Investigators shut down an online marketplace where cybercriminals bought and sold hacked databases, malicious software and other products that could cripple or steal information from computer systems, the Justice Department announced Wednesday.

More than 70 cybercriminals in the United States and 19 other countries are targets of the investigation, authorities said. Some of them have been charged, while others were the subject of search warrants because some countries require evidence to be seized before criminal charges can be filed, investigators said.

U.S. Attorney David Hickton and other federal investigators revealed the 18-month undercover inquiry in Pittsburgh. The city is home to a large FBI cybercriminal squad and the National Cyber-Forensics & Training Alliance — a public-private nonprofit that aims to defeat cybercriminals.

The site, called Darkode, was the largest-known English-language malware forum in the world, authorities said.


On the forum, hackers sold malware or solicited others to install it on unsuspecting victims’ computers, investigators said. Marketplace members also bought and sold stolen databases — some containing millions of people’s email addresses or personal information — often used in identity-theft and computer fraud schemes.

The site, which had roughly 250 to 300 active members, was seized and shut down by authorities Tuesday as most of the arrests were being made and search warrants were being executed.

Hackers couldn’t just log onto the site. They had to be vouched for or nominated by current members to be able to buy, sell or solicit illegal wares or services on the site, authorities said.

Some of the targets were responsible for hacking into Sony’s PlayStation Network and Microsoft’s Xbox Live services last year around Christmas, authorities said.


British authorities in January arrested an 18-year-old man for computer hacking offenses related to the disruptions but hadn’t released his name. The South East Organized Crime Unit said then it had worked with the FBI.

But other threats and information marketed through Darkode have far more sinister implications.

The advertised products included personal information from customers who participated in an automobile auction, personal information of 39,000 people from a database of Social Security numbers and 20 million emails and usernames that could be used to target people for identity theft, phishing emails or other schemes.

The programs for sale included “ransomware,” a virus that can lock a computer or network until a ransom is paid to the hacker who installed it.


Those arrested or searched live in the United States, United Kingdom, Australia, Bosniz-Herzegovina, Brazil, Canada, Colombia, Costa Rica, Croatia, Cyprus, Denmark, Finland, Germany, Israel, Latvia, Macedonia, Nigeria, Romania, Serbia and Sweden. There are victims in all of those countries, and others, authorities said.