Over and over again, researchers have documented easily found groups of hackers and scammers offering their services on Facebook pages. Researchers at Cisco Talos just documented this again:
In all, Talos has compiled a list of 74 groups on Facebook whose members promised to carry out an array of questionable cyber dirty deeds, including the selling and trading of stolen bank/credit card information, the theft and sale of account credentials from a variety of sites, and email spamming tools and services. In total, these groups had approximately 385,000 members.
These Facebook groups are quite easy to locate for anyone possessing a Facebook account. A simple search for groups containing keywords such as “spam,” “carding,” or “CVV” will typically return multiple results. Of course, once one or more of these groups has been joined, Facebook’s own algorithms will often suggest similar groups, making new criminal hangouts even easier to find.
Hiding in Plain Sight
They aren’t even hiding, and Facebook’s automated systems helpfully suggest other criminals you might also like. This is a serious problem for all big online communities. YouTube recently had to deal with disgusting child exploitation issues that its algorithms helped create as well.
Most services complain that it is hard to stamp out destructive behavior. (But see Pinterest.) Yet when their own algorithms are grouping and recommending similar content, it seems that automatically addressing this is well within their technical capabilities. Criminal services should not be openly advertised on Facebook. But apparently there’s no incentive to do anything about it. Cue the regulators.