Facebook discovered and shut down 74 groups offering goods and services for cybercriminals

[Brother]

Cisco Talos experts discovered 74 cybercriminal groups on Facebook, totaling 385,000 people. It was not difficult to find such groups on the social network, given their telling names: Spam Professional, Spammer & Hacker Professional, Buy Cvv On THIS SHOP PAYMENT BY BTC, Facebook hack (Phishing). Moreover, if a user joined one such group, the helpful algorithms of the social network began to advise him to other groups of similar topics.

The content of such groups is practically in no way inferior to hacker forums and marketplaces on the darknet: they sell and buy credentials, phishing tools, information about bank cards, fake documents, spammer services, offer assistance in moving large sums of money, sell ready-made fake accounts in various companies and institutions (including government), and so on.

At first, the Cisco Talos researchers tried to report their findings through a standardized rule-breaking reporting form, but only a few groups were blocked in this way. As a result, experts were forced to contact Facebook representatives directly, after which they managed to block most of the groups. Nevertheless, experts warn that not all "hacker sites" have been blocked, and that new ones immediately appear in the place of those that have sunk into oblivion.

It is worth noting that this is far from the first time that information security researchers have paid attention to cybercriminal activity on Facebook. So, in the spring of 2018, well-known journalist and researcher Brian Krebs exposed and succeeded in removing almost 120 of the same private groups, with about 300,000 subscribers.

Cisco Talos believes that Facebook needs to tackle this activity, not just relying on signals of abuse and abuse from users. According to experts, the company needs proactive protection, preventing such groups from emerging in principle.

 

[Brother]

Employees were not told where the audio data was recorded or how it was obtained.

Facebook paid hundreds of third-party contractors to transcribe audio recordings from users of its services. This was reported to Bloomberg by employees who wished to remain anonymous.

The hired employees were not told where the audio data was recorded or how it was obtained, the source said. They transcribed the conversations of Facebook users, which included swear words, but did not know why Facebook needed it.

A Facebook spokesman confirmed the wiretapping and indicated that the decryption of messages was stopped more than a week ago. The contractors hired checked whether Facebook's artificial intelligence interpreted the anonymized messages correctly.

The incident only affected users who agreed to eavesdrop on Facebook's Messenger app, the company said. However, users were not warned about the possibility of listening to audio data by third parties, the publication notes.

Facebook isn't alone in being caught engaging in this kind of secret activity. In April of this year, it became known that Amazon has hired thousands of employees to wiretap users' conversations with the voice assistant Alexa. And in July, Apple was already caught in secret wiretapping when secretly hired employees transcribed Siri voice commands in different languages.

 

[Tomcat]

AI from Facebook allows you to trick facial recognition systems​

Artificial intelligence experts from Facebook have developed a system to "de-identify" users in real time. Early testing suggests that AI is able to bypass modern facial recognition systems. The developed method slightly distorts the person's face in such a way as to confuse the face recognition systems, while allowing other users to recognize the person.

“Face recognition can lead to a loss of privacy, and this face swap technology can be used to create misleading videos. Recent developments in the advancement and abuse of facial recognition technology raise the need to understand techniques that successfully deal with de-identification, ”reads the document describing the technology.

Facebook's approach combines an adversarial autoencoder and a classifier network. Similar to Deepfake's face-swapping software, AI uses an encoder-decoder architecture to generate both mask and image. The system generates distorted and undistorted images of a person's face that can be embedded in a video.
Facebook currently has no plans to use this technology in any of its applications. The company intends to present the medot at the International Conference on Computer Vision in Seoul, South Korea.

 

[Tomcat]

Facebook resorted to hacking to help catch the criminal​

Facebook paid a cybersecurity firm to develop a hacking tool. Thus, the social network decided to help the FBI expose a California criminal who has repeatedly stalked girls on the social network Facebook, Motherboard reported.

Facebook has tracked Buster Hernandez for years. The perpetrator used the secure operating system Tails, hid his real IP address and continued to stalk his victims using chats, email and Facebook. The company decided to help the FBI hack Hernandez's account in order to gather evidence that would allow him to be arrested.
The Facebook security team worked with a third-party cybersecurity firm to develop a hacking tool to exploit a vulnerability in the Tails video player. The exploitation of the vulnerability made it possible to find out the real IP address of the person watching the video. The FBI used this tool to send a video clip to Hernandez, which allowed the agency to collect evidence for the arrest. In February, Hernandez pleaded guilty to 41 counts.

According to Facebook employees, this was the first and only time that the company helped law enforcement agencies pursue a criminal using such methods. As noted by the publication, Facebook did not disclose details of the hack to the Tails development team.