Cybercriminals Leveraging Facebook is the title of a research

Jul 15, 2013, 11:30 am EST

Cybercriminals Leveraging Facebook is the title of a research that provided evidence that criminal organizations are exploiting Facebook for illegal activities.

Cybercriminals Leveraging Facebook, this is the title of an interesting research conducted by Eric Feinberg, Ian Malloy and Frank Angiolelli that provided evidence of the existence of highly organized criminal networks that are exploiting the popular social network for illegal activities.

Malicious actors and cybercriminals are now leveraging social media as a mass distribution system for advertising counterfeit consumer goods through Facebook and infecting computers to become part of a botnet, or ring of malicious acting computers operating through a remote mechanism.

This activity is trafficking in goods using counterfeit trademarks, leveraging insecure transport for Personally Identifiable Information and utilizing dubious payment processors. The activity is growing to include money mule recruitment and “loan origination” as well as operating under a Chinese and Russian Business Network banner.

The scopes of the fraud described in the “Cybercriminals Leveraging Facebook” report are various, following a list of most common

  • Counterfeit merchandise
  • Payday Loans
  • Facebook sites with redirectors
  • Suspected Money Mule Recruitment
  • Counterfeit NFL Jerseys
  • The installation of remote control capabilities, i.e. a zombie computer or ‘bot’

The “Cybercriminals Leveraging Facebook” study laid out evidence that this “system” appears highly organized including creation, masking and distribution system utilizing a definable pattern of replication. These actors are exploiting weaknesses in Facebook API to expose mass numbers of unsuspecting citizens to counterfeit merchandise advertisements per fake profiles.  The mechanism by which the malicious actors are intruding and avoiding detection is through the use of Facebook’s graph API.

In addition, these actors are creating advertisements which are using Facebook’s ad distribution to present their sites across thousands of groups, more specifically fan pages related to professional sports.

The “Cybercriminals Leveraging Facebook” paper documented the organized and distributed network these actors are using, the clearly identifiable patterns and the need for a detection mechanism, following main techniques discussed in the analysis:

Fake User Profiles – These malicious actors are creating Facebook profiles using fictitious names and a methodology following a distinctive pattern. The actors are creating profiles using the most basic settings and mass joining public groups. The number of groups joined ranges from approximately 100 to 400+ per profile and in virtually all cases; the user has never posted anything on their timeline. Using these groups, the “advertisement” posts reach upwards of 300,000 people per fake profile.


The Posts for Counterfeit Merchandise – Once the account is created, it joins hundreds of groups and posts ads. The pattern for the posts these fake profiles are proliferating consist primarily of a sales pitch, a website link containing various domains primarily made up from .tk websites without canonical references followed by a picture of the supposed merchandise to be sold.

Using the Russian Business Network as an Intermediary – These actors are using Russian Business Network IP addresses as intermediaries to host the .tk redirectors. This technique is being used as an evasion tactic to prevent easy discovery and blocking of the offending counterfeit merchandise website.

Image 1

Mass Redirection Using .tk Websites – The actors create multiple redirectors hosted on the same IP address over time

The researchers proved that cybercriminals adopted method of replication being used here is replicated over multiple domains, with multiple redirectors. They also identified the pattern followed by the counterfeit merchandise websites despite they use to rotate domain, hosting, registrar and geo-location, distinct patterns exist across all the websites being distributed centered primarily against the actual content.

FoeI suggest the reading of the interesting white paper….

(Source: CDM, Pierluigi Paganini, Editor and Chief )

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.


10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase