Brian’s Club:
Security experts say BriansClub is one of the leading dark web marketplaces for buying and selling credit card information. It has a reputation for providing excellent customer service, regularly stealing credit card information, and performing excellent quality control.
Data hacked from Brian’s Club:
Brian Krebs, a cybersecurity journalist who runs the blog Krebs on Security, appeared to enjoy teasing BriansClub.The online store advertises that it has “the highest quality cards from the legendary Brian Krebs.” Krebs noted that the name “Brian’s Club” is a play on his name, adding to the use of his image in advertising.
BriansClub customers were outraged when it was announced on October 15 that the company’s data had been hacked, leading to the theft of nearly 26 million credit and debit card numbers. Which journalist broke the news? Krebs himself, of course.
Krebs, a former Washington Post reporter who started his blog in 2009 while vacationing on Australia’s Hamilton Island, a car-free island paradise near the Great Barrier Reef, explained this vulnerability. While browsing, he noticed a weeks-old email in his inbox that he claimed contained a link to a large amount of credit card information that had been stolen.
AKA “strong karma.”
Krebs added that BriansClub could not answer other questions, such as why they used his name to sell stolen credit cards. He said on his blog that “at least part of the appeal is that my last name means “crab” (or cancer) and “krab” is Russian hacker slang for “carder,” a person who deals in credit card theft.”
In an apparent homage to Krebs’ site name, BriansClub has adopted a crab theme, uses crab photos, and claims to be copyrighted by Crabs on Security.
Before publishing his article, he said unbiased specialists analyzed the numbers. A word-search comment was sent to Brian’s Club via their website but received no response. The site is active and available on regular dark websites, Krebs said.
Krebs said that the attention the Brians Club has received has become flattering and that he is not particularly intimidated or involved by it. His reporting was so famous among carders and hackers that their schemes, which involved attaching his name to a selection of viruses, often seemed to align with him.
“It almost always backfires when a cybercriminal attempts to con me, steal my identity, or do anything similar, and I generally find out about it through one or two stories about it,” Krebs said. “At least there is some very strong karma.”
Google data:
According to Allison Nixon, head of security research at security firm Checkpoint Inc., who was one of the researchers who reviewed the information for Krebs, her team then worked to compile the necessary data and provide it to banks, credit card companies, and other financial institutions so that they could take appropriate steps to stop fraud and block compromised cards.
Because high-quality data on fraud of this nature and scale is difficult to obtain, collecting stolen credit card information for academics will be “the gift that keeps on giving,” according to Nixon.
According to Andrei Barysevich, co-founder of fraud information firm Gemini Advisory, BriansClub is one of about a dozen famous sites on the dark web where stolen credit card information is bought and sold.
According to Nixon, websites like BriansClub act as intermediaries that judge the quality of the credit card data taken, value it appropriately in bitcoin and then sell the data in exchange for a cut of the revenue.
Debit and credit cards are reportedly sold on the black market in the tens of millions to hundreds of millions. According to Mark Lanterman, a former member of the U.S. Secret Service’s Electronic Crimes Task Force and current director of technology for Computer Forensic Services, some of the cards are outdated, and most of the cards from one country are from the United States.
Raised Awareness:
Depending on the quality, expected reliability, and type of card (such as credit or debit), card prices often range from $3 to $50, and occasionally much more, he added.
According to Nixon, the supply of credit cards far outweighs the demand, making it less likely that any particular person will be targeted.
According to Barysevich, a BriansClub administrator reported the breach on two invite-only chat panels, one in English and one in Russian. He said the revelation sparked outrage among forum users, who questioned whether usernames and other information used to purchase stolen credit cards had also been stolen. BriansClub has denied any theft of client information in the discussion forums.
Nixon advised against attracting much attention from criminals. Many disgruntled sellers lost all their merchandise.
