An Origin Story: Darkode

For years, the largest English-language dark web market in the world was a site called Darkode. It sold pre-packaged hacking kits and leased huge armies of zombie computers, known as botnets. One of its founders was a young guy from Kentucky named Ryan Green. Dina Temple-Raston, host of the new Click Here podcast and senior correspondent at The Record, talked to Green about Darkode’s origins and the important role dark web marketplaces continue to play in cybercrime. The interview was edited for clarity.

Dina Temple-Raston: You grew up in Smithland, Kentucky where, I think we can safely say, at the time there weren’t a lot of computers or computer classes. So how did you get into all this?

RYAN GREEN: My introduction to computers, I remember my grandfather, he was a very smart man and he ended up coming and moving next-door to us. He bought this old computer, it was a Commodore 64, and we were interested in the software side of it and how everything worked. I remember learning BASIC and then I learned QBasic and we went down that path. Before I knew it, I was mimicking the little video games that run on cell phones like the snake game and things like that.

DTR: And you just took to it right away.

RG: Yes, yes. Very much. I guess it was probably unnatural how much I took to it, which, you know, video games, all of that kind of thing. I was always super interested in it because as a child that was cutting-edge technology. So who wouldn't be interested in that? You have your naysayers, especially in the area that I was from, because it was so, you know, country and backwoods. So, it was like, ‘Oh, we'll never need a computer.’ But my grandfather, when he got our first computer, he would set goals for me [on the computer] and say, like, ‘Okay, I want you to be able to do this.’ And then I would — I would just be obsessed with it until I could do it.

DTR: Do you remember your first real hack?

RG: (Laughs) Report cards had just gone digital. Back then, we still got a paper report card, and it made the transition to digital. All these parents had no idea how to work a computer at that point. So most of the parents had their kids bring up the report card because they didn't know how to do it. So I made a clone website of the school that looked like a portal to be able to log in and look at grades.

And I would charge the kids so much money to use my portal, to show their parents their grades. And I’d give them all A's or whatever they wanted. Some of them just wanted to be realistic and get C’s and B’s, you know. (Laughs) 

DTR: And then what happened?

RG: I found IRCs [Internet Relay Chats] and I learned that you could get on these chats and you could find movies to download and different things. I don't even know how I found it. Like probably hours of digging. It was like a chat room, but it's a different kind of chat and there are like hundreds of servers that you could go into. But then some of the servers were private. You could make your own server, which I eventually ended up doing. 

Once you joined the server, then you’d have hashtags and those were called channels, and then inside the channels all the users have permissions. So you have your admins, your moderators – you could get different levels.

So I found a channel with first-run movies and it was so rudimentary. You would join these chat rooms and there would be bots and the bots would advertise what they had to serve and it would have like four or five slots, and then you would message the channel with the slot number and the bot name, and it would automatically start sending it to you.

I had a gold mine, you know. So then I start digging deeper and deeper and deeper and I find out that there are groups of people that race to release these movies, they're competing against each other. It's a game. Who's the best? Who's the best group? And I was like, well, this is child's play. I can do this. 

A couple of people that I met decided to start our own channel and I called it WAREZTOGO, like the term software. It was all about competing against the other channels. So we started doing pretty good. And this sounds terrible, but I was like, we gotta figure out how to get more servers.

DTR: So are you selling all these ‘warez?

RG: No, it's just for free. Just for free.

DTR: Just for bragging rights?

RG: Yeah. Just for bragging rights. And so I'm like, we got to figure out how to get more people to join our cause. So I, once again, went in and I took an FTP client and I rewrote an FTP client that was able to run undetectable on somebody's computer. I wanted to keep the payload light. So it was as light as it could be. 

DTR: And just so you'd have a little piece of their computer, not the whole thing?

RG: Yes. The ‘wares that we were downloading or the ‘wares that we were promoting on our channel, let's just say Adobe Photoshop and stuff like that.

I was then bundling the executable inside another executable, so when somebody installed the programs it would infect their computer with my bot. So I was, in theory, infecting everyone that was downloaded from the channel. 

DTR: And this is before everybody was suspicious about downloading?

RG: Yes. This was way before that. So nobody had a clue, you know, nobody even ran anti-virus — it wasn't even a thing. And so then we started growing drastically, but the problem with it is you had so many s*** connections at the end of the day. So, you know, for every 20 people you infected, you might get like one or two who weren't using.

