Security Market Segment LS
Sunday, 07 April 2019 04:26

Talos duo find Facebook groups carrying out cyber 'dirty deeds'

By
Talos duo find Facebook groups carrying out cyber 'dirty deeds' Image by Michal Jarmoluk from Pixabay

Researchers from Cisco's Talos Intelligence Group say they have found 74 groups on Facebook where the members promised they would carry out questionable cyber dirty deeds, including selling and trading stolen bank/credit card information, theft and sale of account credentials from a variety of sites, and email spamming tools and services.

Talos' researchers Jon Munshaw and Jaeson Schultz said in a blog post that these groups had approximately 385,000 members.

The duo said these groups were quite easy to find. "A simple search for groups containing keywords such as 'spam', 'carding', or 'CVV' will typically return multiple results," they wrote.

"Of course, once one or more of these groups has been joined, Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find. Facebook seems to rely on users to report these groups for illegal and illicit activities to curb any abuse."

Munshaw and Schultz said they had tried to get these groups taken down by using Facebook's abuse reporting functionality, but found that while some were removed, others only had specific posts deleted.

"Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down," they wrote. "However, new groups continue to pop up, and some are still active as of the date of publishing (5 April, US time).

The researchers said similar groups had been unearthed by former Washington Post employee Brian Krebs in April 2018. They said that months later, even though the groups identified by Krebs had been deleted, a new set of groups, with remarkably similar names, had sprung up.

talos

Credit card numbers and CVVs offered for sale by one of the groups.

Munshaw and Schultz mentioned several posts in the groups they had found, some which were selling credit card numbers and the accompanying CVVs, at times with ID documents or photos which belonged to the victims.

They also found people selling access to long email lists, the ability to move large amounts of cash and sales of shell accounts at various private and public organisations.

The two researchers said it was not known as to how legitimate or successful these users were.

"There are often complaints posted by group members who have been scammed by other group members," they wrote. "In most groups, there is a particular etiquette and form to the posts. Typically sellers will describe what they have versus what they want. Almost all transactions are 'you first' (written as 'U_f', 'uf', etc.), meaning the person interested in making the purchase or trade has to pay or provide their service or product up front.

talos2

A list of email addresses offered for sale.

"Like many other Facebook groups, these scammer groups also exist as a forum for scammers to share jokes about some of their less successful campaigns."

They said that so far, Facebook had apparently relied on these communities to police themselves, which for obvious reasons, they were unwilling to do.

"As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities. Operating with impunity, these attackers relentlessly probe cyber-defences of enterprises everywhere. This is a high-stakes endeavour because an attacker with even the smallest foothold inside an organisation can do considerable damage," the pair said.

Screenshots: courtesy Cisco's Talos Intelligence Group

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments