Hackers Advertise Stolen Personal Data On Facebook

Uploaded on 2018-04-26 in NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY-Key Areas-Social Media

Criminals are using hundreds of groups on Facebook to advertise stolen credit card details, cyber-attacks and logins for hacked Amazon and Netflix accounts.

Brian Krebs, a security researcher, identified nearly 120 groups apparently dedicated to fraud, hacking and money laundering, activities normally associated with the “dark web”. The groups had more than 300,000 members and had been on Facebook for an average of two years, although some had been active for nine years.

Most of the groups advertised their intent by using terms associated with criminal activity in their names, such as “carding” (credit card fraud), “tax refund fraud”, “account takeovers” and DDoS (distributed denial of service attack), a form of cyber-attack.

Facebook has previously been criticised for hosting terrorist content and forums for paedophiles. Critics say that the company should use the same artificial intelligence tools it uses to screen for child abusers to identify other posts that promote illegal acts.

The biggest category of groups identified by Mr Krebs promoted the sale of stolen credit and debit card details.

The next largest offered automated methods for accessing user accounts of services such as Amazon, Netflix and PayPal using logins for other websites obtained from previous data breaches.

Facebook took down the groups after they were reported by Mr Krebs as a security researcher. When he previously reported them anonymously, however, the company said that they did not break its rules.
 
A member of one group advertised fraudulent websites for HMRC and UK banks that scammers could use to steal account details.

The groups identified by Mr Krebs were private groups, meaning members must be approved by moderators. However, some groups advertising the same services are public.

Yvette Cooper, chairwoman of the UK Parliamentary Home Affairs select committee, said: “This is yet more troubling evidence that social media companies like Facebook are not doing nearly enough to deal with illegal activity on their platforms.” She said that the committee would look at the issue as part of its inquiry into online crime and safety.

Facebook’s community standards prohibit the promotion or sale of illegal goods or services. The company said that once violations were reported its teams would review and remove the offending groups or posts. A spokesman added: “As technology improves, we will continue to look carefully at other ways to use automation.”

The Times

You Might Also Read:

Eight Reasons Why Facebook Has Peaked:

Millions Of Compromised Accounts Discovered On The Dark Web:

 

« DNA Data Storage Moves Closer To Becoming Reality
Cambridge Analytica Planned To Issue Digital Currency »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

INSUREtrust

INSUREtrust

INSUREtrust is a pioneer in the industry, inventing the concept of cyber insurance.

Nohau

Nohau

Nohau provide services for safe and secure embedded software development.

Akheros

Akheros

Akheros develops cybersecurity learning algorithms which anticipate, detect and prevent offensive and incongruous behaviors of M2M interactions.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

Forensic Pathways

Forensic Pathways

Forensic Pathways focus on the provision of digital forensic technologies, offering clients unique technologies in the management of mobile phone data, image analysis and ballistics analysis.

National Cybersecurity Society (NCSS)

National Cybersecurity Society (NCSS)

The National Cybersecurity Society is a non-profit organization focused on providing cybersecurity education, awareness and advocacy to small businesses.

ProSearch Partners

ProSearch Partners

ProSearch Partners are national talent acquisition specialists exclusively focussing on Technology and Digital talent including Cybersecurity, Data Analytics and Execs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Security Management Partners (SMP)

Security Management Partners (SMP)

Security Management Partners (SMP) is a trusted partner to financial services, healthcare and businesses that need to manage their information, securely.

Centraleyes

Centraleyes

Centraleyes (formerly CyGov) is a cutting-edge integrated cyber risk management platform that gives organizations unparalleled understanding of their cyber risk and compliance.

Gray Analytics

Gray Analytics

Gray Analytics is a Cybersecurity Risk Management company providing best-practice services across a broad spectrum of cyber scenarios for both government and commercial customers.

Vizius Group

Vizius Group

The Vizius Group are a think tank of cybersecurity consultants who understand the mechanics and business value of risk reduction.

MedSec

MedSec

MedSec is the only company of its type focused solely on cybersecurity for hospitals and medical device manufacturers, offering both a cybersecurity software solution and consulting services.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Trojan Horse Security

Trojan Horse Security

Trojan Horse Security are specialists in corporate security. Our services include: Comprehensive Cyber Security Analysis, Penetration Testing, Network Security and Security Audits.

Buzz Cybersecurity

Buzz Cybersecurity

Buzz Cybersecurity systems and services are designed to proactively guard against common and uncommon cyber threats.