French hackers selling hidden .22 calibre pen guns on secret forums

Other nations' crackers deal in code only, but in France things are seriously nasty


French hackers are selling concealed weapons including so-called pen guns that fire .22 Long Rifle bullets on highly secretive crime forums, threat researcher Cedric Pernet says.

Videos of the home-made pen guns scattered around the internet show the weapons in working use.

The guns are being sold for €150 (US$169, £127, A$226) alongside other concealed weapons like knuckle dusters and knives, and more expensive conventional large firearms.

Trend Micro's Pernet made the discovery while researching on French hacking forums for the security company's series of global regional analysis of criminal hacker scenes published over the last year and covered by El Reg.

Those examine online crime economies including North America, Japan, China, Russia, and Germany.

Youtube Video

Pernet finds the concealed weapons are unique to the French crime forums, along with euthanasia kits, and bank account registration services which help criminals outsource the tremendous risk stemming from France's requirement that accounts be opened in person at branches.

French criminals are also willing to cop traffic infringement demerit points and have their details put down as a nominated driver, for a price.

These offerings join more typical goods and services including software exploits, credit cards, and data dumps.

The hallmark of the French crime sites, however, is an exceptionally high levels of identity vetting.

Concealed weapons for sale.

Concealed weapons for sale. Image: Cedric Pernet.

Pernet says the criminal underground in France is seeded with suspicion making life harder for new hacker entrants than any other regional online crime scene.

Youtube Video

France is, Pernet says, the "alter ego" of the United States where any hacker can join barely-secured crime forums crawling with scammers and police.

The French hide their marketplaces in the dark web, enforce mandatory five percent commission escrow payments to minimise scam transactions and operate "rampant" halls of shame in which scammers are tarred and feathered.

Pernet says a respectively small community of some 40,000 hackers operate in the French-speaking crime forums, bagging between €5 million to €10 million a month.

"Overall, the French underground is a small market that caters more to niche requirements for committing fraud against the French-speaking victim base," Pernet says in the The French Underground: Under a Shroud of Extreme Caution [PDF]

"It operates under a shroud of caution.

"Its players are not only wary of law enforcement agencies that implement stringent cybercrime laws, but even of players who may be working with the former."

Many French criminals operate their own sites, dubbed "autoshops", where sellers market direct on the dark web. These run alongside the large identity-vetted crime forums common in Russian-and-English-speaking forums. ®


Other stories you might like

  • OMIGOD: Cloud providers still using secret middleware
    All the news you may have missed from RSA this week

    RSA Conference in brief Researchers from Wiz, who previously found a series of four serious flaws in Azure's Open Management Infrastructure (OMI) agent dubbed "OMIGOD," presented some related news at RSA: Pretty much every cloud provider is installing similar software "without customer's awareness or explicit consent."

    In a blog post accompanying the presentation, Wiz's Nir Ohfeld and Shir Tamari say that the agents are middleware that bridge customer VMs and the provider's other managed services. The agents are necessary to enable advanced VM features like log collection, automatic updating and configuration syncing, but they also add new potential attack surfaces that, because customers don't know about them, can't be defended against.

    In the case of OMIGOD, that included a bug with a 9.8/10 CVSS score that would let an attacker escalate to root and remotely execute code. Microsoft patched the vulnerabilities, but most had to be applied manually.

    Continue reading
  • Cops' Killer Bee stings credential-stealing scammer
    Fraudster and two alleged accomplices nabbed in joint op

    An Interpol-led operation code-named Killer Bee has led to the arrest and conviction of a Nigerian man who was said to have used a remote access trojan (RAT) to reroute financial transactions and steal corporate credentials. Two suspected accomplices were also nabbed.

    The trio, aged between 31 and 38, were detained as part of a sting operation involving law enforcement agencies across 11 countries: Brunei, Cambodia, Indonesia, Laos, Malaysia, Myanmar, Nigeria, Philippines, Singapore, Thailand, and Vietnam. 

    The suspects were arrested in the Lagos suburb of Ajegunle and in Benin City, Nigeria. At the time of their arrests, all three men were in possession of fake documents, including fraudulent invoices and forged official letters, it is claimed.

    Continue reading
  • Inside the RSAC expo: Buzzword bingo and the bear in the room
    We mingle with the vendors so you don't have to

    RSA Conference Your humble vulture never liked conference expos – even before finding myself on the show floor during a global pandemic. Expo halls are a necessary evil that are predominatly visited to find gifts to bring home to the kids. 

    Do organizations really choose security vendors based on a booth? The whole expo hall idea seems like an outdated business model – for the vendors, anyway. Although the same argument could be made for conferences in general.

    For the most part, all of the executives and security researchers set up shop offsite – either in swanky hotels and shared office space (for the big-wigs) or at charming outdoor chess tables in Yerba Buena Gardens. Many of them said they avoided the expo altogether.

    Continue reading
  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Cisco EVP: We need to lift everyone above the cybersecurity poverty line
    It's going to become a human-rights issue, Jeetu Patel tells The Register

    RSA Conference Exclusive Establishing some level of cybersecurity measures across all organizations will soon reach human-rights issue status, according to Jeetu Patel, Cisco EVP for security and collaboration.

    "It's our civic duty to ensure that everyone below the security poverty line has a level of safety, because it's gonna eventually get to be a human-rights issue," Patel told The Register, in an exclusive interview ahead of his RSA Conference keynote. 

    "This is critical infrastructure — financial services, health care, transportation — services like your water supply, your power grid, all of those things can stop in an instant if there's a breach," he said. 

    Continue reading
  • 1Password's Insights tool to help admins monitor users' security practices
    Find the clown who chose 'password' as a password and make things right

    1Password, the Toronto-based maker of the identically named password manager, is adding a security analysis and advice tool called Insights from 1Password to its business-oriented product.

    Available to 1Password Business customers, Insights takes the form of a menu addition to the right-hand column of the application window. Clicking on the "Insights" option presents a dashboard for checking on data breaches, password health, and team usage of 1Password throughout an organization.

    "We designed Insights from 1Password to give IT and security admins broader visibility into potential security risks so businesses improve their understanding of the threats posed by employee behavior, and have clear steps to mitigate those issues," said Jeff Shiner, CEO of 1Password, in a statement.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading

Biting the hand that feeds IT © 1998–2022