Inside the German cybercriminal underground

Pierluigi Paganini December 14, 2015

Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union.

We have reported several times the news related to various criminal cybercriminal underground underground communities in the wild, such as American underground, the Russian underground, the Brazil underground, the Chinese underground and also the Japanese one.

What about the European cybercriminal underground?

This time, we will talk about the Germany cybercriminal underground, Trend Micro investigated on German crime forums and concluded that Germany possesses the most advanced cybercrime ecosystem in the European Union, beating known markets as the French and Spanish.

The Trend Micro survey examined 10 big crime forums, some of them holding a registered, active base between 20.000 and 70.000 users. The findings of the investigation are available in the paper titled U-Markt: Peering into the German Cybercriminal Underground.

German cybercriminal underground prices

“The German underground does not have as wide a selection of offerings as the Russian market. In most cases, it isn’t necessary to search for special goods and services in local communities because global (English-speaking) markets have more to offer. But when it comes to customized wares, it is harder to find appropriate equivalents. This is a niche that smaller communities (like the German underground) need to find in order to thrive and stay up.” Reads the paper-

In these places, it is quite easy to buy any kind of illegal product and service including:

  • Malware (Trojans, bank-stealers, and backdoors)
  • Drugs
  • Bulletproof hosts(BPHSs), to used to store malware components, exploit kits.
  • Fake IDs
  • Hacked accounts
  • Crypting services

In terms of banner ads, “are an easy way to promote partner sites (a marketplace run by those behind a certain forum in any community, most notably in the Russian underground). These can help marketplaces widen their client bases.”

German cybercriminal underground banners

Very interesting is the Packstation service described in the report as a delivery method exploited by criminals and that takes advantage of the German postal service.

“Most underground markets rely on droppers who cash in stolen credit cards and online accounts. There is no longer a need for droppers in the German underground. Users instead rely on the so-called “Packstation service” that takes advantage of the German postal service. This allows sellers to put goods sold in publicly accessible metal boxes for their buyers to pick up using their pTANs and access cards.”

The advantage of the “Packstation” redides in the fact that cybercriminals can easily perform “exchange of goods and payment. Users’ addresses cannot be tracked though they need to apply for the service using a physical (home) address and a mobile phone number (which are easy to fake) so they can receive short messaging service (SMS) notifications alongwith their pTANs to claim their parcels”

German cybercriminal underground packstation

What does really make the Germany cybercriminal underground the most advanced cyber-crime in the all European Union? The answer is Russia, because both the German and the Russian underground forums are full of carding service banner ads. These adds are normally associated with Russian underground offerings but heavily advertised in German forums.

A good examples is “Rescator.cm”, one of Russia’s biggest stolen credit card marketplaces that is being advertised in the German underground, also “SecureVPN.to” but there are more.

Trend Micro also published the list of usernames per forums, probably to help future investigations.

I believe we will keep seeing more and more news about this cybercriminal underground due to the rapid growth of black markets.

About the Author Elsio Pinto

Elsio Pinto (@high54security) is at the moment the Lead McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog McAfee Security Engineer at Swiss Re, but he also as knowledge in the areas of malware research, forensics, ethical hacking. He had previous experiences in major institutions being the European Parliament one of them. He is a security enthusiast and tries his best to pass his knowledge. He also owns his own blog http://high54security.blogspot.com/

Edited by Pierluigi Paganini

(Security Affairs – cybercrime, criminal underground)



you might also like

leave a comment