Darkode, the prolific malware marketplace and hacker forum, has resurfaced just a few weeks after it was shut down in a global law enforcement operation.
Europol announced on 15 June that an operation spearheaded by the FBI and aided by the UK National Crime Agency (NCA) resulted in the seizure of the Darkode website and 28 arrests in 20 countries.
The original version of the site, in operation since 2007, served as a marketplace for botnets, malware and zero-day vulnerabilities. As such the takedown was seen as a major victory for law enforcement agencies.
However, a landing page has appeared suggesting that the website is not only planning a comeback but is taking steps to tighten its security by using the anonymous Tor network.
Darkcode.cc now shows a message from the administrator claiming that, despite the recent arrests, most of the staff and senior members remain in place.
"It appears the raids focused on newly added individuals or people that have been retired from the scene for years," states the defiant message.
"Assume anyone publically claiming to have been a member of the forum is a scammer. Assume anyone you have dealt with that was added to Darkode in the last 6-8 months may have turned informant and act accordingly."
The administrator has indicated a move to Tor, saying that new users will have a unique .onion URL and will have their details authenticated by bitcoin wallet ID using Blockchain API.
"The forum will be back in onion land, it will be invite only, and members we can confirm are still active will be given an invite," states the message.
"We believe full disclosure on how the new forum will function is necessary to allow members to have confidence in its security. Our mission is to cast out any doubts in the setup as well as allow the world to critique the new system."
A UK-based cyber researcher writing on the website MalwareTech first noticed that a former admin of Darkode was making moves to relaunch the website.
"Originally the main admin known as Sp3cial1st had posted a statement on Pastebin declaring that he wanted to wait and see who all of the 70 users arrested were before bringing the forums back," he said.
"About two hours ago he updated his jabber status to advertise darkode.cc, which appears to be a placeholder for the future site.
"Currently we're greeted with a message addressing the raids and containing some information about the new site; however, the page currently leads nowhere and the 'generate onion' button doesn't work."
V3 has contacted the NCA and Europol for comment on the apparent return of Darkode.
Last month, following the dismantling of Darkode by law enforcement, US attorney David Hickton branded the website a "cyber hornets' nest of criminal hackers".
"Of the roughly 800 criminal internet forums worldwide, Darkode represented one of the gravest threats to the integrity of data on computers in the US and around the world, and was the most sophisticated English-speaking forum for criminal computer hackers in the world," he said.
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams