Hacking tools, stolen credit cards advertised on Facebook groups

One user offered hacking services, both ethical and not.
Another claimed to be able to change school grades. And several others peddled stolen credit cards and IDs.

Such illegal products and services have long been offered on the dark web, a murky section of the internet that's populated with illicit forums. But these offers were being made on Facebook, despite repeated efforts by the social media giant to curb illegal behavior on its site.

hackers hacking computer cybersecurity
Victor J. Blue/Photographer: Victor J. Blue/Blo

A Bloomberg News analysis found more than 45 groups and pages — with more than 1 million combined members — where the spoils of cyber crimes and the tools needed to carry them out were offered for sale. Some of the sites were revealed by Facebook's own discovery mechanism, which recommends groups based on those who have already joined, but Bloomberg discovered others through keyword searches and referrals from other groups.

Among the most common were hacking-for-hire services, with 11 of the groups and pages specifically dedicated to facilitating the practice, including three with more than 100,000 members. Those groups averaged between 12,000 and 18,000 posts per month, according to data from the Facebook-owned analytics platform CrowdTangle. One tool, listed on a group called Hacker Hub, promises to deliver credentials for popular social media sites and victims' financial information.

Alexander Leslie, a researcher at the threat intelligence firm Recorded Future, said the volume of illicit offers on Facebook "way, way overshadows what we see on the dark web in other forums that deal with similar content."

While hardly definitive given Facebook's massive size, the Bloomberg analysis indicates the social media platform's efforts to stop illicit behavior haven't kept pace. The company now known as Meta Platforms removed the content in question when reached by Bloomberg News.

"We take significant steps to stop criminal activity on our platforms and have removed this content," a spokesperson said via email. "We invest heavily in technology to tackle illegal content and we encourage people to report activity like this to us and the police, so we can take action."

Since its earliest days, Facebook has emphasized its commitment to keeping its platform safe. When sporadic reports of criminality on Facebook have emerged in the media, the company has usually expressed its commitment to working with law enforcement to bring any alleged perpetrators to justice.

Under Meta's community standards, users are banned from trying to gain access to Facebook accounts "through deceptive means or without explicit permission from the account" and they are not supposed to "sell, buy or exchange site privileges."

Credit card fraud, counterfeit currency and money laundering are among the many crimes that are specifically prohibited in the fraud and deception section of the company's rules.

When specific examples have been brought to its attention, the company has usually acted swiftly in addressing the offending content. Facebook's security staff quickly removed similar groups and pages brought to their attention in the past, by cybersecurity journalist Brian Krebs in 2018 and in 2019 by researchers at Cisco Talos. The groups uncovered by Bloomberg News were created after Cisco Talos and Krebs published their research.

In a recent interview with Bloomberg News, Jason Schultz, one of two researchers behind the work at Cisco Talos, said he wasn't surprised to learn that hacking tools again were for advertised for sale.

"The unfortunate thing is that Facebook relies on other users to report this content," Schultz said. "Now from the standpoint of an illegal group that is operating inside of Facebook, obviously none of these people are going to self-report other people in the group."

In one public hacking group, simply called Programmers and Hackers, a user stated that they were open to ethical and non-ethical activity. Members promised WhatsApp and Telegram hacking "via cloning, spoofing, remote exploit and server penetration." Such services would theoretically allow a potential buyer to gain access to otherwise protected messages on the two apps.

In another post to the same group, a different user advertised ATM hacks, online record changes and the ability to change school grades. In this case, like many others, interested customers were directed off Facebook to place orders. They were asked to message a U.K. number on WhatsApp, while others were asked to use email, Telegram and other services moderated less than Facebook.

Bloomberg also found 15 groups that promised to provide cloned credit and debit cards, as well as stolen identification documents, among other nefarious services.

In several posts, CCs, as cloned cards are often abbreviated, loaded with $4000 were going for as little as $350. Cloned cards are copies of credit or debit cards made without the owner's permission. The copies are often obtained through "skimming," or the unauthorized insertion of scanners into ATMs or gas station pumps.

Both customers and vendors often take steps to protect themselves when participating in the illicit marketplaces on Facebook. Much like the dark web proper, transactions are usually conducted either via direct message or on a third-party messaging app, in part to avoid being busted in an undercover sting.

"Every cybercriminal in general cares about their operational security," said Leslie, of Recorded Future. "They don't want to be engaging with a researcher, law enforcement or intelligence official on Facebook directly."

Often, customers say that they will only pay for services upon delivery. Some hackers, in an apparent attempt to demonstrate their legitimacy, include this condition in their own posts, saying that they will happily accept payment after a task has been completed.

Such offers however were often limited to the seemingly less credible posts, with one example, from a member of a group called Word Hackers Group, advertising Gmail hacking "in just 2-4 minutes," while noting that payment would be after work. Like many similar offers, no other conditions would be given.

Bloomberg News has not verified the authenticity of the offers seen in these groups. Complaints that hacking services or stolen credit cards weren't delivered as promised were commonIn posts to a number of different groups, users complained of being scammed multiple times and even attempted to identify the alleged perpetrators.

A number of posts even attempted to use it as a marketing tactic, with several users offering up the "only trustworthy hacker I know" as the antidote to people's previous misfortune. The rest of the Facebook groups may be full of scams and con artists, but their recommendations were always the real deal.

As one user wrote, they were "legit and trusted and reliable."

Bloomberg News
Fraud Credit cards Cyber security Social media
MORE FROM AMERICAN BANKER