They had finally taken the first big bite out of cyber crime.

Following an 18-month investigation, they managed to arrest and prosecute 28 people. And, like a kicked dog, Darkode stayed down.

Until it appeared again a mere 2 weeks later. 

How to Avoid Being Caught on Darkode

1. Use Encryption Technology. Encryption is key for hackers. 

Using True Crypt disk encryption technology at least makes it more difficult for government agencies to gather data on you. 

Of course, logging out every time you leave your desktop is a major party of keeping your keys protected.

2. Hide Your Paper Trail. An inability to hide a financial trail is how most vendors on Darkode and similar dark web sites get caught. 

You can have all the Bitcoins in the world, but digital currency hasn’t become mainstream, and it doesn’t really come in handy when you’re looking to put a down payment on a house.

Darkode Today

Because of the FBI’s infiltration, Darkode and similar dark web sites are being forced even further underground.

It has become harder to get in. In future months and years, it is predicted to become even more exclusive.

The need for enhanced security and protection has attracted even more advanced developers to help create new levels of anonymity.

And the targets for these groups of hackers is laughable. The FBI can run as many penetration tests as it wants. 

It can put a bounty on bugs, viruses, malware, and all species of malicious programming that stems from Darkode. The fact is, it will do very little.

The reason is because many companies today still use legacy software and systems. End users still use laughably horrible passwords that re-use on every login account.

Hacking in general has become low-hanging fruit.

One thing is certain: Malicious programmers on Darkode and similar sites are always innovating and thinking up ways to become a smarter, more ruthlessly accurate, and more decentralized organization. 

What You Can Buy on Darkode Today

Darkode is a rental market, and a cybercriminal’s dream. It is here where you can find:

— Tens of thousands of Social Security numbers
— Malicious programmers to custom design a virus for you
— Clean IP addresses from which to send SPAM that won't be caught in junk email folders
— Botnets to spy on people's computers
— Stolen credit card numbers
— Software to remotely control someone's mobile phone (camera and microphone)
— A botnet to rent for an hour, month, or longer
— Malware and software of all kinds
— Databases of personal information
— Individuals who can help you impersonate people
— Tools of the hacker trade to create your own malicious program
— Data-collecting botnets
— Hackers to attack an enemy's social media pages
— Drugs
— Illegal weapons

Ways to Stop Your Data from Ending Up on Darkode

Data is in high demand on Darkode and other dark web sites. Even if you want to browse and buy on Darkode, you still don’t want to see your information end up on the product list there.

The best way to prevent you and your company from becoming a victim is to ensure your software is up-to-date. 

This seems like an obvious point, but it’s one of the most over-looked pieces of defense in a security structure.

Software is an ever-expanding field, and traversing through millions of lines of legacy code make it difficult, if not impossible, to audit for security bugs.

Also, to prevent becoming a victim to malicious hackers, you should:

— Update security patches regularly
— Educate yourself and employees on the latest phishing and malware hacks
— Use advanced encryption technology
— Upgrade and update software that is out-of-date
— Use advanced security software, like IBM QRadar

Overall, do what you can to maintain a secure lifestyle to avoid being in a malicious hacker’s next line of attack.

To get more tips on how to protect your personal and company data, download our eBook Hacks of the Past to get tips on how to avoid being the next hacked headline.




Written by IBM BP Network