A year later, cybercrime groups still on Facebook – Krebs on Security

Almost exactly a year ago, KrebsOnSecurity reported that in less than two hours of research, more than 100 Facebook groups, with some 300,000 members, openly announced services to support all types of cybercrime, including spam, credit card fraud and theft of identity. Facebook responded by removing these groups. Last week, a similar badysis resulted in the removal of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.

Researchers at Cisco Talos discovered that the groups were using the same sophisticated methods as last year – by searching Facebook.com for unambiguous fraud-related terms such as "spam" and "phishing". Talos said most groups were less than a year old. and that Facebook has deleted the groups after being notified by Cisco.

Talos also reiterated my findings that Facebook was still unaware of reports of individual abuse of groups allegedly violating its "community norms," ​​which specifically prohibit the types of activities practiced by groups reported by Talos.

"Talos first tried to delete these groups individually via Facebook's abuse reporting feature," the researchers found. "While some groups were deleted immediately, other groups were only deleted from specific messages."

But Facebook deleted all offending groups after the researchers announced to Facebook's security team that they would publish their findings. That's exactly what I experienced a year ago.

Shortly after Facebook removed most of the 120 cybercrime groups that I reported in April 2018, many groups began to reappear elsewhere on the social network, under similar names, with the same members.

Instead of reporting these emerging groups directly to members of Facebook's public relations arm (something most mere mortals can not do), KrebsOnSecurity has decided to report repeat offenders via Facebook's abuse reporting procedures.

What did we find? KrebsOnSecurity received a series of responses stating that Facebook had reviewed my reports but that none of the groups had violated its standards. KrebsOnSecurity then discovered that reporting abusive Facebook groups to a quarter of a million followers on Twitter was the fastest way to make them disabled.

How else have Facebook's public statements about its alleged commitment to security and privacy been undermined by annoying facts in recent weeks?

• KrebsOnSecurity announced that Facebook developers had written applications storing between 200 and 600 million Facebook user pbadwords in plain text. These unencrypted pbadwords have been indexed by Facebook's data centers and have been viewable for years by more than 20,000 Facebook employees.
• It turned out that Facebook's new account registration page urged users provide the pbadword to their email account so that Facebook can collect contact details and who knows what else. Yes, it's true: Facebook is asking new users to share their email pbadword, despite decades of consumer warning, which is exactly what phishers do.
• Cybersecurity company UpGuard discovered two sources of unprotected Facebook user data on Amazon's servers, exposing hundreds of millions of user records, including their names, pbadwords, comments, hobbies, and more.
• Facebook allows marketers and others to search for users via a phone number, even when that phone number has been provided solely for multi-factor authentication purposes.

Again, the old adage applies: if you do not really know how you are the customer in a given online relationship, it's probably because you better describe the product sold to others.

I've long since stopped providing personal information via a Facebook account. But for me, there are probably three big reasons why I'm still on Facebook.

For better or for worse, many sources choose to share important information in this way. In addition, Facebook is sometimes the fastest way to find a potential source and attract their attention.

Secondly, many people unfortunately continue to receive much of their news from Facebook and prefer to be informed of this news.

Finally, I have to periodically check a new privacy disclosure or a security flaw developed by Facebook.

I would probably never delete my Facebook account, for the same reason that I would not voluntarily delete my accounts from various cybercrime forums: For my part, the potential benefits of being there outweigh the potential risks. Again, I'm probably far from your typical Facebook (ab) user.

But what about you, dear reader? How is your cost / benefit badysis broken down on Facebook? Recent or recent Facebook scandals have they caused you to delete your account or strongly restrict the type of information you store on the social network or make available to other people? Sound off in the comments below.

Tags: Cisco Talos, anti-cybercrime groups, Facebook, privacy, security, UpGuard