Cisco Found Dozens of Cyber Crime Groups With 385,000 Members on Facebook

Published on: April 06th, 2019

Facebook is a place to catch up with your friends, stay in touch with family and find hundreds of thousands of cyber criminals for hire. That last one is according to Cisco Talos, the networking giant’s threat intelligence group, which today detailed how the social network serves as a forum for digital ne’er-do-wells.

In a blog post, Talos company said it found 74 groups devoted to cyber crime with a collective total of 385,000 members. Some of the groups were active for up to eight years, Talos said, and many sported obvious names like “Facebook hack (phishing)” or “Spammer and Hacker Professional.” Welcome to the cyber criminal not-so-underground.

There is a certain degree of inevitability when it comes to Facebook’s platform being misused. It turns out that criminals need to socialize, too, and in some cases advertise their services. Having more than 2 billion users makes Facebook the ideal place to do both.

Talos said that it tried to get the groups it found taken down by using the social network’s “report abuse” tool. Some groups were closed; others merely had specific comments removed. When Talos reached out to Facebook’s security team, though, all of the groups were finally taken down. Not that bringing down these groups accomplished a whole lot in the long run. Similar groups were formed after the initial batch were shuttered, and we suspect that pattern would continue as long as Facebook’s approach resembles Whac-a-Mole. Bopping them just makes ‘em pop back up later.

This problem isn’t exclusive to cyber crime. Facebook’s platforms (Facebook, Messenger, Instagram and WhatsApp) have long been used to sell drugs, guns and illegal services. The company moderates them, sure, but more of them continue appearing. It makes sense for that problem to extend from selling pot and .22s to phishing services and stolen credit cards.

Here’s what Talos thinks we should do about that:

“To combat these motivated adversaries, we need to work together. Social media platforms should continue their efforts, both manual and automated, aimed at identifying and removing malicious groups. Security teams and vendors must work together to actively share information, take action and inform our customers. Businesses need to be diligent about their protection and cyber hygiene efforts. And finally, consumers need to become as informed and skeptical as possible. Attacks like spam prey on the individual as an entry point.”

The company also advised individual users to continue using the “report” button on Facebook. Because that worked out so well when Talos did it, right?