Ecrivez-vous français parfaitement?
Can you read and write in French? Do you have a keen eye for detail to spot mistakes and correct French spelling and grammar? You may just have a promising career as a cybercriminal; that is if you don’t mind getting paid with stolen goods.
Following our recent discoveries in the French underground, we stumbled across another interesting development—the underground marketplace was looking for a “cleaner” and posted the role with a job description on their forum to find a suitable candidate. Based on the job description, a “cleaner” is a person tasked to clean up content by checking for misspellings and overall readability.
This is the first time we have seen a direct advertisement for a job in the underground. In the Surface Web, an ad like this may not seem strange at all. Alongside ads like malware for sale or cybercrime-as-a-service, and this job may sound a bit too easy. Then again, the French language can be very challenging with its gendered nouns and different rules of conjugation.
Here is a screen capture of the job advertisement that we found:
Figure 1. Advertisement for a “cleaner”
Translated, the ad reads as follows:
Title:
Liberty-Market is looking for a Cleaner.
Description:
We are looking for a M/F member, with good spelling, and who is skilled in adjusting the layout of pages.
Obligations:
You will need to connect at least 1h30, 4 times a week.
Responsibilities:
You will be in charge of corrections / layout of posts, so that the Forum becomes more readable.
You will need to fulfil your duties any time it is necessary, which can include several/dozens posts to correct every time you connect (if you only connect for the minimum time required).
Benefits:
You will get your own dashboard for your duties, so that you can correct any post independently.
Pay:
You will be paid with virtual/physical goods: Yes Checks, stolen credit card data, stolen goods, for an amount not exceeding EUR 700 per month.
Contact:
By private message.
Seeing a job advertisement like this is quite surprising since cybercriminals usually do not make such open advertisements. To get a job done, cybercriminals typically rely on people they personally trust or those who have been referred.
This job ad mirrors the way jobs are advertised in real life. Since this is a criminal enterprise, the main difference lies on the form of payment, which also reflects the industry they operate in—stolen credit card data (that can be monetized), or other virtual/physical stolen goods.
Skill sets required in the underground
Like most marketplaces and forums on the internet, maintaining such platforms requires the involvement of different people–some will be focused on dealing with the technical aspects (e.g. web-hosting and backend development) while some may be working on managing the content of the marketplace or forum (e.g. user privileges and access to content). There are different roles tied to different levels of responsibility and corresponding access to restricted areas.
The ad we recently discovered shows us that there are different skills in demand aside from the expected technical ones. French cybercriminals understand the importance of having skilled individuals to run a cybercrime platform as they may have realized the importance of readability and correct spelling, even in the underground. Also, the French language may be a challenge to understand and bad grammar can be a hindrance to successful phishing scams. If marketplace and forum owners do not have the skills required for their desired outcome, outsourcing becomes an option.
Conclusion
Posting job advertisements to fill a particular role in a cybercriminal business is just one of the many things that make the French underground unique. We have noticed in several cases (and described them in past blogs) that the French sometimes conduct business differently and have unique solutions to their cybercriminal business challenges.
This job ad is something new and we do not assume it will end anytime soon. In fact, we think that the number of job advertisements will increase since it seems like a viable way for some cybercriminals to gain a foothold in the cybercriminal underground. Putting up job ads could also be a way for the French cybercrime underground operators to expand their network by recruiting talent that can’t be found through conventional means in the underground.
In terms of compensation, illegal goods may soon be paired with Bitcoins since it is the most popular currency in the underground at the moment.
