Wednesday, 14. September 2016

Distrust Breeds Enmity in the French Underground

We now know that most of the murky dealings that French cybercriminals engage in happen in the dark recesses of the Deep Web, specifically in the Dark Web. Every now and then though, cybercriminals would make their presence felt on the Surface Web. A popular cybercriminal marketplace now gone, French Dark Net, for one, was seen recently promoting its offerings on YouTube. We’ve seen similarities between the French as well as the Brazilian and North American underground markets in that they use social media as a platform to promote their illegal business. What sets the French underground apart?



Figure 1. Unique to the French underground are so-called “autoshops,” small online shopping places owned and operated by the purveyors themselves. Autoshops are so popular that some cybercriminals earn their keep by providing autoshop-creation services (shown above).

If we were to sum up what makes the French underground unique, it would be the air of extreme caution that surrounds it. Forum/Marketplace owners/operators are always wary of newbies. Anyone interested in participating in a few forums/marketplaces is required to pay a substantial membership fee and even some form of vetting. Newbies don’t get the same treatment as those who have gained the trust of their peers. Forum administrators only allowed people to become real active members after obtaining a certain reputation score. The more successful criminal transactions one has been involved in, the higher his reputation score is.

The air of distrust that surrounds the market often bred enmity among its players. Escrows, as in the Russian and German markets, were thus a must to ensure that transactions were smoothly carried out. Every forum/marketplace had a “hall of shame” to (ironically) call out dishonesty and fraud. French cybercriminals are not only wary of law enforcement agencies that implement stringent cybercrime laws, but even of players (forum/marketplace administrators/members) who may be working with the former.



Figure 2. Unlike most markets, the French underground caters more to buyers of small and inconspicuous weapons (shown above); euthanasia/suicide kits; mailbox master keys; fake bills, receipts, car registrations and checks; bank-account-opening services; and driver’s license points.



Figure 3. A marketplace member peddling driver’s license points specifically for use within France’s borders.

Overall, the French underground is still small–only made up of around 40,000 cybercriminals–amassing €5–10 million per month based on the Gendarmerie Nationale and Police Nationale’s estimates. It caters more to niche requirements for committing fraud against the French speakers. Mailbox master keys, fake receipts/bills, and bank-account-opening services, among others are often sold. But that doesn’t mean cybercriminals can find staples in the French underground. French cybercriminals do dabble in creating their own tools. Of particular interest are locally produced ransomware, data dumps (stolen user credentials), and tools like binders that aid in attacks to individuals and businesses alike.

Know more about the French underground—the latest addition to our cybercriminal underground/Deep Web market research topics—in “The French Underground: Under a Shroud of Extreme Caution.”

Post from: Trendlabs Security Intelligence Blog - by Trend Micro

Distrust Breeds Enmity in the French Underground