Dark Web Market: BriansClub

Greed is one of the most dangerous aspects of human nature. While it may lead some people to success through rightful means, it often causes many to choose wrongful paths due to its irresistible allure. In the realm of threat actors, greed suppresses thoughts and positive emotions, serving as a critical motivator for financial gain, which is a primary motivation for dark threat actors. Ransomware and the sale of credit cards on the Dark Web continue to financially harm businesses and individuals.

But what about credit card fraud, one of its oldest and largest markets? Among these markets, one stands out: BriansClub. This black market has made a name for itself as a prominent player in credit card fraud.

Fig. 1. Example of payment cards sold in BriansClub

What is BriansClub?

BriansClub is one of the dark web’s possibly oldest and most notorious black markets. Believed to have been founded in 2014 by a threat actor, Brian, this underground marketplace has gained infamy for its trade in stolen credit cards and personal identity information. Notably, it operates across the surface web and the Tor network, embracing cryptocurrencies like USDT, Litecoin, Dash, Monero, and Bitcoin for transactions, highlighting the digital age’s anonymity and financial fluidity.

Fig. 2. BriansClub login screen

Despite a significant law enforcement crackdown in 2019, BriansClub displayed resilience, ingeniously navigating through obstacles to continue its illicit activities to this day. Perhaps, a new manager has stepped in and kept BriansClub running under the same name, ensuring that the business continues to provide the same service that customers have come to expect.

The choice of its name, intended as a mocking tribute to Brian Krebs, a cybersecurity journalist well-known for his investigative reporting on cybercrime, adds a layer of irony to its operations. The marketplace even adopted Krebs’s likeness for its login screen, a bold move that blurs the lines between cybercrime and cyberculture.

According to Brian Krebs, BriansClub accumulated data from 26 million stolen credit and bank cards over four years, from 2015 to 2019, from various retail and online sources. In 2019, a cyberattack struck BriansClub, leading to the retrieval of the stolen data, which financial institutions then received. This cyberattack enabled proactive fraud mitigation measures, including tracking and reissuing compromised cards. Investigators discovered that the site had about $414 million in stolen credit card data and had sold 9.1 million stolen credit cards, earning $126 million in Bitcoin.

BriansClub Products and Tools

BriansClub represents a pivotal node in the dark web’s clandestine network, offering an extensive catalog of tools and products designed for the illegal trade. This digital black market specializes in various offerings, including Dumps, CVV2 codes, Fullz, and multiple services to facilitate unauthorized transactions and financial fraud.

Fig. 3. BriansClub homepage

Dumps are essentially digital copies of the data stored on the magnetic strips of credit cards. These datasets are instrumental for criminals aiming to create counterfeit cards for unauthorized transactions.

The CVV2 code, a crucial security feature for credit card transactions, primarily online, is another commodity traded within BriansClub. This three-digit code is pivotal for the verification process during transactions, making it a valuable asset for fraudulent activities online.

Fig.4. Sample of Fullz

Fullz takes the illicit trade further by providing comprehensive credit card details. This package includes not just the card number and CVV2 code but also personal information about the cardholder, such as their full name, address, and sometimes even social security numbers. This data package enables a more sophisticated form of financial fraud, allowing deeper penetration into victims’ financial lives.

Fig. 5. BriansClub Auction tab

BriansClub’s Wholesale and Auction services cater to bulk buyers and those looking for specific, high-value data sets, demonstrating the market’s diverse approach to meet the varied demands of its clientele. Meanwhile, the Dumps Checker and CVV2 Checker tools offer quality assurance, allowing buyers to verify the validity of purchased data, thus safeguarding their investments against defunct or outdated information.

Unique to BriansClub are its LuxChecker and 0check services, which, despite criticism for their fees, provide a vital functionality by confirming the active status of a card through a nominal charge. This ingenious approach ensures the utility of the data sold and contributes to the platform’s revenue.

The marketplace extends into identity theft with SSN–DOB (Social Security Number- Date of Birth) listings, offering stolen social security numbers paired with birthdates. Threat actors can exploit this information for a range of fraudulent activities, from opening unauthorized accounts to more intricate identity theft schemes.

Tools like Bins Lookup and ZIPs Lookup further enhance the platform’s utility for its users by enabling them to trace the bank or geographical origin of a stolen card, facilitating targeted fraud.

Track1Generator and My Bins represent the technical sophistication of BriansClub, allowing users to generate magnetic strip data for counterfeit card production and track specific Bank Identification Numbers (BINs). The platform even innovates in cybercrime with its lottery service, introducing a gamified element where participants can win a portion of a collective pot, adding a layer of engagement to the platform’s offerings.

Why is BriansClub Popular?

BriansClub distinguishes itself as a premier destination in the shadowy corridors of the dark web, singularly dedicated to the trade of credit card malfeasance. Its ascent to notoriety within this digital underworld is not accidental but the result of a meticulously crafted appeal to its audience. Below, we delve into the multifaceted allure that cements BriansClub’s position at the pinnacle of cybercriminal preference.

