Johan Gudmunds / Mafi
|Image from ArrestTracker|
The main administrator of Darkode is Johan Anders Gudmunds. Gudmunds used three hacker aliases: Mafi, Crim, and Synthet!c. According to DOJ, he resides in Sweden. According to the indictment "From around September 2008 until about January 23, 2015" Gudmuns "knowingly and willfully did aid and abet and conspire, combine, confederate and agree together with other persons" ... "to commit offenses against the United States" including:
- intentionally accessing a computer without authorization and exceeding authorized access to a protected computer, committing the offense for purposes of commercial advantage and private financial gain in furtherance of a criminal and tortious act in violation of the Constituion and the laws of the United States to obtain a thing of value exceeding $5,000 -- 18 USC Sections 1030(a)(2)(C) and (c)(2)(B)(i)-(iii).
- knowingly and with intent to defraud accessed a protected computer and by means of such conduct intended to commit fraud or obtain something of value -- 18 USC Section 1030(a)(4) and (c)(3)(A)
- knowingly caused the transmission of a program, information, code, and commands that as a result of such conduct intentionally caused damage affecting 10 or more protected computers during a 1-year period -- 18 USC Sections 1030(a)(5)(A) and (c)(4)(B).
- knowingly and with intent to defraud trafficked in passwords and similar information through which a computer may be accessed without authorization affecting interstate and foreign commerce -- 18 USC Sections 1030(a)(6)(A) and (c)(2)(A).
Some of Gudmunds online ids included the jabber account "firstname.lastname@example.org" and the email account "email@example.com". He began using the Synthet!c alias in January 2012.
Daniel Placek / LokiAccording to the Gudmunds indictment, the original Darkode.com forum was created by "Iserdo" and "nocen / Loki". We know from the charges against Daniel Placek of Glendale, Wisconsin, that he was the one who used the aliases Nocen, Loki, Juggernaut, and M1rro0r.
Loki's charges say that "in or about June 2008, Daniel Placek and Martjaz Skorjanc (AKA Iserdo) created the Internet forum with the domain darkode.com with the intention of bringing together computer hackers and other criminals to facilitate the production and sharing of malicious software, and later led to forum discussion about the creation and dissemination of botnets and the sending of spam." Placek was an administrator on the forum, and in January 5, 2010, agreed to sell malware that he designed for harvesting network traffic for email addresses and passwords to a user named Dethan.78 for $500. Dehtan.78 was an FBI agent. Oops!
When Placek's computer was raided, all the way back in 2010, it was found to contain 74,190 credit card numbers and 297 bank account numbers. In his guilty plea on July 31, 2015, Placek agreed to plea to one charge in exchange for prosecutors agreeing to seek a sentence of "six to twelve months". This agreement carefully considered the fact that Placek has provided full cooperation regarding law enforcement queries and access to Darkode FOR MORE THAN FIVE YEARS!
From all reports, Placek has left his black hat ways behind him and has not participated in crime since his 2010 activities. He has been working as a network engineer for a company named Swick Technologies, and neither law enforcement nor his employer has had any reason to doubt that he is reformed. (More from this article: Placek to plead guilty for role in creating Darkode hacker marketplace )
Eric Croker AKA PhastmanEric L. Crocker, a 39-year old resident of New York, (some sources say 29) was the first to plea guilty from the charges that came out of the Darkode forum seizure. His primary plea is that he violated the CAN-SPAM ACT. Phastman's primary activity that he is charged with is the creation of a hacking tool called the Facebook Spreader. Although he is only directly charged for breaking into "at least 77,000 computers" and his indictment indicates he sold access to computers his botnets controlled for $200 to $300 per 10,000 (2 to 3 cents per machine) some news sources are reporting that his hacking earned Crocker "upwards of $21 Million."
Phillip Fleitz, AKA Strife
|Phillip Fleitz photo from ArrestTracker|
- Naveed Ahmed (AKA "Nav" AKA "Semaph0re")
- Phillip R. Fleitz (AKA "Strife")
- Dewayne Watts (AKA "m3t4lh34d" AKA "metal"
- "Congratulations, your 4th place code is H7G0 - BestBuyVouchers.com"
- "Congratulations! You've finished Fifth! Your code is: WM154 - FreeBestBuyCards.net"
- "Your entry placed 8 out of 10! Claim the prize with this Code: U0V2 - BBCodeTexts.net"
Still to ComeThe people who are still named by the Department of Justice, but have not yet plead guilty are:
- Johan Anders Gudmunds - see above
- Morgan C Culbertson - the "FireEye Intern" / Carnegie Mellon student
- Naveed Ahmed -
- Dewayne Watts - M3t4lh34d / metal
- Murtaza Saifuddin
- Matjaz Skorjanc - rzor from Pakistan
- Florencio Carro Ruiz - NetK, Netkairo from Spain
- Mentor Leniqi - Iceman from Slovenia
- Rory Stephen Guidry - selling botnets, firstname.lastname@example.org
If any more guilty pleas come through, we'll try to update this page!
By the way, much praise to a site I was not previously familiar with called "Arrest Tracker" from the people that run CyberWarNews.info. His page "Mass Arrest #24" here has a great summary of what's going on with Darkode, but I know many of my readers will be interested in regularly following the regular updates from his page!