A wave of bittersweet melancholy has descended on the thousands of phishers, hackers and credit card swindlers inhabiting the computer crime supersite DarkMarket.ws. On Tuesday the site's operator, known as Master Splyntr, announced that he was shuttering the forum, which has hummed along for nearly three years as a premier vehicle of criminal commerce.
"[R]ecent events have proven that even in our best efforts to expel and deactivate the accounts of suspected LE [law enforcement], reporters, and security agents, it is obvious that we haven't been entirely successful," Splyntr wrote in a message on the site.
Chief among those recent events is last week's arrest of Cha0, a Turkish hacker -- and alleged kidnapper -- who served as one of DarkMarket's administrators. Cha0 was known for selling high-quality ATM-skimming hardware that crooks could affix to cash machines to grab debit card swipes and PINs. Turkish police arrested Cha0 on Friday, identifying him as one Cagatay Evyapan.
"It is apparent that this forum … is attracting too much attention from a lot of the world services (agents of FBI, SS, and Interpol)," wrote Splyntr. "I guess it was only time before this would happen. It is very unfortunate that we have come to this situation, because ... we have established DM as the premier English speaking forum for conducting business. Such is life. When you are on top, people try to bring you down."
DarkMarket is the only survivor among the handful of crime forums that emerged to fill the hole left by the Secret Service's "Operation Firewall" in October 2004. In that unprecedented law enforcement crackdown, the agency used an informant to target what was then the top crime site, Shadowcrew.com. Twenty-eight fraudsters were arrested in coordinated raids, and Shadowcrew was shuttered.
Like Shadowcrew and earlier sites, DarkMarket lets buyers and sellers of stolen identities and credit card data meet and do business, in an entrepreneurial, peer-reviewed environment. Products for sale run the gambit from specialized hardware, to electronic banking logins collected from phishing attacks, stolen personal data needed to assume a consumer's identity ("full infos") and credit card magstripe swipes ("dumps), which are used to produce counterfeit cards. Vendors are encouraged to submit their goods for review before offering them for sale.
Dejected denizens of the forum absorbed Tuesday's news with disappointment. "I was waiting for this, the worst news of them all," wrote a poster called Ms. Gold. "I don't really know what to say nor am I in your shoes to give a real view. There must be another solution to the problem. Do we just let them win?"
"Now it would be too difficult to conduct business," wrote Iceburg. "Darkmarket was our bridge to business and if that bridge is broken than business is broken ... Long live carding and cashing. Short live all the RATS and FBI and all stupid secret agencies who are not just ruining our lives and families but they are destroying everything we left behind!"
DarkMarket has enjoyed a solid reputation among users for effectively weeding out "rippers" who steal from other crooks. But the site has not been without controversy in the underground. In 2006, "Iceman," the owner of a competing site -- who's since been identified as longtime hacker and security expert Max Ray Butler -- managed to crack DarkMarket's server. He later announced that he'd found evidence in the site's logs that DarkMarket was a sting operation, and that Master Splyntr was working for the FBI. The warning was generally dismissed as inter-forum rivalry. Butler was arrested last year on hacking and credit card fraud charges, and DarkMarket is more popular than ever.
The site is scheduled to cease operation on Oct. 4. Lord Cyric, an administrator on the site, resists the suggestion that DarkMarket's sunset marks the end of an era.
"That's what is said about every big board that closes," Cyric wrote in an IM interview. "That is, until the next one."
By Kevin Poulsen