FBI Sends Hacker, Who Helped Them Bust Hacker Market, Behind Bars

Last week, as part of coordinated law enforcement efforts in 20 countries, FBI agents in Pittsburgh led the largest global effort to date to take down Darkode – an online, password-protected forum in which hackers and other cyber-criminals convened to buy, sell, trade and share information, ideas, and tools to facilitate unlawful intrusions on others’ computers and electronic devices. Through Operation Shrouded Horizon, more than 70 people were arrested around the world; David Hickton, the US Attorney for Western Pennsylvania, said that criminal charges were filed against 12 Americans associated with the illegal computer hacking forum.
28-year-old Rory Stephen Guidry, a Louisiana man, was one of the 12 alleged cybercriminals arrested in the raid. He was charged with computer fraud and selling botnets—large collections of computers taken over by malware that give the botnet operator complete control over them—on Darkode, which the investigators said was the largest-known English language malware forum in the world until the FBI got a court order to shut it down.
However, according to a hacker with direct knowledge of the investigation, Guidry was working with the FBI as a paid informant and helped the FBI bust Darkode.
The hacker and Guidry, who served as informants for the US government in earlier investigations, were first approached by the FBI about gaining administrative access to Darkode in 2013. Before becoming a member of Darkode, federal officials said prospective members were allegedly vetted through a process in which an existing member invited a prospective member to the forum. The prospective member would then be required to present the skills or products that he or she could bring to the group to infect and control computers and electronic devices.
J. Keith Mularski, the FBI’s supervisory special agent for cyber-crime in the Pittsburgh office, told reporters that Operation Shrouded Horizon started about 18 months ago when investigators in Pittsburgh brought a case against a group of criminals writing malware to infect computers. Agents developed a ‘source’ inside the ring and leveraged that contact to start an undercover operation aimed at Darkode. They were able to become Darkode members by posing as criminals and acquiring illicit goods.
Guidry stole Lizard Squad’s botnet, the one used to bring down Xbox Live and the Playstation Network on Christmas Day in 2014, and posted it on Darkode. Guidry’s supply of the stolen botnet code played a key role in gaining the community’s trust. However, the FBI sent him behind bars “for utilizing his botnet to infect malware on systems for malicious activities and to allow infected systems of other hackers to connect to his botnet to obtain updates of malware for malicious activities.”