Briansclub—Hack Rescues 26M Stolen Cards
One of the largest underground stores for buying stolen card information was hacked recently. That hack is expected to shake up the cybercrime underground. BriansClub is one of many companies that tracks the sale of card data on dark sites. These companies provide valuable intel to financial institutions to identify and monitor or reissue cards shown for sale on these black markets.
Credit Card Fraud
Credit card fraud can be caused by a number of things. For example, a cybercriminal could breach a point-of-sale system, or a bank’s processor. Then they can use stolen credit card numbers to purchase items online or at a brick-and-mortar store. Another common method is skimming, where a credit card is swiped through a machine that reads the data off of the magnetic stripe.
This can happen at an ATM, a gas pump or even in some restaurants. In addition, a credit card can be stolen from someone’s purse or wallet, or it could be lost while traveling. These stolen credit cards are then sold on illegal dark web sites. The largest underground carding site, briansclub, was hacked in 2019, and 26 million pieces of stolen credit card data were recovered from the hack. That represents one-third of the total stolen card data available on dark sites.
The hack of Brians Club is expected to have a major impact on the amount of stolen credit card data that makes its way into the criminal marketplaces. A company called Gemini Advisory monitors most underground shops that sell card information, and it currently tracks 87 million credit and debit cards for sale across the dark web. When a criminal buys a credit card record from a fraud marketplace, the record is removed from the list of stolen records that are for sale. That allows other criminals to avoid purchasing data that has already been compromised.
Moreover, criminals that buy stolen card data from these fraud marketplaces often share it with financial institutions so they can identify and monitor or reissue compromised cards that turn up for sale on the black market. This is because each record sold on a dark marketplace is typically valued at $500, which is the average loss per victim in many federal hacking prosecutions involving stolen card data.
KrebsOnSecurity was contacted by a source who shared a plain text file that claimed to contain the complete database of cards offered for sale through BriansClub. That database included cards uploaded to the carding site in 2015, 2016, 2017 and 2018, as well as the cards currently for sale.
Rescues 26M Stolen Cards
The briansclub has become a staple of the internet for threat actors looking to buy, sell and trade hacked or stolen information and services. Threat actors can use these platforms to communicate and make deals with other members of the underground community, and can also rely on forum reputation systems and user post histories to gauge the credibility of others. Many forums also feature arbitration and escrow systems that provide the means for fair transactions and consequences for failed ones. These features can be especially appealing when negotiating with other criminals who are often in the same geographic area or share similar criminological interests.
The largest underground store for purchasing stolen credit cards was hacked, and security intelligence firm Flashpoint reported that it had about 26 million card records on offer. The majority of these were “dumps,” strings of ones and zeros that can be encoded onto a magnetic stripe, making them useful for thieves trying to purchase electronics or gift cards at big box stores.
The extraordinary tenacity of these sites indicates that threat actors remain eager to find new ways to trade stolen information. One of the largest underground stores for buying stolen credit card information has been hacked. The hack involves 26 million credit and debit card records stolen from online and brick-and-mortar retailers. The cards were stolen from various retailers over four years, with eight million being uploaded in 2019.
The data was shared with security firms that monitor the illegal trade of data in the dark web. The companies then work with financial institutions to invalidate the cards and help their legitimate owners exchange new ones.
In addition to the credit card information, hackers also sell passwords for e-mail accounts and social media websites. These passwords are usually stolen by hackers who breach online services such as LinkedIn and Yahoo!. They can then sell them for cash or use them to gain access to the victims’ bank accounts and steal their money.
Normally, the stolen data is sold for about $2 each on dark market sites like Briansclub and Joker’s Stash. However, this hacking is expected to lower that price considerably. Credit card information is sold as strings of 1s and 0s, known as dumps. Criminals can encode these dumps into magnetic card-sized strips and use them to go on spending sprees. Using these fake cards to rack up charges against other people’s credit and debit card accounts is a popular way for criminals to make money.