Cybercrime Exposed How Briansclub Steals Credit Cards
BriansClub, an underground marketplace offering stolen credit card data – also known as “carding data” – for an estimated $414 million, features 26 million cards and fraudulently obtained Social Security numbers paired with birth dates. Cybercrime thrives around the globe through this brians club hub, leading to financial loss for victims as well as legitimate merchants who must cover chargebacks and invest in cybersecurity measures.
How Does Briansclub Work?
Briansclub is an unsavory online marketplace operating within the dark web where stolen credit card data can be purchased and sold. Though its founder remains unknown, Briansclub has amassed a vast quantity of card data that cybercriminals use to engage in financial fraud schemes or identity theft schemes.
This website operates by selling “dump” files containing stolen card data to buyers at an agreed upon fee per dump depending on its quality; buyers must make payments using cryptocurrency such as Bitcoin to maintain anonymity and prevent law enforcement agencies from tracking transactions.
Criminals take advantage of card information offered at Briansclub to engage in fraudulent carding transactions, also known as digital pickpocketing, by exploiting vulnerabilities in payment systems to steal from unsuspecting consumers and cause substantial financial loss for victims, strain legitimate merchants, undermine consumer trust, as well as present significant risk to businesses due to chargebacks that result from these illegal transactions.
Briansclub not only specializes in carding, but it provides various tools to aid other crimes as well, including fraud, scams and identity theft. For instance, this site sells SSN-DOB listings which feature stolen social security numbers paired with birthdates which threat actors can then use to open unauthorised accounts, commit phishing attacks or engage in more complex identity theft schemes.
Security journalist Brian Krebs reported that hackers recently breached Briansclub and stole 26 million card records, which include both online and bricks-and-mortar retailers’ details. Analysis has suggested that 14 million are still valid; their owners regularly upload new batches of stolen cards: according to credit union sources, Briansclub added 1.7 million in 2015, 2.9 million in 2016, 4.9 million last year, and 9.2 million so far this year alone! Security intelligence firms shared this information with these sources so they were alerted of cards for sale on underground markets.
What’s in a CC Dump?
A credit card dump (CC dump, or “credit card dump”) is a collection of stolen credit card data such as card number, expiration date and CVV (card verification value). Criminals use stolen card data from these CC dumps to make fraudulent purchases online or in physical stores using carders who exploit stolen customer databases or skim data from compromised point-of-sale devices to gain these details and sell their haul of stolen cards via underground marketplaces such as Briansclub cm.
Brian Krebs’ website, named in his honor, specializes in selling stolen payment card data obtained by other hackers. Additionally, there is a forum available for carders to collaborate and discuss tactics; additionally there are tools provided that help prevent fraud and safeguard personal data.
Krebs reported that as of September, Briansclub offered 26 million stolen credit card records for sale – estimated to be worth $414 million at current black market rates – that had been stolen from both online and brick-and-mortar retailers over four years. Between 2015 and 2016, Briansclub added 1.7 million card records; then 2.89 million two years later; then finally an astounding 4.9 million records were uploaded this year alone!
Krebs reports that stolen cards on this hacked website were often sold at a fraction of their black market value, making it hard to ascertain how much profit has been earned by its operations overall. He notes however, that they managed to sell 9 million stolen cards during 2015 alone for approximately $126 Million in Bitcoin earnings.
As one of the largest carding stores underground, Briansclub could be affected by an alleged hack that might affect other similar sites in terms of pricing changes; specifically, some may try reducing prices in order to attract customers and retain existing clients.
As buying a credit card dump is illegal and any one caught engaging in this practice could face severe punishment from authorities, in addition to often being flagged as fraudulent by banks and card issuers, leading to significant financial loss for consumers who use such digital records for illegal purchases.
What’s the Value of a CC Dump?
A recent upload of 26 million credit- and debit-card records to a dark web “carding” website is raising eyebrows, serving as both an invaluable piece of intel for financial institutions as well as proof that cybercriminals remain vigilant in searching out ways to exploit vulnerabilities and steal data.
BriansClub reports that the stolen card records for sale on its site come from hundreds or even thousands of hacked online and brick-and-mortar businesses over the last four years, and are sold by reseller hackers who make a living breaking into payment systems both virtual and physical to turn stolen digits into cash they can then use to purchase goods like electronics or gift cards.
Carding, or digital pickpocketing, involves exploiting vulnerabilities in computerized payment systems to steal money or items from unsuspecting victims without their knowledge or consent. Criminals employ networks of accomplices to infiltrate sources where credit-card data may be stored – databases at financial institutions, websites storing credit-card information or even skimming devices which harvest card numbers directly from credit-card swipes by unsuspecting victims.
As thieves find and exploit vulnerabilities, their process becomes more refined in order to maximize gains while evading detection. They’re continually looking for opportunities that allow them to turn a profit and expand their operations.
One way they achieve this goal is by continually replenishing their stock with stolen card data, acquired through criminal marketplaces such as black markets. When criminals acquire and sell stolen records for sale on these platforms, their reputation as trustworthy providers becomes stronger, leading to greater success for these markets.
Krebs on Security recently published a purloined database showing that BriansClub regularly uploads card data taken from high-profile data breaches and cybercrime incidents, thus raising its profile among black market communities and lowering risk that threat actors will waste money purchasing fake or invalid card data.
What’s the Risk of a CC Dump?
Law enforcement agencies work tirelessly to combat cybercrime, yet black market platforms will likely persist. That is why consumers should exercise extreme caution when exploring such alternatives; specifically those looking for cheap CC dumps must remember this activity is illegal and could lead to serious financial implications for victims.
A “CC dump” refers to stolen credit card data sold illegally on the black market that can be used for fraudulent purchases on credit cards sold via this scheme, leading to frozen and cancelled cards for victims as well as businesses suffering chargebacks due to these illicit activities. Criminals involved with selling these illicit transactions not only profit from these illicit dealings but also create an atmosphere of fearful transactions which could cause lasting financial damage for their victims and their families.
KrebsOnSecurity received a link in September to files containing 26 million credit and debit card accounts stolen from hundreds of hacked online and brick-and-mortar businesses over four years, uploaded to an underground “carding” store called briansclub cm that specializes in selling stolen card information. Hacker or “reseller” teams often gain access to this data from breaking into payment card systems both online and off; resellers make money selling these records through these carding shops in return for commission or share of revenue for each card sale they sell through these carding shops.
Not always updated, these illegitimate card dumps may include cards that will be flagged by banks and credit card companies as fraudulent, prompting consumers to be vigilant when shopping online and pay attention to bank and credit card statements for suspicious activity. It may be advantageous for consumers to consider using virtual credit cards for online purchases that can be instantly cancelled in case of suspicious activity; additionally they should use strong passwords with two-factor authentication enabled whenever possible for added online protection.