50 Shades Darkode: The Newest Prosecution for an International Cyber Crime Ring

By Ashley Berger

Where crime is an age-old part of society, cyber crime is a relatively new concept that dictates a different viewing on traditional laws for criminal activity.  Hacking is a concept that intertwines with the Internet, and hackers have been utilizing the web to commit a variety of different crimes, such as hacking, data theft and violation of various protective statutes.  The problem with the anonymity of the Internet is that it is difficult to catch cyber criminals because it is easy for them to evade law enforcement from behind a screen.

In addition to cyber stalking and cyber espionage, a new type of cyber crime that has emerged is trading malware and botnets and hacking.  One of the most notable websites for these kinds of activities was called “Darkode.”  It is estimated that between 250-300 members utilized this site to share and trade codes as well as to buy and sell personally identifiable information.  Among the distinguishing features of the Darkode forum was its international presence and exclusivity, as recruits had to be invited in by a member who can vouch for their skills and expertise.

Nearly a decade old, Darkode was a playground for hackers – buying, selling and trading malicious codes.  According to law enforcement officials, Darkode posed one of the largest threats to the United States data integrity in cyber space because the tools that were used to intrude on people’s private computers and cell phones.  Additionally, Darkode had been dubbed one of the most impenetrable sites for this type of activity because it was extremely difficult for law enforcement to find a way into the site to catch the perpetrators.

The password-protected site was a haven for those with such skills and motivations to use them for criminal activity until July 2015, when a group of law enforcement officials from nearly twenty countries were able to target and bring down the main group of hackers.  The coordinated efforts of various agencies, organizations and nations made this a unique case in that it was the first time any law enforcement body was able to halt this type of cyber-crime. Most notably, it was the first time efforts of a number of law enforcement bodies were able to successfully combine to end the activity. The Department of Justice has filed suit against certain members in the various district courts in the United States and other nations have filed similar suits against other members in their own countries. The participating countries that helped take down the ring included Australia, Brazil, Canada, Colombia, Sweden and the United Kingdom, among many others comprising the largest cooperative international law enforcement sting.

The charges for those involved included a slew of criminal activities including conspiracy to commit computer fraud, conspiracy to commit wire fraud, conspiracy to commit money laundering, identity theft, racketeering, extortion, and fraud, and the eventual sentences for those charged were surprising.  Of the twelve individuals charged in the Darkode scandal in the United States, only one has been sentenced to jail time. As of early February, now three of the others who were formally charged in connection with Darkode were sentenced to some sort of probationary period.  Phillip Fleitz was sentenced to twenty-seven months in federal prison in early 2016 for violating the CAN-SPAM Act, which established standards for sending commercial e-mails and required the Federal Trade Commission to enforce these standards.

Another one of the individuals charged, Naveed Ahmed, had a recommended jail sentence of two years, but in a surprising decision, a judge only imposed a probation period on Ahmed.  The probation appeared to be part of a trade-off that stipulated Naveed would help law enforcement scan for other types of computer crimes. DeWayne DeWatts of Florida was sentenced to a two-year probation period and six months home confinement for his violation of the CAN-SPAM Act.

Most recently, in February 2017, the youngest and allegedly one of the most dangerous of the Darkode hackers was sentenced.  The college student from Pittsburgh, Morgan Culbertson, is only twenty years old and is responsible for building a form of malware that allowed hackers to remotely infect, control and steal data from Android devices.  The malware “hid” itself in downloaded applications for the phone by “binding” itself to the applications but not affecting how they performed.  Culberston was sentenced in a district court in Pennsylvania to three years probation, computer monitoring and community service.

While Darkode marked the first real take down by law enforcement across the world (and it likely will not be the last), the sentencing in the United States is also the first true example of how sentencing for these relatively new crimes will be handled.  Where the crimes do not necessarily have a parallel in the physical world, it seems that the sentences may not be as long or burdensome as other traditional crimes, but still serves as a starting point to determine the most effective method of punishment for these types of crimes in the future.

 

Student Bio: Ashley Berger is a staff member of the Journal of High Technology Law.  She is currently a 2L at Suffolk University Law School.  Ashley holds a Bachelor of Arts in both Legal Studies and History from the University of Massachusetts Amherst.

Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.

Print Friendly, PDF & Email