So then you had to figure out how to name all your bots and organize them, and what you're going to host on them, whether it was a whole movie or whether it was a five megabyte application. The thing that everybody is scared of now is the key-gens for software, and I'm part of the reason why everybody's scared of that.

DTR: Explain key-gens…

RG: Let's say you download Adobe and install it. And it asks for your product key that is on the package. And normally you would turn your box over, type the product key and, well, for people like me,  would have a generator that would generate product keys for you.

DTR: So you didn't have to actually buy the software?

RG: No. That was not a Ryan Green invention. That was somebody else’s invention that Ryan Green rewrote and put his payload in with it.

DTR: So you’re doing all this, building video games, spoofing the high school website, downloading movies, creating botnets. Did everybody know you had this secret hacker life? 

RG: My parents probably had an idea. I was doing stuff my dad thought was awesome. Getting the [first-run] movies and everything. He'd be like, oh, is it downloaded yet? When can we watch it? And I'd always hear from my mom: ‘You better not be doing illegal stuff.’ Like, I think she knew I was doing illegal stuff, but was hoping I wasn't. 

DTR: So you were working on lots of different things that young hackers were doing back then. Reverse engineering viruses, downloading movies, but was there one thing that led you to Darkode?

RG: One particular guy had a program we called butterfly bot and it turned out to be huge. It was a holding protocol that we all worked on. It was unlike anything, any other botnet on the internet at that point. He wanted to start this forum for [tech] support for the butterfly bot. Well, we all were like, man, you know, we can expand on this. This is a great idea and that was when Darkode was born. 

DTR: So Darkode starts to grow, becoming the largest English-language darkweb marketplace in the world selling exploit packages and leasing botnets to mostly English speakers…. When did it become broader?

RG: We started having people who said they’d serve as translators. So you could talk to these Russians. We dealt with the Russian syndicates. We dealt with Iranians, we dealt with Chinese, we had all of those people on there. Most of my business dealings personally were with Russian people. They were the big mailers [spam operations]. They did the mailing. I did the proxies. They would buy up everything, the Russian syndicate, Chinese syndicate, they were willing to buy everything.

DTR: By then what kind of money were you making?

RG: Back then you might make about 10 grand a week. Something like that…. I think some days you might make less, some days you might make more, um, depends on how you wanted to scale it. But it started to go in a different direction, one of the partners wanted to do more of the stuff I didn’t want to do. Things like credit card fraud, malware and spyware. There were plans on there [Darkode] for how to make remote detonated bombs, and I wasn’t interested in that.

DTR: Talk about how it all ended…

RG: So I get this call from the county attorney in Smithland, and he asked me if I could come to the courthouse to sign some papers. And as I'm walking down through there, I get about halfway through and I see this group of guys in front of me, like they come out of nowhere. And then I kind of turned around and there's a group of guys behind me and they start like closing in and one guy he introduced himself as being a special agent with the FBI, and that he had a warrant and that at that moment, they were also searching my house and at that point, I was just like, holy s***. 

DTR: And they just question you?

RG: They took all my guns. They took my computers, all my computers, all my phones, all of my flash drives, anything that you could have a digital record of anything. Um, the local sheriff, he was just mind blown at this point. Like just completely. He's known me my whole life. And, you know, I remember him saying, if I would've known all this, that you could do all this, I would have had you working right here for us.

DTR: So you plead guilty to a spamming charge and you move on. Then in March, 2020, I don't know when you saw it, there was a so-called Darkode Reborn. What went through your head? 

RG: That it was a joke. I was just like, there's no way. Because the rest of the story is most of the main people, key players, were charged in the Darkode takedown — with the exception of some people I was pretty positive were informants and working for the FBI. So when it came back up, I figured it was an attempt by the FBI to bring in any stragglers that they didn't get in the first round. Darkode Reborn is totally different than what we were.

DTR: Do you feel like you helped contribute to what we're dealing with now in terms of ransomware and malware?

RG: Unfortunately, yes. And I live with that every day… you know, I have to live with knowing that stuff that I pioneered affects millions of people on a daily basis. Um, did I know that it was going to lead into what it went into today? When I started all of this? Of course not. 

I’m a little naive for not looking at all angles of it. But at the same time, I kind of had the mentality of, well, it's kinda like a gun or a hammer. Some people might take a hammer and build a house. Some people might take a hammer and hit someone in the head. But a very common thought that I have is about how many people I’ve hurt in some way. And I’m sorry about that.

Click Here Ep. 2 - Darkode (Transcript) on Scribd