Hacking tools, stolen credit cards advertised on Facebook groups

Since its earliest days, Facebook has emphasised its commitment to keeping its platform safe. When sporadic reports of criminality on Facebook have emerged in the media, the company has usually expressed its commitment to working with law enforcement to bring any alleged perpetrators to justice. — AFP

One user offered hacking services, both ethical and not. Another claimed to be able to change school grades. And several others peddled stolen credit cards and IDs.

Such illegal products and services have long been offered on the dark web, a murky section of the Internet that’s populated with illicit forums. But these offers were being made on Facebook, despite repeated efforts by the social media giant to curb illegal behaviour on its site.

A Bloomberg News analysis found more than 45 groups and pages – with more than one million combined members – where the spoils of cyber crimes and the tools needed to carry them out were offered for sale. Some of the sites were revealed by Facebook’s own discovery mechanism, which recommends groups based on those who have already joined, but Bloomberg discovered others through keyword searches and referrals from other groups.

Among the most common were hacking-for-hire services, with 11 of the groups and pages specifically dedicated to facilitating the practice, including three with more than 100,000 members. Those groups averaged between 12,000 and 18,000 posts per month, according to data from the Facebook-owned analytics platform CrowdTangle. One tool, listed on a group called Hacker Hub, promises to deliver credentials for popular social media sites and victims’ financial information.

Alexander Leslie, a researcher at the threat intelligence firm Recorded Future Inc, said the volume of illicit offers on Facebook "way, way overshadows what we see on the dark web in other forums that deal with similar content.”

While hardly definitive given Facebook’s massive size, the Bloomberg analysis indicates the social media platform’s efforts to stop illicit behaviour haven’t kept pace. The company now known as Meta Platforms Inc removed the content in question when reached by Bloomberg News.

"We take significant steps to stop criminal activity on our platforms and have removed this content,” a spokesperson said via email. "We invest heavily in technology to tackle illegal content and we encourage people to report activity like this to us and the police, so we can take action.”

Since its earliest days, Facebook has emphasised its commitment to keeping its platform safe. When sporadic reports of criminality on Facebook have emerged in the media, the company has usually expressed its commitment to working with law enforcement to bring any alleged perpetrators to justice.

Under Meta’s community standards, users are banned from trying to gain access to Facebook accounts "through deceptive means or without explicit permission from the account” and they are not supposed to "sell, buy or exchange site privileges.” Credit card fraud, counterfeit currency and money laundering are among the many crimes that are specifically prohibited in the fraud and deception section of the company’s rules.

When specific examples have been brought to its attention, the company has usually acted swiftly in addressing the offending content. Facebook’s security staff quickly removed similar groups and pages brought to their attention in the past, by cybersecurity journalist Brian Krebs in 2018 and in 2019 by researchers at Cisco Talos. The groups uncovered by Bloomberg News were created after Cisco Talos and Krebs published their research.

In a recent interview with Bloomberg News, Jason Schultz, one of two researchers behind the work at Cisco Talos, said he wasn’t surprised to learn that hacking tools again were for advertised for sale.

"The unfortunate thing is that Facebook relies on other users to report this content,” Schultz said. "Now from the standpoint of an illegal group that is operating inside of Facebook, obviously none of these people are going to self-report other people in the group.”

In one public hacking group, simply called Programmers and Hackers, a user stated that they were open to ethical and non-ethical activity. Members promised WhatsApp and Telegram hacking "via cloning, spoofing, remote exploit and server penetration.” Such services would theoretically allow a potential buyer to gain access to otherwise protected messages on the two apps.

In another post to the same group, a different user advertised ATM hacks, online record changes and the ability to change school grades. In this case, like many others, interested customers were directed off Facebook to place orders. They were asked to message a UK number on WhatsApp, while others were asked to use email, Telegram and other services moderated less than Facebook.

Bloomberg also found 15 groups that promised to provide cloned credit and debit cards, as well as stolen identification documents, among other nefarious services.

In several posts, CCs, as cloned cards are often abbreviated, loaded with US$4000 (RM18,952) were going for as little as US$350 (RM1,658). Cloned cards are copies of credit or debit cards made without the owner’s permission. The copies are often obtained through "skimming,” or the unauthorised insertion of scanners into ATMs or gas station pumps.

Both customers and vendors often take steps to protect themselves when participating in the illicit marketplaces on Facebook. Much like the dark web proper, transactions are usually conducted either via direct message or on a third-party messaging app, in part to avoid being busted in an undercover sting.

"Every cybercriminal in general cares about their operational security,” said Leslie, of Recorded Future. "They don’t want to be engaging with a researcher, law enforcement or intelligence official on Facebook directly.”

Often, customers say that they will only pay for services upon delivery. Some hackers, in an apparent attempt to demonstrate their legitimacy, include this condition in their own posts, saying that they will happily accept payment after a task has been completed.

Such offers however were often limited to the seemingly less credible posts, with one example, from a member of a group called Word Hackers Group, advertising Gmail hacking "in just 2-4 minutes,” while noting that payment would be after work. Like many similar offers, no other conditions would be given.

Bloomberg News has not verified the authenticity of the offers seen in these groups. Complaints that hacking services or stolen credit cards weren’t delivered as promised were common. In posts to a number of different groups, users complained of being scammed multiple times and even attempted to identify the alleged perpetrators.

A number of posts even attempted to use it as a marketing tactic, with several users offering up the "only trustworthy hacker I know” as the antidote to people’s previous misfortune. The rest of the Facebook groups may be full of scams and con artists, but their recommendations were always the real deal.

As one user wrote, they were "legit and trusted and reliable.” – Bloomberg

Follow us on our official WhatsApp channel for breaking news alerts and key updates!

Next In Tech News

Exclusive-Amazon in talks with Italy to invest billions of euros in cloud plan, sources say
Kind South Korean students return lost credit card in ingenious way, but they might have broken the law
EVs and hybrids are twice as likely to hit pedestrians as gas cars, study shows�
Easyjet, eyeing record summer, boosts nerve centre with AI
NYPD to use drones to aid swimmers in trouble at city beaches amid lifeguard shortage
At least two victims lose RM254,000 to scammers posing as officers from SG Anti-Scam Centre
A cop gave Fresno man a jaywalking ticket. Then came ‘cyber campaign of hate and revenge’
Private-hire driver in S’pore took passenger’s laptop and reset it, erasing all her work data
Vishing meets AI: The changing nature of phishing threats
Elon Musk's xAI valued at $24 billion after fresh funding

Others Also Read