A security company has said that cyber-criminals have been trading stolen goods on marketplaces and exchanges that are hosted on Facebook.
Workers at IT and networking specialists, Cisco, claim to have discovered 74 groups on the social network that openly bought and sold illegally obtained payment card and bank account details.
In response, Facebook has said it has closed down groups, which had a regular membership of around 385,000 users, because they violated the platform’s financial fraud policies.
In a blog post, researchers Jon Munshaw and Jaeson Schultz spoke of their surprise at the criminals’ flagrant disregard for the rules, demonstrated by their willingness to operate “out in the open”.
Munshaw and Shultz, who are both from Cisco’s Talos security division, said that going after online thieves meant honing in on their presence within hidden servers on the dark web, as opposed to going after those responsible through social media platforms themselves.
The gangs went to lengths to ensure their activities stayed in the dark on Facebook, with a myriad of tactics being employed to stay low, going from unethical to fully illegal.
Some of the cyber-criminals were offering hacking, phishing and spamming services in full public view. Others actively sought out stolen financial details, including payment card numbers and other personal identification data.
Crypto-currencies and PayPal were among the currencies accepted across the various criminal marketplaces, with some of the groups employing middlemen to take money to those buying.
The two researchers were able to use Facebook’s “similar search” function, which suggested groups of a similar nature when the criminal activity was being investigated.
Initially, the two researchers from Talos tried to get the groups closed down by employing Facebook’s own site tools, but this did not work. They then collaborated with Facebook’s security team, relaying details on the criminal element at large.
This was successful in getting most of the groups shut down, but some are still active, Talos said.
Facebook spoke of its awareness of the trading, stating: “We know we need to be more vigilant and we’re investing heavily to fight this type of activity.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.