Posted on October 17, 2019 at 9:43 PM
Most people in the cybersecurity scene have heard of Brian Krebs. He’s a supplier of news across the cybersecurity industry. What you might not know, however, is that there’s an entire dark web peddler modeled after his modus operandi. Briansclub.at has been hacked, and Brian himself just discovered that fact.
As the old saying goes: Imitation is the highest form of flattery. Brian Krebs found an entire store based off of him. As seen in the article here, it’s a somewhat surprising thing for him indeed.
Stealing What’s Rightfully Stolen
There’s no arguing the sheer amount of traffic you could find on the dark web. Amazingly, this so-called BriansClub was one of the most significant stolen card vendors on the dark web.
However, the place was hacked yesterday. Over 26 million credit and debit card records have been removed from the vendor. Through a complicated process, federal hacking prosecutions have determined that every stolen card is worth about $500 when all the numbers are crunched. This amounts to a total of thirteen billion USD the illegal company lost.
It’s honestly an incredible amount to fathom, but one that isn’t rated on BriansClub. Flashpoint, upon investigating the site further, determined that there stands a total of $414 million in potential earnings of stolen credit cards. This was determined by how the store classifies each card and charges accordingly.
Amusingly, there’s a very stark difference between supply and demand. Across four years, BriansClub has sold over 9.1 million cards, amounting up to a hefty paycheck of $126 million.
However, the 2018 intake of stolen cards alone was more than that: 9.2 million. It seems the criminals quite literally have more stolen cards than they know what to do with. That, though, is both amusing and almost sad.
Andrei Barysevich, co-founder and Chief Executive Officer at Gemini, released a statement about the matter. He speculated that this hack would disrupt the underground market for stolen cards in the short term. However, he states that, since the demand for the cards is rising, other illegal vendors will capitalize on the loss of BriansClub.
Brian Meets Brian, Lies Ensue
Seeing this golden opportunity, KrebsonSecurity took the dedicated effort to contact the owner of BriansClub to try and ask questions about the ensuing breach. They did this via the “support tickets” page on BriansClub’s site. Amazingly enough, the fake Brian responded with a message. First, he gave the obligatory affirmation that he was, in fact, the one true Krebs. After that, he stated that the hack wasn’t on the site itself, but the data center instead.
The False Brian also stated that all the information that was breached had been removed from the site. Something KrebsonSecurity had determined was false. Multiple sources were able to confirm this fact.
The False Brian defended his business in the wake of the inevitable backlash by posting this comment on the BriansClub page.
Please focus your eyes on the “signature” at the bottom of the post. It’s cheap, needy, and downright lower class. For that reason alone, people should doubt someone who claims to be an objectively intelligent man.
Not Robin Hood, But Competitors
According to the administrator of Verified, one of the oldest Russian speaking cybercrime forums, BriansClub’s hack wasn’t some act of altruism. It was a calculated move by a person by the name of MrGreen. MrGreen, as it would happen, owns their card shop by the same name.
Interestingly enough, MrGreen was banned from Verified. The reason being that they sent the information to Krebs, to begin with. The administrator considered this “the lowest of all lows” among self-respecting cybercriminals.
Brian Krebs himself takes this as a compliment.
Cards Via Dumps
These illegal credit cards are saved via data dumps: Large strings of binary code. When the data is parsed on a magnetic strip about the size of a credit card, you officially have the falsified credit card to use as you wish. Typically, it’s used for buying Bitcoin, general goods, and stuff like that.
What’s funny to think about is the “format” of the card is irrelevant. You could theoretically walk around with a library card that you printed the real magnetic strip on, and wow everyone by pretending to do a magic trick. You’ll still get arrested, but you’ll have a funny story to share in prison.