Facebook struggling to deal with cybercrime on its platform, researchers say

Facebook took down a batch of more than 70 groups dedicated to cybercrime after they were flagged by researchers, according to a report published Friday.  

Researchers at intelligence firm Cisco Talos tracked 74 cybercrime Facebook groups over the course of several months last year. Researchers Jon Munshaw and Jaeson Schultz in a post on Friday wrote that the groups frequently hosted "shady (at best) and illegal (at worst) activities," including selling stolen bank and credit card information, stealing account credentials from other websites, and promoting email spamming tools. 


Facebook confirmed that it took down the cybercrime groups after Talos reported them. 

"These Groups violated our policies against spam and financial fraud and we removed them," a Facebook spokesperson said. "We know we need to be more vigilant and we're investing heavily to fight this type of activity." 

Facebook reviewed the groups submitted by Talos and removed them once they determined they were violating Facebook's policies. 

The accounts who ran the groups have also been blocked and should be unable to create new groups. 

The Talos researchers found the groups through searches for simple cybercrime keywords including "spam," "carding" or "CVV." Once they joined those groups, they wrote, Facebook began recommending other hacking groups for them to join. 

"Facebook's own algorithms will often suggest similar groups, making new criminal hangouts even easier to find," they wrote.

The groups had hundreds of thousands of members, and some of them had been up for over eight years by the time Facebook took them down. Most of the groups were created last year, however.

The users who participated in the groups often did nothing to mask their criminal activity. "Selling CVV fresh," one user wrote, naming their price for credit card information. 

"Hello guys, is there any way of sending $800 to a US account without it being blocked?" another user posted, according to screenshots provided by the Talos researchers. 

Facebook in April 2018 took down dozens of groups used by hackers to offer services including stealing credit card information, wire fraud, tax fraud and cyberattacks. Facebook removed the groups after they were flagged by cybersecurity reporter Brian Krebs.

Munshaw and Schultz wrote that many of the groups identified by Talos had similar names to those previously identified by Krebs.

"Months later, though the specific groups identified by Krebs had been permanently disabled, Talos discovered a new set of groups, some having names remarkably similar, if not identical, to the groups reported on by Krebs," Munshaw and Schultz wrote on Friday. 

Facebook said it is continuing to investigate the accounts behind the cybercrime groups.

"The underlying computer algorithms that help us connect, suggesting new friends or networks, are not intelligent enough to distinguish benign activities from the unethical or outright illegal," the Talos researchers wrote. "So far, Facebook has apparently relied on these communities to police themselves, which for obvious reasons, these criminal communities are reticent to do." 

"As a consequence of this, a substantial number of cyber-scammers have continued to proliferate and profit from illegal activities," they wrote. 

NBC News on Friday morning identified more cybercrime groups with similar names, which Facebook promptly took down.