Facebook crime forums existed unchallenged for up to nine years

Graham Cluley

Facebook crime forums existed unchallenged for up to nine years

Facebook crime forums existed unchallenge for up to nine years

More and more companies are trying to scare the willies out of Joe User about their personal information possibly being traded on the “dark web”.

Hmm. The truth is that, more often than not, you don’t have to go as far as the dark web to find users’ identities and personal information. Often personal data is being shared in broad daylight. Perhaps it has even been openly traded on Facebook… for years.

Cybersecurity blogger Brian Krebs spent just a couple of hours last week hunting for the Facebook forums used by fraudsters, and what he discovered is alarming.

With no special tools, and just Facebook’s rudimentary search facility, Krebs uncovered over 100 forums that have been engaged in identify theft, credit card fraud, spamming, and denial-of-service attacks.

Virtually all the groups made no special effort to hide the criminal activity they were engaged in, openly advertising what they were about in their group names.

In total, Krebs counted more than 300,000 members of these groups – a staggering figure even if you consider that there was likely to be some overlaps in membership. And approximately ten percent of the groups had been active on Facebook for more four years (some had existed as long as *nine* years) without apparently being on the receiving end of any hassle from Facebook itself.

Krebs tipped off Facebook, who quickly shut down the pages. But why wasn’t something done sooner by Facebook itself?

The problem is that Facebook doesn’t care. Although it’s quite capable of writing code that might detect some of these suspicious groups and report them to its security teams (after all, it seems to have no trouble building far more complicated facial recognition code when it suits them) it would prefer to leave it to Facebook users to police the site for them.

It’s down to Joe User to report any groups that might be in breach of Facebook’s community standards.

Brian Krebs only spent a couple of hours looking for Facebook groups engaged in criminal activity, and he limited himself to English-speaking forums and groups with more than 25 members.

There will be more offending Facebook groups out there, but Facebook is waiting for people like you to tell them about it.

The fact that these groups existed unchallenged for up to nine years suggests that Facebook is simply not interested in proactively hunting for them itself.

Maybe you shouldn’t worry quite so much about the dark web, and concern yourself more about the regular web instead.

You can hear more discussion about this topic, and much more besides, in this episode of the “Smashing Security” podcast:

Smashing Security #74:

Listen on Apple Podcasts | Google Podcasts | Other... | RSS
More episodes...

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

One Reply to “Facebook crime forums existed unchallenged for up to nine years”

  1. I have seen pages that sell fake goods & are click bait to gain likes. I have reported them & FB did absolutely NOTHING

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Never miss a thing. Sign up for the free GCHQ newsletter from Graham Cluley.
GET UPDATES