Last week, Facebook kicked out nearly 120 cyber crime groups whose 300,000 members, according to noted security researcher KrebsOnSecurity, actively indulged in “spamming, wire fraud, account takeovers, phony tax refunds, 419 scams, denial-of-service attack-for-hire services and botnet creation tools”.
The move could be seen as part of sweeping changes Facebook has initiated to win back the trust of millions of users across the world, especially after it became clear that data analytics firms could easily employ sophisticated techniques to harvest personal data of millions of users without obtaining prior consent.
The culling of the nearly 120 cyber crime groups took place after KrebsOnSecurity handed over a list of such groups to Facebook on 12th April. “My research centered on groups whose singular focus was promoting all manner of cyber fraud, but most especially those engaged in identity theft, spamming, account takeovers and credit card fraud,” he said.
“Virtually all of these groups advertised their intent by stating well-known terms of fraud in their group names, such as “botnet helpdesk,” “spamming,” “carding” (referring to credit card fraud), “DDoS” (distributed denial-of-service attacks), “tax refund fraud,” and account takeovers.”
According to him, a majority of the banned groups were engaged in the use and sale of stolen debit and credit cards, and a significant percentage of them also facilitated account takeovers by either mass-hacking email addresses and passwords or breaching online banking services.
“We thank Mr. Krebs for bringing these groups to our attention, we removed them as soon as we investigated. We investigated these groups as soon as we were aware of the report, and once we confirmed that they violated our Community Standards, we disabled them and removed the group admins,” said Pete Voss, Facebook’s communications director.
“We encourage our community to report anything they see that they don’t think should be in Facebook, so we can take swift action.
“As technology improves, we will continue to look carefully at other ways to use automation. Of course, a lot of the work we do is very contextual, such as determining whether a particular comment is hateful or bullying. That’s why we have real people looking at those reports and making the decisions,” he added.
A lot more work needs to be done
KrebsOnSecurity said that even though the banned groups were quite active and openly traded cyber crime tools on Facebook, their eviction from Facebook hasn’t really hurt the cyber crime industry.
“There may well be hundreds or thousands of other groups who openly promote fraud as their purpose of membership but which achieve greater stealth by masking their intent with variations on or misspellings of different cyber fraud slang terms,” he said.
Earlier this month, a Sunday Telegraph investigation revealed that Facebook or Twitter accounts of millions of unsuspecting users were hacked into and traded between cyber criminals for as little as £1 per account. First, the criminals obtained such account details from recent data breaches, then used such information to log into accounts, changed their passwords, and obtained additional details like contact lists, phone numbers, dates of birth and photos.
“You can buy 1,000 accounts and connect them all to each other, then drop a story into the internet relating to what you know the people you’re trying to reach respond to. You get the 1,000 accounts to all retweet that post. Suddenly you have a story which has 1,000 shares,” an expert told the Sunday Telegraph.