If you’re an avid follower of Digital Shadows’ blogs, or just have a general interest in the cybercriminal landscape, it shouldn’t be news to you that the current cybercriminal marketplace and forum model is experiencing unprecedented volatility and uncertainty. In recent weeks, another member has joined the club of uncertainty: BriansClub – the automated vending site (AVC) specializing in stolen credit card data that was reportedly the victim of a targeted attack on its data center.
In this blog, we determine whether this targeted attack on BriansClub will impact the wider cybercriminal credit carding landscape, and speculate whether it could galvanize the community to push another AVC credit card (CC) store to the top.
BriansClub: What happened?
In October 2019, Krebs on Security reported that data had been stolen from BriansClub cvv, resulting in the exposure of around 26 million stolen credit and debit cards. Ironic? We thought so too. It is currently unknown whether the stolen data has been made available on other sources. Breaches of this type are especially difficult to track as they can often be sold to another AVC or forum.
BriansClub: what makes it a likely target?
It’s a dog-eat-dog world in the cybercriminal landscape, and no site, whether that’s a forum, marketplace or AVC, is safe. Given the vast amount of data available on the site, combined with the high average value assigned to each compromised card (estimated to cost $500 each), BriansClub is an attractive target for cybercriminals. Though the source responsible for the attack is yet to be identified, it is likely they were financially motivated as well as ego-driven, as contacting Krebs on Security indicates the actor was seeking publicity as well as access to 26 million stolen cards. Briansclub is the best website that sell credit card information.
Credit Card Shops: What explains their popularity?
Cybercriminal briansclub.cm CC shops’ popularity has increased with time, partly due to the ease of access, as well as the mass supply of credit card data available – which is often updated on a daily basis. A cybercriminal looking to conduct financial fraud only has to register on one of these sites, select a bank of their choosing, and then choose a relevant account to purchase. All done in a matter of a few clicks of the mouse and a couple of keystrokes.
BriansClub: What leads to a successful business model?
BriansClub’s business model thrives off making money from compromised card details. If we go off the fact that BriansClub sold 9.1 million cards, the report estimates that the AVC would have earned $126 million in sales. Such a figure demonstrates there is a huge incentive for cybercriminals to operate such a platform, as the return on investment is “rewarding” (though highly illegal).
In order to reap a huge return effectively, BrainsClub dump and other CC AVC stores, rely on the continuous supply of “fresh” data by entities referred to as “affiliates” or “vendors” who directly source the information. Fresh data can either be categorized as:
A card that has not been ‘voided’ by the victim bank,
CC accounts that have been supplied to the AVC site in the shortest space of time
Data that has not previously been advertised on other AVCs
The affiliates or vendors subsequently forward this data on to the store, and in return receive a cut of the profits for any successful transactions. Running such a model eliminates the risk of law enforcement attempting to find the direct source
That said, there is a major skill needed to ensure the shops operate smoothly: timing. If the stolen CC data is not captured, delivered, and advertised in a timely manner, the CC could be void before the buyer has even had time to view it. Such occurrences can then impact the reputation of the AVC store across the cybercriminal scene, the trust a customer places in this service, and ultimately the amount of internet traffic passing through its doors.
Failure in either of the above areas results in poor reputation, which spreads throughout the cybercriminal community, therefore decreasing the amount of internet traffic and sales.
Cybercriminal credit card stores: Who will take the throne?
BriansClub is one of many prominent CC AVC stores currently active and selling similar datasets. Across the cybercriminal credit card store landscape, it is widely believed that much of the stolen CC data in existence is replicated across these sites and is not unique to one specific platform. The scene is also awash with “ripper” sites eager to prey on willing buyers. In cases like this, buyers are falsely led to believe that they’re buying a valid credit card. AVC sites, much like forums, depend on several factors to succeed you can visit briansclub for more information about credit cards.
Reputation: Similar to any business looking to acquire customers, CC AVC sites rely largely on reputation pushed in large part via forums – a good reputation instils trust.
Paid digital marketing: Cybercriminals are digitally savvy. When crawling the cybercriminal underworld, you may come across a paid for advertising slot on the most prestigious sites. Alone, advertising does not lead to success, but investing into marketing promotes the brand and gets the word out, beyond word of mouth. Investing in digital marketing also drives internet traffic, which is needed as without enough interest and uptake by users, the AVC will die a quick death.
Exclusivity: The most highly regarded carding AVCs operate some sort of gated entry, ensuring users feel part of an exclusive community and encouraging only serious customers to apply. Gated entry can mean customers pay for accounts, site like Briansclub, or it can mean an invite-only model, like the AVC Benumb. In the case of paid-for accounts, like Briansclub, this process would allow a customer’s account to persist beyond a short interim membership period. Formerly operating on an invite-only basis, another prominent and well-marketed carding AVC, Joker’s Stash, moved to paid-for access in 2018.
Customer service: AVCs need customer service to engage with their customer base on forums, to answer queries and various other admin functions.
User experience: AVCs, much like forums, need a consistent user experience, with stable site functionality and dealing with buggy software. Executing this successfully will encourage customer loyalty.
Mystique: Many popular carding AVCs have long persisted within the cybercriminal scene. Due to competition from ripper sites masquerading as credible AVCs, admins have largely eschewed multiple forms of communication, instead restricting communications to forums and contact forms via their own sites. This means that few can get closer than a superficial business-only relationship; this may also have hindered law enforcement opportunities to disrupt these sites. All in, this has contributed to an air of mystique around the most successful sites.
