In thisarticleI'll go over thedetailsof a recentcyberattack against a popular cardingclubcalledBriansClub.Duringthisattackpaymentdetailswerestolen from brick and mortar retailers. The attackers then used the information to resellproductsatacut-price.
BriansClub, a black market website that resells stolen credit card details, has beenhacked.Hackersstole26millionpaymentcarddetails.Thesenumbersare encodedontothemagneticstripeofthecard,whichallowscriminalstousethe cardsinthesamewayastheoriginalcreditcard.
TheBriansClubdatabreachhasimpactedbrickandmortarretailers.Theyhave lost a potential $414 million in sales, according to security intelligence firm Flashpoint.Ithasalsoaffectedfinancialinstitutions.Oncethebanksdetectthe stolencards,theywillinvalidatethem.
Usingthestoleninformation,cybercriminalscanpurchaseitemsfrombigbox stores or high-priced items from eCommerce sites. BriansClub is a broker of carddata,allowinghackerstoearnapercentageofeachsale.
Whiletheidentityofthesourceisunknown,briansclubhasnotconfirmedthat itwashacked.Lastmonth,securityjournalistBrianKrebsreportedthatasource hadsharedaplaintextfilecontainingafulldatabaseofcardsforsaleonthe site.
Thenumberofpaymentdetailsstolenfrombrick-and-mortarretailershasbeen on the rise since 2015. This is a problem that experts say will only grow as
consumers continue to migrate toward online retail outlets. Luckily, the best waytocombatfraudistoverifycustomers'identities.
Many retailers are calling on state legislatures to pass legislation aimed at stopping this activity. They believe that a well-thought-out bill is necessary to protect customers from unscrupulous retailers. For instance, a bill recently passed in Arkansas, which would establish more stringent identification requirementsforhighvolumesellers.
According to a recent reportby RILA/Buy Safe, the total cost of retail theftin theUnitedStatesisestimatedtobe$68.9billionin2019.Inotherwords,theft isafactoflife.
BriansClub is one of the largest black market sites on the Internet. This underground "carding" storeisoperated by "resellers" who share the revenue. The site is home to several million stolen credit cards. In fact, the security intelligencefirmFlashpointestimatesthatBriansClubholdsnearly$414million worthofstolencreditcardsforsale.
Oneofthemostimportantthingstolearnaboutthesiteisthatit'snotasshady asitmayappear.BriansClub'ssiteiswell-designedandeasytonavigate.Ithas anumberofclearandconcisesectionsthatdon'tbogdowntheuser.
Briansclub.cm hasalsobeenknowntooffersomeofthebestdealsaround.For instance, a reseller ID: 174,829) offered 6 million records for $106 million. Moreover,thesitehasarobustandcomprehensiveuserforum,whichprovides aplatformforuserstoexchangeinformation,adviceandideas.
BriansClubisoneofthemostpopularblackmarketsitesforstolencreditcard data. It sells "dumps" of stolen payment card data. These "dumps" consist of bitsofbinarycodethatcanbeencodedontothemagneticstripeofacreditcard. Theyaretypicallyusedtocreatecounterfeitcardsforin-personpayments. Thismakesthesiteaprimetargetforhackers.Iftheattacker hasaccesstothe site,heorshecanquicklymakepurchaseswithstolencreditcardinformation. The site has a huge supply of credit card data, which is updated daily. In addition, it allows fraudsters to earn a percentage of every purchase, so the businessmodelishighlyillegal.
The site offers a wide variety of services. For example, users can change their PINs,bidonauctions,anduseanautomatedloansystem.Userscanalsotake advantage of a lottery to win free gifts. There are also discounts available for users who regularly register. Those who deposit more than $500 will receive a 10%bonus.
A recentdata center hack atDark Web "carding" store BriansClub hasraised serioussecurityconcerns.It'salsolikelytoshakeuptheDarkWeblandscape. Thesiteis oneof thelargestmarketplacesfor stolen card data. Assuch, it'sa temptingtargetforthieves.Inthepastyear,thesitehasaddedmorethantwo millioncardsforsale.
Whiletheaforementionedhackhasn'tyethadanimpactonthewiderCCAVC scene,ithascausedthecommunitytotakeapausetoreflectonthesecurityof theirmostprizedpossession:creditcards.Fortunately,therearemanyoptions forcard-lessconsumers.OneoptionisthecryptocurrencyDash.Anotheristhe Litecoin. There are several factors that go into the making of a quality CC store, but timing is perhaps the most important. This is especially true of BriansClub, a storewhosebusinessmodelisbasedonsellingstolencarddetailstofraudsters.
