14 DAY TRIAL // The long-awaited resurrection of the Darkode underground hacking forum seems to have turned into a total fiasco, with the forum lacking proper security measures, and with very few hackers actually registering on the forum itself.
Darkode has been an impenetrable fortress for many years, but security researchers and law enforcement finally found a way in, and took it down at the start of July, after an international raid in over 20 countries that resulted in the arrest of 28 suspects.
Ten days later, the forum's admin, Sp3cial1st, announced Darkcode's rebirth, with an enhanced focus on a slew of security measures. As Damballa, a security company, reports, things didn't turn out as expected.
New Darkode is accessible without TOR
Damballa's staff revisited Darkcode five months after Sp3cial1st's announcement and found the forum to be very poorly designed, lacking some of the most basic security and privacy settings.
According to Damballa's discoveries, the forum, which was supposed to be running on the Tor network alone, can also be accessed via a normal URL, meaning anyone can access it via their regular browser, without any anonymity.
Additionally, the forum also lists its search page, allowing anyone to discover topics and discussions on the forum. Its members list is also freely available to unregistered users. Compared to the previous version of the forum that had between 200 and 300 active hackers, the new version of the forum only lists 31 members and one applicant.
Many ports left open, such as 22, 25, 80, and other
Things take a turn for the worst for Darkcode's security because its Jabber service admin login page is left exposed, along with eight other important ports such as SSH, SMTP, HTTP, Jetty (Web server), and OpenFire (Jabber client).
The Jabber client used for Darkcode is OpenFire 3.10.2, for which various known security vulnerabilities exist.
Furthermore, the Jabber service's domain (darkcode.club) is registered without identity protection and links to a person named "Sven," a nickname connected to a member of the old Darkode board.
Overall, the current Darkode forum looks like a failed project, abandoned by its own community. The forum's administrators may have ceased work on the forum a few months ago and moved to other projects, or the current version of the forum is a blatant honeypot set up by law enforcement agencies with the intention of catching other cyber-crooks that were careless enough to register without checking its security and privacy capabilities.
