This article is more than 1 year old

Russian friends make German web scum the 'best' in European Union

Researchers find n00b friendly slick sites in crime forum probe

The German cyber crime market is an overlooked but unique beast that works in lockstep with Russian veterans to serve fraud-flinging newcomers and hardened carders alike, researchers say.

In one of the few examinations into German crime forums a team of Trend Micro threat bods say the scene is the most developed in the European Union, besting mature hacking hangouts in Spain and France.

Researchers canvassed 10 large crime forums housing some 70,000 registered users of which 20,000 were considered active, and covered the findings in the paper U-Markt: Peering into the German Cybercriminal Underground (PDF).

"The German cyber criminal underground is well-developed-and-managed by cyber criminals even though it remains a small community in number compared with the Russian and Brazilian underground markets," researchers say.

"[It] is indeed a newcomer that offers everything cybercriminals need to start in the cybercrime business

"In many ways, we believe German and Russian cybercriminals collaborate with one another."

Ads on one crime forum

Ads on

Malware including remote access trojans, bank-stealers, and backdoors can be bought alongside stolen password dumps, credit cards from across Europe, and all manner of drugs.

Fake identities, databases of ripped personal information, and bulletproof hosting are also on offer.

The German scene however offers so-called "packstation" services where the country's postal service can be used as dead drops. Here criminals can leave packages for buyers and remove the need for droppers, the name given to criminals who for a fee will cash out stolen credit cards through buying goods.

The service is more secure and convenient than the riskier dropper services used in other crime forums.

"Users’ addresses cannot be tracked though they need to apply for the service using a home address and a mobile phone number, which are easy to fake, so they can receive short messaging service notifications along with their pTANs to claim their parcels," researchers say.

German crime sites are also unique for the high number of coders offering their skills to build web apps and malware.

Researchers say the older forum models are being replaced by slicker Silk Road-esque marketplaces. Those off-the-shelf offerings make it easier for newcomers and those interested in standard fare web crime, while forums are still the net den of choice for custom services and wares.

The most developed German crime sites offer mirrors on the Tor hidden service network.

Trend Micro has also dumped a laundry list of hacker usernames for specific forums which will be treat for other crime investigators. ®

More about


Send us news

Other stories you might like