Facebook Is Hosting Multiple Cybercrime Marketplaces

Uploaded on 2019-04-10 in TECHNOLOGY-Key Areas-Social Media, GOVERNMENT-Law Enforcement, FREE TO VIEW

Facebook has been host to "dozens" of busy marketplaces and exchanges used by cyber-thieves to buy and sell stolen goods, suggests a security firm. Researchers at Cisco found 74 groups on Facebook that openly traded stolen credit card numbers and bank account details. 

The groups had a regular membership of about 385,000 people, they found. Facebook said it had shut down the groups for breaking the social network's policies on financial fraud.

Jon Munshaw and Jaeson Schultz from Cisco's Talos security division detailed their findings in a blog and said they were surprised that the thieves were operating "right out in the open". Often, said the pair, pursuing cyber-criminals involved tracing them to hidden servers on dark web addresses, rather than just searching on social media sites. Instead, they said, the gangs operating on Facebook took few steps to conceal what they were doing. The groups exhibited a wide variety of behaviours that spanned the spectrum from "shady" to, "illegal".

Some openly advertised hacking, phishing and spamming services, while others sought buyers for stolen personal finance information that included both credit card numbers and personal documents, including driving licences and ID cards.

Facebook's own algorithms also proved useful because they "helpfully" suggested other similar-themed groups once the two researchers started looking for card thieves, spammers and other cyber-criminals.Across the groups, payment was accepted in crypto-currencies or via payment services such as PayPal, said the Talos team. Some groups used middlemen or "mules" to pipe cash to buyers. 

The Talos researchers said they initially tried to get the groups shut down by using Facebook's own on-site tools but this proved ineffective.

To make a bigger impact, the team built up links with Facebook's internal security team and passed on detailed information about the criminal marketplaces. This led to the "majority" of the groups being removed, they said, but some were still active and Talos was still working to shut these down. 

Facebook said it removed groups that "violated" policies against spam and financial fraud. It added: "We know we need to be more vigilant and we're investing heavily to fight this type of activity." 

BBC:  

You Might Also Read:

Cybercrime Misconceptions Put Consumers At Risk:

 

« A Snapshot Of Cybercrime In The UK
Critical Infrastructure Is Under Worldwide Attack »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DoSarrest Internet Security Ltd

DoSarrest Internet Security Ltd

DOSarrest is a fully managed security firm specializing in cloud based DDoS protection services to a worldwide client base.

Hyve

Hyve

Hyve provide a wide range of managed web hosting services including private, hybrid and public VMware cloud hosting.

Attivo Networks

Attivo Networks

Attivo Networks is an award winning provider of deception for in-network threat detection, attack forensic analysis, and continuous threat response.

Lanner Electronics

Lanner Electronics

Lanner Electronics is a leading hardware provider for advanced network appliances and industrial automation solutions including cyber security.

Advantech

Advantech

Advantech is a leader in providing trusted innovative embedded and automation products and solutions. Activities include IoT security.

Cyber Seguridad (Cyberseg)

Cyber Seguridad (Cyberseg)

Cyberseg provides specialized Cybersecurity services, including managed services (SOC / CERTs) and solutions for the protection of critical infrastructures.

Living Security

Living Security

Living Security specializes in metric driven and engaging security awareness solutions that reduce risk by increasing security culture and changing employee behaviour.

AdaptiveMobile Security

AdaptiveMobile Security

AdaptiveMobile Security, a world leader in mobile network security, protecting more than 2.2 billion subscribers worldwide.

Tigera

Tigera

Tigera provides zero-trust network security and continuous compliance for Kubernetes platforms that enables enterprises to meet their security and compliance requirements.

Data Destruction London

Data Destruction London

Data Destruction London offers fast, confidential and compliant expert data destruction services to businesses and organisations in London.

ConvergeOne

ConvergeOne

ConvergeOne is a leading global IT services provider of collaboration and technology solutions including cybersecurity.

DarkOwl

DarkOwl

DarkOwl provides the world’s largest index of darknet content and the tools to efficiently find leaked or otherwise compromised sensitive data.

INE

INE

INE is a premier provider of Technical Training for the IT industry.

Action1

Action1

Action1 is a Cloud-based lightweight endpoint security platform that discovers all of your endpoints in seconds and allows you to retrieve live security information from the entire network.

All About Cookies

All About Cookies

All About Cookies is an informational website that provides tips, advice, and recommendations to help you with Online Privacy, Identity Theft Prevention, Antivirus Protection, and Digital Security.

NetAlly

NetAlly

NetAlly network test solutions help engineers and technicians better deploy, manage, maintain, and secure today’s complex wired and wireless networks.