BriansClub is one of the largest CVV material stations for purchasing stolen credit card data, and it has also been hacked. The data stolen from BriansClub includes over 26 million credit and debit card records obtained from hacked online and physical retailers over the past four years, with nearly 8 million CVVs uploaded to the store in 2019 alone.
Last month, Krebs contacted a source who shared a plain text file containing a complete database of cards allegedly sold currently and historically through BriansClub, a thriving fraudulent marketplace.
Multiple people who have reviewed the database shared by my sources have confirmed that by searching the BriansClub website with a valid and properly funded BriansClub account, the same credit card records can also be found in a more organized format.
All card data stolen from BriansClub is shared with multiple sources that work closely with financial institutions to identify and monitor or reissue cards that appear in underground cybercrime.
The leaked data shows that in 2015, BriansClub only added 1.7 million card records for sale. But in each subsequent year, the business will increase. In 2016, BriansClub uploaded 2.89 million stolen cards; In 2017, approximately 4.9 million cards were added; In 2018, it brought an additional 9.2 million copies.
Between January and August 2019 (when this database snapshot was clearly taken), BriansClub added approximately 7.6 million cards.
The majority of what BriansClub offers are "dumps," which are strings of one and zero - when encoded onto any magnetic stripe the size of a credit card - that can be used by thieves to purchase electronics, gift cards, and other high priced items in hypermarkets.
As shown in the table below (excerpted from this report), many federal hackers involved in stolen credit cards have filed lawsuits, with a value of $500 per stolen card record for sentencing purposes, representing the average loss of each stolen card holder.
The fairness and justice stolen back
Extensive analysis of the database indicates that BriansClub holds stolen credit cards worth approximately $414 million for sale, based on the pricing hierarchy listed on the website. This is shown in an analysis report by Flashpoint, a security intelligence company based in New York City.
The company's head of security research, Allison Nixon, said that data shows that between 2015 and August 2019, BriansClub sold approximately 9.1 million stolen credit cards, earning the website $126 million in sales (all transactions were made in Bitcoin).
If we only take the 9.1 million cards sold through BriansClub, based on the average loss of $500 per card provided by the Department of Justice, we may be talking about losses exceeding $4 billion.
In addition, the total number of stolen credit cards sold on BriansClub and related websites is likely to far exceed the number of criminals who purchased this data.
There is no simple way to determine how many of the approximately 26 million cards sold by BriansClub are still valid, but the closest approximation - how many unsold cards have expiration dates in the future - suggests that over 14 million of them may still be valid.
The records also show that the operators of BriansClub often upload new batches of stolen cards - some with only a few thousand records, while others have tens of thousands.
This is because, like many other card swiping websites, BriansClub primarily resells cards stolen by other network hackers - known as resellers or affiliates - who earn a certain percentage from each sale. It is currently unclear how to share revenue in this situation, but further analysis of the stolen database may reveal this information.
Chat with the crab feed station administrator
In a message titled 'Your website has been hacked', the reporter requested BriansClub to leave a comment on the 'customer service system' page of the card store's website, informing the operator that all their bank card data has been shared with the issuing bank.
A few hours later, I was surprised and delighted to receive a polite response from the website administrator ("admin").
I will contact you on Jabber. I should mention that all information affected by the data center vulnerability has been taken down, so there is no need to worry about the issue with the issuing bank
Flashpoint's Nixon said that by comparing the stolen card database with the card data in the BriansClub website front-end, it was found that the administrator's claim that the leaked stolen card data had been deleted from their online store was not true.
The administrator has not yet responded to further questions, such as why BriansClub chose to use the crab icon to sell millions of stolen credit cards.
Counterattack?
Nixon said that the destruction of criminal website databases often leads not only to the prevention of cybercrime, but also to arrests and prosecutions.
When people talk about 'hacker counterattacks', they are talking about something like that, "Nixon said. As long as our government is hacking into all these foreign government resources, they should also hack into these card websites. There are now many people paying attention to this data, and people are working to remedy and work on it
As an example of a hacker counterattack, she pointed out the vulnerability of vDOS in 2016- which was the largest and most powerful service to crash a website in a large-scale cyber attack at the time.
Shortly after the database of vDOS was stolen and leaked to the author, its two main operators were arrested. Nixon said that the database also added evidence of criminal activity from several other individuals who were unrelated to the cybercrime investigation.
She said, 'When vDOS was breached, it basically reopened some obscure cases because the leak of the vDOS database provided the last piece of evidence needed.'.
Andrei Barysevich, co-founder and CEO of Gemini, stated that given Gemini's current tracking of 87 million credit and debit card sales records across underground cybercrime, BriansClub's violation is undoubtedly very significant.
Gemini is monitoring most underground stores selling stolen card data, including high-risk areas such as Joker's Stash, Trump's Dumps, and BriansDumps.
Contrary to popular belief, when these stores sell stolen credit card records, the records are removed from the inventory of items sold. This allows companies like Gemini to roughly determine how many new cards are listed for sale and how many have already been sold.
Barisewich said that the loss of so many valid cards is likely to affect the competition and product pricing of other card stores.
He said, "Due to over 78% of stolen card illegal transactions being attributed only to a dozen or so dark web markets, such a massive loophole will undoubtedly disrupt underground transactions in the short term. However, due to the increasing demand for stolen credit cards, other suppliers will undoubtedly attempt to exploit the disappearance of top players