Cisco Uncovers 74 Cybercrime Groups on Facebook
Researchers have discovered numerous Facebook groups hawking a variety of cybercrime services such as the buying, selling, or trading of stolen payment card data.
Researchers at Cisco’s Talos security group have uncovered 74 Facebook groups with an estimated 385,000 members providing a marketplace which offers cybercrime as a service.
Members of these groups were found to be buying, selling, information such as hacked credentials, ID cards, driving licences, personal documents and payment-card details. Some of the groups acted as forums for selling spamming and phishing tools.
Facebook, which is already under global scrutiny over its behaviour, said it has shut down the groups for breaking its policies on financial fraud. Recently, the social network has been accused of the unethical use of its users’ data, spreading disinformation, proliferating anti-vaccine beliefs and conspiracy theories.
Talos security researchers, Jon Munshaw and Jaeson Schultz, expressed shock at how brazenly the groups were operating “right out in the open”. Many of the groups were operating under obvious group names, including “Spam Professional,” and “Spammer & Hacker Professional”.
Normally, they said, tracking down cyber criminals required tracing them to hidden servers on dark web addresses, however, in this instance they discovered these groups by performing simple searches on social media sites.
The gangs operating on Facebook took only a few basic steps to conceal their activity, and exhibited behaviours ranging from “shady” to “illegal”. Customers were able to pay using cryptocurrency and via payment services such as PayPal, while some opted to use middlemen to transfer cash.
However, Talos wrote in its report: “It’s unclear based on these groups how successful or legitimate some of the users are. There are often complaints posted by group members who have been scammed by other group members.
According to the report: “These Facebook groups are quite easy to locate for anyone possessing a Facebook account. A simple search for groups containing keywords such as “spam,” “carding,” or “CVV” will typically return multiple results. Of course, once one or more of these groups has been joined, Facebook’s own algorithms will often suggest similar groups, making new criminal hangouts even easier to find.
“Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse. Talos initially attempted to take down these groups individually through Facebook’s abuse-reporting functionality. While some groups were removed immediately, other groups only had specific posts removed.
“Eventually, through contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however, new groups continue to pop up, and some are still active as of the date of publishing. Talos continues to cooperate with Facebook to identify and take down as many of these groups as possible”.
Despite the removal of these groups, Craig Williams, a senior technology leader and global outreach manager at Talos, told Ars Technica that it was likely that similar groups would pop up to take their place. Indeed, a quick Facebook search revealed similar groups offering almost identical services, such as selling spamming tools and hackers for hire.
Talos researchers were able to confirm that the illegal items or services sold in the group pages were being used in real crimes taking place online.
This is not the first time Facebook has had a problem with such groups. In April 2018, security reporter Brian Krebs alerted the social media site about dozens of groups where hackers routinely offered services such as DDoS attacks, tax refund fraud, and wire fraud.
Although these groups were disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical to the groups Krebs had reported.