Cybercriminals used 74 Facebook groups to buy and sell hacking tools, stolen information and rent out spam services, according to research published Friday by Cisco’s Talos threat intelligence group.
Roughly 385,000 members speaking a variety of different languages were involved with the groups, which used obvious names such as “Spam Professional,” “Spammer & Hacker Professional” and “Facebook hack (phishing),” Talos reported. Researchers said anyone with a Facebook account could find the groups by searching for keywords such as “spam,” “carding,” or “CVV,” and Facebook’s algorithm then would suggest similar groups.
While most groups have been removed, their size and reach again demonstrates how Facebook has struggled to prevent users from using the platform for nefarious purposes. Some of the pages detected by Talos researchers existed for up to eight years.
“Talos initially attempted to take down these groups individually through Facebook’s abuse reporting functionality,” the researchers said. “While some groups were removed immediately, other groups only had specific posts removed. Eventually, through our contact with Facebook’s security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing.”
Facebook last year deleted nearly 120 private discussion groups that were facilitating illegal activity after an alert by security journalist Brian Krebs. Those groups contained more than 300,000 members, Krebs reported at the time.
“These Groups violated our policies against spam and financial fraud and we removed them,” Facebook said in a statement. “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.”
In this case, Talos uncovered posts where users users sold credit card information, the three-digit security code alongside documents identifying the victims, either in the form of a picture or an identification document.
Other pages listed large databases of email lists to spammers, while others sought assistance on how to transfer large amounts of cash into an American bank while avoiding detection.
The findings, Talos notes, demonstrate that while social media can connect people for good, the same algorithms bring together criminals, spammers and others who will seize the platform to prey on others.
“So far, Facebook has apparently relied on these communities to police themselves, which for obvious reasons, these criminal communities are reticent to do,” researchers said in a blog post. “As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities. Operating with impunity, these attackers relentlessly prove cyber-defenses of enterprises everywhere.”
Updated April 5 at 12:03pm ET to include comment from Facebook.