A security company has said that cyber-criminals have been trading stolen goods on marketplaces and exchanges that are hosted on Facebook.
Workers at IT and networking specialists, Cisco, claim to have discovered 74 groups on the social network that openly bought and sold illegally obtained payment card and bank account details.
In response, Facebook has said it has closed down groups, which had a regular membership of around 385,000 users, because they violated the platform’s financial fraud policies.
In a blog post, researchers Jon Munshaw and Jaeson Schultz spoke of their surprise at the criminals’ flagrant disregard for the rules, demonstrated by their willingness to operate “out in the open”.
Munshaw and Shultz, who are both from Cisco’s Talos security division, said that going after online thieves meant honing in on their presence within hidden servers on the dark web, as opposed to going after those responsible through social media platforms themselves.
The gangs went to lengths to ensure their activities stayed in the dark on Facebook, with a myriad of tactics being employed to stay low, going from unethical to fully illegal.
Some of the cyber-criminals were offering hacking, phishing and spamming services in full public view. Others actively sought out stolen financial details, including payment card numbers and other personal identification data.
Crypto-currencies and PayPal were among the currencies accepted across the various criminal marketplaces, with some of the groups employing middlemen to take money to those buying.
The two researchers were able to use Facebook’s “similar search” function, which suggested groups of a similar nature when the criminal activity was being investigated.
Initially, the two researchers from Talos tried to get the groups closed down by employing Facebook’s own site tools, but this did not work. They then collaborated with Facebook’s security team, relaying details on the criminal element at large.
This was successful in getting most of the groups shut down, but some are still active, Talos said.
Facebook spoke of its awareness of the trading, stating: “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.
European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.