A Hub for Stolen Financial Data: Central to BriansClub’s operation is its extensive collection of illegally acquired financial data, including credit card numbers, CVV2 codes, and Fullz information. This repository facilitates a broad spectrum of financial fraud, directly contributing to the global issue of identity theft and financial loss for individuals and institutions alike.

Ease of Access and Criminal Enablement: The platform’s user-friendly interface may seem like a boon for ease of navigation, but it primarily serves to lower the barrier to entry for engaging in cybercrime. By simplifying access to stolen financial data, BriansClub effectively broadens the pool of individuals capable of committing financial fraud. Briansclub’s filtering feature also eliminates a large amount of data information, making it easier for threat actors to reach their target.

Fig. 6. BriansClub Fulzz tab filters

Tools of the Trade: Offering tools such as validity checkers for stolen information not only aids in the commission of fraud but also enhances the efficiency of criminal activities. While showcasing technical sophistication, such services further entrench the platform’s role in facilitating cybercrime.

High Reputation: Reputation is as valuable as the currency traded; the black market is well-regarded for the accuracy and reliability of its stolen credit card information. This reputation reduces the risk for threat actors concerned about purchasing fake or invalid data, ensuring a level of trust and security in transactions.

Involvement in High-Profile Incidents: The black market’s involvement in significant data breaches and cybercrime events has raised its profile within dark web communities. This notoriety has contributed to its popularity and growth.

The Promise of Fresh Exploits: The dynamism of BriansClub lies in its commitment to constant renewal. By continuously replenishing its stock with freshly stolen data, the platform ensures its offerings remain relevant and desirable, keeping the cybercriminal appetite whetted.

Anonymity: With operations shielded by the Tor network, BriansClub offers its users anonymity and security. This protection is critical in a domain where privacy is paramount, and the platform’s claim of data deletion within six months adds an extra layer of assurance.

Scamming the Scammer

Unlike many of its competitors, BriansClub stands out for not advertising on hacker forums. This strategy creates a unique problem: threat actors unfamiliar with the platform’s authentic domain could be tricked by impostors. Given BriansClub’s notoriety, numerous counterfeit platforms have emerged, attempting to mimic it. This situation has given rise to a cybercriminal version of “imitation is the sincerest form of flattery,” with a twist—threat actors use typosquatting to create fake domains that closely resemble BriansClub’s, aiming to scam the scammers themselves.

Fig. 7. A TrustPilot review by scammers who themselves became victims of scams

These fake platforms spread misleading BriansClub links across various online spaces, such as Google Maps, Medium articles, and Quora, a question-and-answer site. The irony doesn’t end there; some imitation platforms have tricked actors. This scenario underscores the deceptive layers within the dark web, where even experienced cybercriminals can become victims of fraud, navigating a world where trust is scarce and the risk of deception is high.

Conclusion

SOCRadar can assist in combating BriansClub and similar cyber threats through its comprehensive suite of cybersecurity tools and intelligence capabilities. Here’s how SOCRadar can be particularly effective against threats like BriansClub:

The existence and persistence of sophisticated cybercriminal platforms like BriansClub in the digital realm underscore the urgent need for advanced and specialized cybersecurity measures. SOCRadar’s innovative approach plays a pivotal role in this battle against cybercrime, especially in the realms of dark web monitoring and protection against financial fraud.

SOCRadar Dark Web Monitoring

SOCRadar’s cutting-edge dark web reconnaissance technology, when combined with the expertise of human analysts, offers an unparalleled advantage in detecting and understanding the operations of financially-motivated threat actors. This unique combination of technology and human insight is crucial in unearthing cybercriminals’ intricate tactics and strategies, providing an indispensable layer of intelligence vital for proactive security measures.

SOCRadar Fraud Protection

Furthermore, SOCRadar’s capabilities in credit card monitoring are essential in today’s cyber-threat landscape. By swiftly identifying stolen credit card information across various platforms – including global black markets, carding forums, and social media – SOCRadar enables organizations to respond rapidly to potential compromises. This rapid detection is key to preventing financial losses and countering fraud, showcasing SOCRadar’s effectiveness in safeguarding financial information.

In protecting customers’ Personally Identifiable Information (PII), SOCRadar’s comprehensive scanning tools are invaluable. They offer thorough coverage across the surface, deep, and dark web, ensuring that any leaks of PII are promptly detected. This capability not only helps in maintaining compliance with privacy regulations but also plays a significant role in protecting individuals from identity theft and other forms of privacy breaches.

Organizations can significantly enhance their cybersecurity posture by leveraging SOCRadar’s intelligence and monitoring services. This includes early detection of threats, efficient response to incidents, and overall improvement in digital resilience against sophisticated cybercriminal operations like those conducted by BriansClub.