Facebook has removed 74 groups in which many of their 385,000 members were offering a wide array of cybercrime services, following a warning from security researchers from Cisco Talos.
They uncovered scores of groups where hundreds of thousands of members oversaw the trade of passwords, credit card information and hacking tools.
Instead of wheeling-and-dealing using hidden servers on some mysterious dark web address, a large number of cyber scofflaws prefer to operate right out in the open using social media.
Cisco Talos tracked several groups on Facebook where "shady" and illegal activities frequently take place. Despite the fairly obvious names (i.e "Spam Professional," "Spammer & Hacker Professional,") some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members.
Talos compiled a list of 74 groups on Facebook whose members promised to carry out an array of questionable cyber dirty deeds, including the selling and trading of stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services. In total, these groups had approximately 385,000 members.
Many of the activities on these pages are outright illegal. For example, Talos discovered several posts where users were selling credit card numbers and their accompanying CVVs, sometimes with identification documents or photos belonging to the victims.
Others products and services were also promoted. The security researchers saw spammers offering access to large email lists, criminals offering assistance moving large amounts of cash, and sales of shell accounts at various organizations, including government.
They even saw users offering the ability to forge/edit identification documents.
The majority of the time, these sellers asked for payment in the form of cryptocurrencies. Others employ the use of so-called "middlemen" who act as a go-between between the buyer and the seller of the information and take a cut of the profits. These users usually promoted the use of PayPal accounts to complete the transaction.
Talos initially attempted to take down these groups individually through Facebook's abuse reporting functionality. While some groups were removed immediately, other groups only had specific posts removed. Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing. Talos continues to cooperate with Facebook to identify and take down as many of these groups as possible.
This is not a new problem for Facebook, which has been tasked with putting out numerous dumpster fires in recent months, from Russian misinformation campaigns to neo-Nazi hate speech. Then there was the horror of a live streamed mass murder in New Zealand. In April 2018, security reporter Brian Krebs alerted the social media site to dozens of Facebook groups wherein hackers routinely offered a variety of services including carding (the theft of credit card information), wire fraud, tax refund fraud and distributed denial-of-service (DDoS) attacks. Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs.
"Social media has provided tools enabling individuals from all over the globe to congregate and share ideas. This is one of social media's defining features. However, the underlying computer algorithms that help us connect, suggesting new friends or networks, are not intelligent enough to distinguish benign activities from the unethical or outright illegal. So far, Facebook has apparently relied on these communities to police themselves, which for obvious reasons, these criminal communities are reticent to do. As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities," said Talos.