Unmasking Briansclub The Notorious Credit Card Stealers
One of the largest underground marketplaces for stolen credit card data was breached this week, leading to the release of over 26 million records. KrebsOnSecurity recently provided Gemini Advisory with access to the brians club database so they can monitor it to detect when new records become available for sale.
A Hub for Stolen Financial Data
BriansClub has established itself as the go-to site for stolen credit card data on the dark web, thanks to its irresistible draw for threat actors seeking financial gain through illicit means. While greed may motivate some to pursue legitimate paths to success, its allure often drives others down more illicit routes – something particularly true in cybercrime where illicit activity fueling wealth often has serious repercussions for both people and businesses globally.
BriansClub and similar criminal forums sell “dumps,” strings of ones and zeros that, once encoded onto something with a magnetic stripe the size of a credit card, can be used to purchase electronics, gift cards or other high-priced items at major retail stores. Dumps typically retail on criminal forums like BriansClub for $500 each – reflecting an estimate of how much was stolen from compromised cardholders; federal prosecutors who prosecute hacking cases that involve stolen credit cards will often assign each record sold on underground markets as sentencing consideration.
KrebsOnSecurity recently shared the stolen Briansclub database with Gemini Advisory, a New York-based firm which monitors carding shops and dark web marketplaces for newly available stolen credit and debit card records for sale; Gemini estimates that these cards posted by BriansClub represent just a portion of 87 million available cards already for sale on these markets.
The stolen Briansclub archive revealed that its proprietor regularly uploaded stolen credit and debit card data sets onto his site, according to research conducted by our firm. Furthermore, in addition to offering payment cards and stolen data sets such as Track1Generator and My Bins Lookup that allow criminals to trace geographical bank locations or specific card identification numbers (BINs) more precisely.
A Platform for Cybercriminal Enablement
Briansclub is one of the premier carding marketplaces on the dark web, known for offering unparalleled customer service and providing access to stolen credit cards, according to security experts. Additionally, it provides various services, such as validity checkers that reduce barriers to cybercrime by making fraud easier to commit.
Crimesters used to simply steal payment card data for fraud purposes; today’s threat actors typically specialize in specific aspects of carding. Some sift through point of sale systems in stores; others employ digital skimming devices or e-skimmer attacks that steal credit card data from online shopping websites; still others conduct large-scale cyberattacks that compromise an entire retail chain’s point of sale system.
Though these specialist groups differ from carders who sell stolen information on marketplaces, they all come together at dark web carding markets to purchase and resell data they’ve captured. Furthermore, these marketplaces provide an essential forum for buyer interaction during illicit transactions that make up this business model.
KrebsOnSecurity discovered that the BriansClub database shared with them contained 26 million stolen credit and debit cards uploaded for sale since 2015. Investigators working on this case claim these cards originated from hundreds (if not thousands) of compromised point-of-sale systems online as well as in physical locations.
As is still unclear, many of these stolen cards will still be valid when the database expires in October 2019; nonetheless, the data set highlights carding shops’ resilience against law enforcement efforts to shut them down.
Briansclub stands apart from other dark web marketplaces by specializing in selling stolen personal information, specifically SSN-DOB (Social Security Number and Date of Birth) listings that facilitate more sophisticated identity theft schemes. Running under Tor, an anonymized network that lets users browse the internet anonymously, BriansClub accepts cryptocurrency payments for payments; furthermore it remains active despite law enforcement agencies shutting down major carding marketplaces.
A Hub for Counterfeit Card Production
BriansClub serves as an important marketplace for the sale of stolen credit card data, tools, and services used for financial fraud and other crimes. Its cache of stolen financial data – such as cards with CVV2 codes or Fullz codes that protect them online – facilitates cybercrime across many sectors while fuelling an underground global marketplace that operates with little oversight or regulation.
Underground carding shops specialize in selling data culled from the magnetic stripes on legitimate payment cards to criminals for use in creating counterfeit payments that are then used in illegal transactions. Thieves typically gain these cards through hacking operations at point-of-sale terminals, ATMs or any point where payment cards are accepted; other individuals or “carding crews” purchase stolen cards from underground vendors like BriansClub or resellers to facilitate further illegal activities.
KrebsOnSecurity was provided with access to the BriansClub database by a source who revealed it, and discovered it sold 26 million credit and debit card records stolen from hacked online and brick-and-mortar businesses over four years, generating hundreds of millions in illicit profits for both BriansClub’s operators and resellers.
BriansClub and other underground carding sites make a fortune on stolen data trove, as cards usually don’t expire for quite some time – giving criminals ample opportunity to cash them in for cash and goods while collecting hefty transaction fees called “interchange” from banks that issued cards.
Though this underground market offers tremendous profit potential, many smaller financial institutions remain reluctant to bear the costs associated with issuing new cards to those compromised in data breaches or by fraudulent activity – leading to more cards falling victim to cybercrime and leaving consumers without an option for paying goods and services.
BriansClub provides more than carding products and services; it also offers numerous tools and services designed to facilitate illegal card processing, such as malware, software for creating fake card details, as well as printing physical counterfeit cards. With such an array of cybercrime tools at its disposal, this underground shop has quickly risen in prominence among criminals worldwide.
A Hub for Identity Theft
Briansclub’s ease of access and criminal enabling features make it an attractive target for threat actors looking for stolen financial data to commit unauthorized transactions, credit card fraud and identity theft. Tools like 0check and LuxChecker help facilitate illegal purchases by validating stolen data for a nominal fee; additionally, Briansclub provides several services that enable cybercriminals to track stolen cards’ origin or geographical location for increased fraud opportunities.The site has earned itself a well-earned reputation among dark web communities for providing reliable, high-quality stolen data at competitive rates, with notable data breaches and cybercrime incidents adding further visibility. Furthermore, its constant supply of freshly hacked information ensures its dynamism – keeping cybercriminals’ appetite satisfied!
An analysis of the stolen database revealed that carding shop had 26 million records available for purchase, including “dumps” (strings of zeros that encode into magnetic stripe data that can be swiped at point-of-sale terminals) and CVV2 codes that facilitate fraudulent online credit card transactions.The marketplace also features other forms of stolen data, including SSN-DOB listings (social security numbers and dates of birth), which can be used to open bank accounts without authorization, purchase merchandise and services without paying, conduct identity theft crimes and more. Furthermore, it provides fake ID documents like passports and drivers licenses in order to help attackers bypass law enforcement detection.
Consumers can take proactive steps to safeguard themselves by monitoring their credit bureau reports for suspicious activity. If an account was opened without their knowledge or consent, filing an identity theft dispute with each bureau could prevent collection agencies from turning it over for collection purposes. If you become the victim of briansclub cm identity theft, it is crucial that you act swiftly to minimize its damage. Reach out to all three credit bureaus and file a report with the Federal Trade Commission (FTC), where FTC officials can assist consumers in disputing credit reporting errors or fraudulently added debts.