• Trend Micro
  • About TrendLabs Security Intelligence Blog
Search:
  • Home
  • Categories
    • Ransomware
    • Vulnerabilities
    • Exploits
    • Targeted Attacks
    • Deep Web
    • Mobile
    • Internet of Things
    • Malware
    • Bad Sites
    • Spam
    • Botnets
    • Social
    • Open source
Home   »   Deep Web   »   The French Dark Net Is Looking for Grammar Police

The French Dark Net Is Looking for Grammar Police

  • Posted on:September 8, 2016 at 5:56 am
  • Posted in:Deep Web
  • Author:
    Cedric Pernet (Threat Researcher)
0

Ecrivez-vous français parfaitement?

Can you read and write in French? Do you have a keen eye for detail to spot mistakes and correct French spelling and grammar? You may just have a promising career as a cybercriminal; that is if you don’t mind getting paid with stolen goods.

Following our recent discoveries in the French underground, we stumbled across another interesting development—the underground marketplace was looking for a “cleaner” and posted the role with a job description on their forum to find a suitable candidate. Based on the job description, a “cleaner” is a person tasked to clean up content by checking for misspellings and overall readability.

This is the first time we have seen a direct advertisement for a job in the underground. In the Surface Web, an ad like this may not seem strange at all. Alongside ads like malware for sale or cybercrime-as-a-service, and this job may sound a bit too easy. Then again, the French language can be very challenging with its gendered nouns and different rules of conjugation.

Here is a screen capture of the job advertisement that we found:

 

Figure 1. Advertisement for a cleaner

Figure 1. Advertisement for a “cleaner” 

Translated, the ad reads as follows:

Title:

Liberty-Market is looking for a Cleaner.

Description:

We are looking for a M/F member, with good spelling, and who is skilled in adjusting the layout of pages.

Obligations:

You will need to connect at least 1h30, 4 times a week.

Responsibilities:

You will be in charge of corrections / layout of posts, so that the Forum becomes more readable.

You will need to fulfil your duties any time it is necessary, which can include several/dozens posts to correct every time you connect (if you only connect for the minimum time required).

Benefits:

You will get your own dashboard for your duties, so that you can correct any post independently.

Pay:

You will be paid with virtual/physical goods: Yes Checks, stolen credit card data, stolen goods, for an amount not exceeding EUR 700 per month.

Contact:

By private message.  

Seeing a job advertisement like this is quite surprising since cybercriminals usually do not make such open advertisements. To get a job done, cybercriminals typically rely on people they personally trust or those who have been referred.

This job ad mirrors the way jobs are advertised in real life. Since this is a criminal enterprise, the main difference lies on the form of payment, which also reflects the industry they operate in—stolen credit card data (that can be monetized), or other virtual/physical stolen goods.

Skill sets required in the underground

Like most marketplaces and forums on the internet, maintaining such platforms requires the involvement of different people–some will be focused on dealing with the technical aspects (e.g. web-hosting and backend development) while some may be working on managing the content of the marketplace or forum (e.g. user privileges and access to content). There are different roles tied to different levels of responsibility and corresponding access to restricted areas.

The ad we recently discovered shows us that there are different skills in demand aside from the expected technical ones. French cybercriminals understand the importance of having skilled individuals to run a cybercrime platform as they may have realized the importance of readability and correct spelling, even in the underground. Also, the French language may be a challenge to understand and bad grammar can be a hindrance to successful phishing scams. If marketplace and forum owners do not have the skills required for their desired outcome, outsourcing becomes an option.

Conclusion

Posting job advertisements to fill a particular role in a cybercriminal business is just one of the many things that make the French underground unique. We have noticed in several cases (and described them in past blogs) that the French sometimes conduct business differently and have unique solutions to their cybercriminal business challenges.

This job ad is something new and we do not assume it will end anytime soon. In fact, we think that the number of job advertisements will increase since it seems like a viable way for some cybercriminals to gain a foothold in the cybercriminal underground. Putting up job ads could also be a way for the French cybercrime underground operators to expand their network by recruiting talent that can’t be found through conventional means in the underground.

In terms of compensation, illegal goods may soon be paired with Bitcoins since it is the most popular currency in the underground at the moment.

 

Related posts:

  • Red on Red: The Attack Landscape of the Dark Web
Learn how to protect Enterprises, Small Businesses, and Home Users from ransomware:
ENTERPRISE »
SMALL BUSINESS»
HOME»
Tags: cleanerFrench Dark NetFrench underground

Featured Stories

  • systemd Vulnerability Leads to Denial of Service on Linux
  • qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
  • Mitigating CVE-2017-5689, an Intel Management Engine Vulnerability
  • A Closer Look at North Korea’s Internet
  • From Cybercrime to Cyberpropaganda

Security Predictions for 2018

  • Attackers are banking on network vulnerabilities and inherent weaknesses to facilitate massive malware attacks, IoT hacks, and operational disruptions. The ever-shifting threats and increasingly expanding attack surface will challenge users and enterprises to catch up with their security.
    Read our security predictions for 2018.

Business Process Compromise

  • Attackers are starting to invest in long-term operations that target specific processes enterprises rely on. They scout for vulnerable practices, susceptible systems and operational loopholes that they can leverage or abuse. To learn more, read our Security 101: Business Process Compromise.

Recent Posts

  • FacexWorm Targets Cryptocurrency Trading Platforms, Abuses Facebook Messenger for Propagation
  • Necurs Evolves to Evade Spam Detection via Internet Shortcut File
  • Monero-Mining RETADUP Worm Goes Polymorphic, Gets an AutoHotKey Variant
  • XLoader Android Spyware and Banking Trojan Distributed via DNS Spoofing
  • XTRAT and DUNIHI Backdoors Bundled with Adwind in Spam Mails

Popular Posts

  • New MacOS Backdoor Linked to OceanLotus Found
  • Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
  • Not Only Botnets: Hacking Group in Brazil Targets IoT Devices With Malware
  • Cryptocurrency Web Miner Script Injected into AOL Advertising Platform
  • Monero-Mining HiddenMiner Android Malware Can Potentially Cause Device Failure

Stay Updated

  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © Trend Micro Incorporated. All rights reserved.