Want to buy stolen credit card numbers? Maybe head to Facebook.
Cybercriminals have been discovered openly selling hacking services and stolen goods on the social network by creating Facebook groups that anyone can search for, according to Cisco's Talos security unit, which has been investigating the shady and illegal activities.
Keyword searches for "spam," "carding," or "CVV"—a reference to the security code found on the back of credit cards—can reveal a whole host of groups that claim to offer email spamming tools, stolen payment card details, and other hacking services.
"In all, Talos has compiled a list of 74 groups on Facebook whose members promised to carry out an array of questionable cyber dirty deeds," Talos security researchers Jon Munshaw and Jaeson Schultz wrote in a blog post on Friday.
In total, the groups managed to attract 385,000 members, and used names such as "Spam Professional," "Hacker Professional," and "Buy Cvv." But despite the obvious names, some of the groups have remained on Facebook for up to eight years, the researchers said.
"Of course, once one or more of these groups has been joined, Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find," they added.
The problem isn't new. A year ago, security journalist Brian Krebs also documented how cybercriminals were using Facebook groups to promote their services. In response, Facebook shut down almost 120 private discussion groups. But clearly, the company has struggled to stop the activities for good. According to Talos, the shady Facebook groups returned only months later, using similar, if not identical, group names.
"Many of the activities on these pages are outright illegal," Talos security researchers said. "For example, we discovered several posts where users were selling credit card numbers and their accompanying CVVs, sometimes with identification documents or photos belonging to the victims."
In other cases, the groups were selling access to large email lists for spamming purposes, services to help criminals transfer large amounts of cash, and offers to help people create fake IDs.
"It's unclear based on these groups how successful or legitimate some of the users are. There are often complaints posted by group members who have been scammed by other group members," the security researchers added. However, Talos did uncover some legit hacking services through the Facebook groups. One such seller was offering a spam service that could bombard inboxes with fake Apple support emails. Talos later detected the same spam emails trying to phish victims for their Apple login information.
In response to the report, Facebook told PCMag it has shut down all 74 groups, and has been removing any pages, other groups and user accounts affiliated with them. "We know we need to be more vigilant and we're investing heavily to fight this type of activity," said a company spokesperson, noting that Facebook now has a team of 30,000 people devoted to safety and security.
Cisco's findings come as Facebook has been facing criticism for allegedly doing too little to stop fake news, hate speech and conspiracy theories from circulating on the social network. Cisco said it first tried to take down the groups through Facebook's own abuse reporting system, but in some cases the social network decided to only remove certain posts from the groups, not shut them down entirely.
"Eventually, through contact with Facebook's security team, the majority of malicious groups was quickly taken down, however new groups continue to pop up, and some are still active as of the date of publishing," the researchers said.