Security Market Segment LS
Sunday, 07 April 2019 04:26

Talos duo find Facebook groups carrying out cyber 'dirty deeds'

Talos duo find Facebook groups carrying out cyber 'dirty deeds' Image by Michal Jarmoluk from Pixabay

Researchers from Cisco's Talos Intelligence Group say they have found 74 groups on Facebook where the members promised they would carry out questionable cyber dirty deeds, including selling and trading stolen bank/credit card information, theft and sale of account credentials from a variety of sites, and email spamming tools and services.

Talos' researchers Jon Munshaw and Jaeson Schultz said in a blog post that these groups had approximately 385,000 members.

The duo said these groups were quite easy to find. "A simple search for groups containing keywords such as 'spam', 'carding', or 'CVV' will typically return multiple results," they wrote.

"Of course, once one or more of these groups has been joined, Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find. Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse."

Munshaw and Schultz said they had tried to get these groups taken down by using Facebook's abuse reporting functionality, but found that while some were removed, others only had specific posts deleted.

"Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down," they wrote. "However, new groups continue to pop up, and some are still active as of the date of publishing (5 April, US time).

The researchers said similar groups had been unearthed by former Washington Post employee Brian Krebs in April 2018. They said that months later, even though the groups identified by Krebs had been deleted, a new set of groups, with remarkably similar names, had sprung up.


Credit card numbers and CVVs offered for sale by one of the groups.

Munshaw and Schultz mentioned several posts in the groups they had found, some which were selling credit card numbers and the accompanying CVVs, at times with ID documents or photos which belonged to the victims.

They also found people selling access to long email lists, the ability to move large amounts of cash and sales of shell accounts at various private and public organisations.

The two researchers said it was not known as to how legitimate or successful these users were.

"There are often complaints posted by group members who have been scammed by other group members," they wrote. "In most groups, there is a particular etiquette and form to the posts. Typically sellers will describe what they have versus what they want. Almost all transactions are 'you first' (written as 'U_f', 'uf', etc.), meaning the person interested in making the purchase or trade has to pay or provide their service or product up front.


A list of email addresses offered for sale.

"Like many other Facebook groups, these scammer groups also exist as a forum for scammers to share jokes about some of their less successful campaigns."

They said that so far, Facebook had apparently relied on these communities to police themselves, which for obvious reasons, they were unwilling to do.

"As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities. Operating with impunity, these attackers relentlessly probe cyber-defences of enterprises everywhere. This is a high-stakes endeavour because an attacker with even the smallest foothold inside an organisation can do considerable damage," the pair said.

Screenshots: courtesy Cisco's Talos Intelligence Group


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments