Facebook Is Hosting Multiple Cybercrime Marketplaces

Facebook has been host to "dozens" of busy marketplaces and exchanges used by cyber-thieves to buy and sell stolen goods, suggests a security firm. Researchers at Cisco found 74 groups on Facebook that openly traded stolen credit card numbers and bank account details. 

The groups had a regular membership of about 385,000 people, they found. Facebook said it had shut down the groups for breaking the social network's policies on financial fraud.

Jon Munshaw and Jaeson Schultz from Cisco's Talos security division detailed their findings in a blog and said they were surprised that the thieves were operating "right out in the open". Often, said the pair, pursuing cyber-criminals involved tracing them to hidden servers on dark web addresses, rather than just searching on social media sites. Instead, they said, the gangs operating on Facebook took few steps to conceal what they were doing. The groups exhibited a wide variety of behaviours that spanned the spectrum from "shady" to, "illegal".

Some openly advertised hacking, phishing and spamming services, while others sought buyers for stolen personal finance information that included both credit card numbers and personal documents, including driving licences and ID cards.

Facebook's own algorithms also proved useful because they "helpfully" suggested other similar-themed groups once the two researchers started looking for card thieves, spammers and other cyber-criminals.Across the groups, payment was accepted in crypto-currencies or via payment services such as PayPal, said the Talos team. Some groups used middlemen or "mules" to pipe cash to buyers. 

The Talos researchers said they initially tried to get the groups shut down by using Facebook's own on-site tools but this proved ineffective.

To make a bigger impact, the team built up links with Facebook's internal security team and passed on detailed information about the criminal marketplaces. This led to the "majority" of the groups being removed, they said, but some were still active and Talos was still working to shut these down. 

Facebook said it removed groups that "violated" policies against spam and financial fraud. It added: "We know we need to be more vigilant and we're investing heavily to fight this type of activity." 

BBC:  

You Might Also Read:

Cybercrime Misconceptions Put Consumers At Risk:

 

« A Snapshot Of Cybercrime In The UK
Critical Infrastructure Is Under Worldwide Attack »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

STMicroelectronics

STMicroelectronics

ST is a global semiconductor leader delivering intelligent and energy-efficient products and solutions that power the electronics at the heart of everyday life.

MIT Internet Policy Research Initiative (IPRI)

MIT Internet Policy Research Initiative (IPRI)

IPRI's mission is to work with policy makers and technologists to increase the trustworthiness and effectiveness of interconnected digital systems

AMETIC

AMETIC

AMETIC, is the Association of Electronics, Information and Communications Technologies, Telecommunications and Digital Content Companies in Spain.

National Cyber Security Centre (NCSC) - Switzerland

National Cyber Security Centre (NCSC) - Switzerland

The National Cyber Security Centre is Swizerland's competence centre for cybersecurity and the first contact point for businesses, public administrations, and the public for cyber issues.

FinCom.co

FinCom.co

FinCom.Co is the world’s first automatic AML/ KYC screening system, for comprehensive compliance.

Corvid

Corvid

Corvid is an experienced team of cyber security experts who are passionate about delivering innovative, robust and extensive defence systems to help protect businesses against cyber threats.

Digital Resolve

Digital Resolve

Digital Resolve delivers solutions that help companies maintain trust and confidence through proven and cost-effective fraud-protection and identity intelligence technology.

Standards Council of Canada (SCC)

Standards Council of Canada (SCC)

SCC leads and facilitates the development and use of national and international standards and accreditation services in Canada.

Insight Partners

Insight Partners

Insight Partners is a leading global private equity and venture capital firm investing in growth-stage technology, software and Internet businesses.

Critical Start

Critical Start

Critical Start provides Managed Detection and Response services, endpoint security, threat intelligence, penetration testing, risk assessments, and incident response.

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions (X-ES)

Extreme Engineering Solutions is a leader in the design, manufacture, testing, and support of hardware and software solutions for the embedded computing market.

HACKNER Security Intelligence

HACKNER Security Intelligence

HACKNER Security Intelligence is an independent security consultancy delivering comprehensive security assessments across IT security, physical security, and social engineering.

TekSynap

TekSynap

TekSynap is a full spectrum Information Technology services provider to federal government agencies.

Early Game Ventures (EGV)

Early Game Ventures (EGV)

Early Game Ventures invests in startups that jumpstart new industries in the emerging markets of Europe.

Seers

Seers

Seers is the world’s leading privacy & consent management platform for companies worldwide. Trusted by over 50,000+ businesses.

Kaine Mathrick Tech (KMT)

Kaine Mathrick Tech (KMT)

KMT deliver comprehensive cyber-first outsourced technology support and solutions that scale with your business.