Cyber Attack Briansclub Credit Card Theft Alert

An online shop known for selling stolen credit card data was recently compromised and its storefront, named for security researcher brians club and bearing his likeness, emptied of 26 million records. Cybercriminals are relentless in their pursuit to gain profit by stealing our personal information, but law enforcement agencies work diligently to identify and dismantle such networks.

Reputation

One of the world’s largest dark web carding stores was recently compromised and 26 million credit and debit cards stolen, providing valuable intel for banks but potentially providing others with tools for fraudulent transactions. Criminals can sell stolen credit card data on illegal marketplaces on the dark web to hackers for illegal purchases using sensitive details like card numbers, expiration dates and CVV codes from these stores.

Briansclub cm Dealer account was compromised and used to upload a database of stolen credit card data which has since been shared with various security researchers and financial institutions. The database shows when cards were uploaded and how many were sold; estimates put its worth at about $414 Million; contains stolen card numbers, cardholder names and expiration dates as well as CVV codes and PINs from Briansclub Dealer account.

As yet, no one knows who was behind this attack, although theories abound as to who may have initiated it. A hacker could have been an employee upset at having been treated poorly at their place of employment, or hired by competitors as a means to disrupt site functionality. Either way, this incident marks a setback in carding industry operations and should prompt increased efforts to track and prosecute cybercriminals.

Since 2015, BriansClub has become the go-to underground marketplace for buying and selling stolen credit card information. Cybercriminals use it to access stolen card numbers, expiration dates, CVV codes of victims’ accounts. Their vast inventory is an essential source of revenue for cybercriminals – offering high-quality data with superb customer service.

BriansClub was hit twice by hackers this year – in February, its inventory of stolen card data was leaked onto the Internet; this breach caused several large financial institutions to increase their monitoring of Dark Web activity and take measures against unapproved payments.

KrebsOnSecurity recently received from an anonymous source a database containing stolen Briansclub card data totalling 26 million records over four years, including 8 million added just this year alone. Of these cards, 14 million appear to be valid.

Security

Briansclub is an illegal marketplace offering stolen credit card data. Recently, this site was breached and 26 million records stolen – providing banks with invaluable intel. Security researcher Brian Krebs discovered this breach while on vacation on Australia’s Hamilton Island near the Great Barrier Reef; an old email caught his eye containing a link to an ever-expanding cache of card data he found there.

This cache consists of cards taken from hundreds if not thousands of hacked online and brick-and-mortar stores over the last four years and uploaded to BriansClub website which uses Krebs’ name and likeness in its advertising since 2015.

Briansclub purchases provide direct funding into criminal networks while also helping fraudsters target specific types of users. A recent study discovered that over one-third of stolen card records available on the dark web come from Briansclub; however, law enforcement agencies have been actively working towards shutting it down.

An anonymous source recently provided files containing data on over 26 million credit and debit cards stolen over four years from various businesses online and off. This data was acquired through hacker or reseller attacks who profit from breaking into payment card systems both virtually and physically.

Reselling stolen card records can be an enormously detrimental risk for both consumers and financial institutions alike, increasing fraud costs as well as compliance costs for both parties involved. Banks in particular may bear a disproportionately heavy load from identity theft losses incurred from identity fraud; smaller banks especially may bear this burden because major credit-card companies rarely issue alerts when their customer’s cards end up for sale on underground markets.

Briansclub hackers will likely continue selling stolen card data despite EMV cards that limit their potential use at physical retail stores, since they still buy high-priced items such as electronics and gift cards at big box retailers and use fake magstripe cards to purchase goods in stores.

Business model

Briansclub is a website offering stolen credit card data for sale. Since its introduction, this illicit marketplace has had a devastating effect on financial fraud landscape and caused both individuals and businesses to incur massive losses as well as strain financial institutions and diminish consumer trust. Law enforcement agencies are taking swift steps to dismantle it by seizing servers linked to it as well as closing websites linked with it – in hopes of disrupting criminal operations while making life harder for criminals operating illegally.

Tor Network Accessed Site Providing Buyers an Opportunity to Buy Card Dump(s) | List of Stolen Card Information(s) for a nominal FeeThe Tor network site gives buyers the ability to purchase “card dumps”, lists of stolen card information that can be encoded onto magnetic strips like those found on credit cards for unauthorised purchases, for a nominal fee. Sellers use cryptocurrency such as Bitcoin for maximum anonymity when selling these ‘dump” lists of information

KrebsOnSecurity reported that Briansclub amassed 26 million credit and debit card records stolen from hundreds of compromised online and brick-and-mortar retailers over four years and uploaded by hackers who act as resellers to share a portion of any transactions’ proceeds with Briansclub.

In 2015, this site uploaded 1.7 million stolen cards for sale, increasing steadily each year up until 2018 when over 9.2 million cards had been added to their database – now holding an estimated total of nearly $414 million worth of fraudulent card information.

This website offers various tools for cybercriminals to use, including an identity theft protection service known as “0-Check”, and Track1Generator which can generate magnetic strip data for counterfeit card production. Such technologically sophisticated tools further cement this site’s role as an enabler of cybercrime.

While its user-friendly interface may appear to lower criminals’ barriers to entry, it actually broadens their potential victims and maximizes fraud activity efficiency. For instance, filters on this site enable criminals to target specific Bank Identification Numbers (BINs) and geographic locations in order to maximize profits and generate maximum profits from fraud activities.

Transactions

Briansclub is a network of hackers and cybercriminals who employ various techniques to steal credit card data for illegal sale on underground marketplaces. Their methods range from breaking into databases of financial institutions or exploiting vulnerabilities in e-commerce platforms in order to access card data, as well as hacking into these to gain entry. They then gather the desired data without leaving a trail behind them, typically targeting cards with higher credit limits or belonging to individuals with significant net worth so as to generate larger profits. Law enforcement agencies have taken notice of Briansclub’s activities, with several members arrested by law enforcement in recent years – sending a clear message that those engaged in illicit activity will be caught and punished accordingly.

Stolen credit card data can be exploited for various fraudulent activities, from transactions to identity theft and even phishing scams in order to access sensitive data and passwords. Furthermore, such stolen information could also be used by thieves in fraudulent wire transfers to steal money and commit other forms of fraud. In order to combat this threat effectively, companies should adopt an inclusive cybersecurity approach by monitoring employee behaviors as well as providing ongoing education on how to recognize phishing attacks.

Briansclub was reported by security intelligence firm Flashpoint to contain over 26 million stolen card records for sale, which totals roughly $414 million in value. Stolen card information includes strings of zeroes and ones which can be encoded onto magnetic strips to produce counterfeit payment cards; resellers sell this inventory by taking a percentage cut of each sale transaction.

Briansclub Marketplace not only sells stolen card data but also supplies products which can be used in various criminal activities, including stolen social security numbers paired with date of birth and other personal identifiers for use in opening bank accounts or identity theft schemes; additionally it stocks malware used for automatic email phishing campaigns. KrebsOnSecurity conducted its own investigation and has discovered that stolen card data being offered on briansclub cm marketplace is far greater than previously reported; currently surpassing even what Gemini Advisory monitors in underground markets.

 

Leave a Reply

Back to top button