An online black market offering cybercrime goods and services was found on Facebook, spreading over 74 groups and totaling around 385,000 members, according to a report by Cisco Talos security researchers.
"The majority of these groups use fairly obvious group names, including 'Spam Professional,' 'Spammer & Hacker Professional,' 'Buy Cvv On THIS SHOP PAYMENT BY BTC,' and 'Facebook hack (Phishing),' says Cisco Talos.
More to the point, the members of these Facebook groups sell, buy, and exchange anything from account credentials and phishing tools and services credit card info and fake IDs.
"Others products and services were also promoted. We saw spammers offering access to large email lists, criminals offering assistance moving large amounts of cash, and sales of shell accounts at various organizations, including government," also said the Cisco Talos researchers.
Sample Facebook posts offering illegal services and goodsWhat's even more surprising is that it is very simple to find and join these cybercrime-focused Facebook groups, especially since Facebook's algorithms will automatically suggest joining similar groups from the same network designed to promote illegal cybercrime tools and services.
While Cisco Talos first tried to take down the groups using the social network's
abuse report feature, the security researchers had to eventually reach out to Facebook and disclosed their findings after their initial attempts weren't fully successful.
This led to the eventual takedown of most of the Facebook groups involved in the virtual black market, but, as
reported by Cisco Talos, new groups have been created and some of them are still active and need to be closed by the social network's security team.
More sample Facebook posts offering illegal services and goodsThis is definitely not the first time this type of activity has been found on Facebook, with
Brian Krebs previously reporting about 120 private Facebook groups with over 300,000 members who exchanged illicit services and tools.
According to Krebs, who also provided
a spreadsheeet with the full list of groups found to engage in this type of activities, "The scam groups facilitated a broad spectrum of shady activities, including spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools."
The big issue behind the reoccurrence of these groups is Facebook's reliance on their members' willingness to report themselves.
And, as Cisco Talos concludes, "As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities. Operating with impunity, these attackers relentlessly probe cyber-defenses of enterprises everywhere."
source
