U-Markt: The German Cybercriminal Underground

german cybercriminal underground View U-Markt: The German Cybercriminal Underground

While considered new and relatively smaller than its foreign counterparts, the German underground is a fully developed and well-managed haven that gives cybercriminals just about everything they need to start their own cybecrime business. It is deemed the most developed underground within the European Union despite the existence of the French and Spanish markets.

In U-Markt: Peering into the German Cybercriminal Underground, Trend Micro’s Forward-Looking Threat Research (FTR) Team offers a look into the mixed bag of goods that German underground forums and marketplaces offer. Much like the Deep Web, crimeware, stolen credentials, fake documents, and drugs abound in the German underground.

The paper focuses on three main areas—the major forums and marketplaces in the German underground, the unique wares the market offers, and how the market compares with the Russian underground.

Underground offerings

Like its Russian and Brazilian counterparts, the German underground teems with forums and marketplaces that serve as repositories for stolen data and trading venues for crimeware. Five of the forums we focused on sold hacking tools, credit cards, stolen credentials, narcotics, and fake documents—stuff that any cybercriminal wannabe would love to get his hands on.

Uniquely German

“Treuhand”, or escrows in the German underground, serve as links between buyers and sellers that ensure the smooth flow of business transactions. Sellers prefer to be paid in bitcoins, though some accept “gutscheine”, or vouchers, which they believe adds another layer of anonymity to transactions.

The German underground also boasts of a new dropping means called “Packstation services,” which takes advantage of the German postal service. Packstation service providers have taken the place of droppers in other underground markets.

Locally developed tools crafted by German cyberciminals also abound in the underground. Popular crimeware like Sphinx and Cube in Russian forums were, in fact, first made available and are still heavily advertised on German forums. German-made Triple CCC is also widely available.

The Russian connection

In many ways, we believe German and Russian cybercriminals collaborate with one another. We’ve seen actors who actively operate in both environments. This should not be surprising though, as cybercrime knows no borders.

Get a more detailed look into the German cybercriminal underground in U-Markt: Peering into the German Cybercriminal Underground.


Like it? Add this infographic to your site:
1. Click on the box below.   2. Press Ctrl+A to select all.   3. Press Ctrl+C to copy.   4. Paste the code into your page (Ctrl+V).

Image will appear the same size as you see above.