The US cyber intelligence firm Cisco Talos has discovered 74 Facebook groups – touted as “online criminal flea market” — that were buying and selling stolen credit card information and cybercrime tools.
The groups, with approximately 385,000 members, promised to carry out “an array of questionable cyber dirty deeds, including the selling and trading of stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services”.
The majority of these groups use fairly obvious group names, including ‘Spam Professional’, ‘Spammer & Hacker Professional’, and ‘Facebook hack (Phishing)’.
“Despite the fairly obvious names, some of these groups have managed to remain on Facebook for up to eight years, and in the process acquire tens of thousands of group members,” Cisco Telos said in a blog post on Friday.
A simple search for groups containing keywords such as ‘spam’, ‘carding’, or ‘CVV’ will typically return multiple results.
Cisco Telos alerted Facebook about these groups and the social media giant took down the majority of those.
“However new groups continue to pop up, and some are still active as of the date of publishing (Friday),” wrote Cisco Telos.
A Facebook spokesperson told CNET that these groups violated its policies against spam and financial fraud and have removed them.
Talos initially attempted to take down these groups individually through Facebook’s abuse reporting functionality.
While some groups were removed immediately, others only had specific posts removed.
Talos said it continues to cooperate with Facebook to identify and take down as many of these groups as possible.
In April 2018, security reporter Brian Krebs alerted the social media site to dozens of Facebook groups wherein hackers routinely offered a variety of services including carding (the theft of credit card information), wire fraud, tax refund fraud and distributed denial-of-service (DDoS) attacks.
“Operating with impunity, these attackers relentlessly probe cyber-defences of enterprises everywhere.
“This is a high-stakes endeavour because an attacker with even the smallest foothold inside an organisation can do considerable damage,” said Cisco Telos.