If you are interested in cybercrime, then it should not be news to you that the current model of the market and the cybercriminals forum is experiencing unprecedented instability and uncertainty. In recent weeks, another member of the
Club of Uncertainty has joined the club: BriansClub, an automated shopping site (AVC) specializing in stolen credit card data, which was reportedly the victim of a targeted attack on its data center.
In this blog, we determine whether this targeted attack on BriansClub will affect the broader landscape of credit card cybercriminals, and ponder whether this could prompt the community to push another AVC credit card store to the top.
In October 2019, Krebs on Security reported that the data had been stolen from BriansClub, which revealed about 26 million stolen credit and debit cards. Ironic? That's what we thought. It is not known at this time whether the
stolen data was available from other sources. Such violations are particularly difficult to track because they can often be sold to another AVC or forum.
In a cybercriminal environment it is a world of dogs and dogs, and no site, whether a forum, marketplace or AVC, is safe. Given the huge amount of data available on the site, coupled with the high average cost assigned to each hacked
card (estimated to cost $500 each), BriansClub is an attractive target for cybercriminals. Although the source responsible for the attack has not yet been identified, it is likely that they were financially motivated and driven by
selfishness, as an appeal to Krebs from the security service indicates that the actor sought publicity as well as access to 26 million stolen cards.
The popularity of online cybercriminals has grown over time, partly because of the ease of access, as well as because of the large amount of credit card data available, which are frequently updated daily. A cybercriminal wishing to commit financial fraud is enough to register on one of these sites, choose the bank of his choice, and then choose the appropriate account to purchase. All this is done with a few clicks and a couple of keystrokes.
Figure 1. An example of a cybercriminals' credit card store, Trump's Dumps
BriansClub's business model is based on making money from compromised card data. Excluding the fact that BriansClub sold 9.1 million cards, the reportestimates that AVC would have earned $126 million in sales. This figure
demonstrates that cybercriminals have a huge incentive to use such a platform, as the return on investment is "useful" (although extremely illegal).
To make a huge profit, BriansClub and other CC AVC stores rely on the constant supply of "fresh" data by organizations called "affiliates" or "suppliers" who are directly sources of information. The latest data can be divided into the following categories:
Affiliates or vendors then send this data to the store and in return receive a portion of the profits for any successful transactions. The use of such a model eliminates the risk of law enforcement trying to find a direct source Dumps
However, to keep stores running smoothly, you need a major skill: timing. If the stolen CC data is not collected, delivered, and advertised in a timely manner, the CC may be revoked before the buyer has time to review it. Such cases can then affect the reputation of the AVC store among cybercriminals, customer confidence in the service and, ultimately, the amount of Internet traffic passing through its doors.
Failure in any of the above areas leads to a bad reputation that spreads throughout the cybercrime community, which reduces the volume of Internet traffic and sales.
BriansClub is one of many well-known CC AVC stores that currently operate and sell similar datasets. In the cybercriminal credit card store environment, it is widely believed that most of the existing stolen CC data is replicated on these sites and is not unique to one particular platform. The scene is also awash with "Rippers" sites seeking to prey on willing shoppers. In such cases, buyers mistakenly believe that they are buying a valid credit card. The success of AVC sites, as well as forums, depends on several factors:
rice. 2 and 3. Advertise Joker Stash on a forum in a dark network.
While the attack on BriansClub may have some impact on its reputation on the CC AVC scene, it is unlikely that AVC will close the doors of its stores due to the trust and customer base it has already gained. The likely likelihood is that after this attack, competition in this space will continue to grow, and each platform will fight for the right to be king. There are many other suggestions that are waiting in the wings, examples include, but are not limited to:
To succeed, the AVC store, like the forum, may need significant resources to invest in the above.
While the existence of CC stores is well known, any increased media coverage is likely to attract additional attention from law enforcement and anti-fraud agencies seeking to stop and prevent this type of activity. But discovering how
much money you can make with these CC online stores can advertise profitability to a wider audience and attract an increasing number of like-minded people willing to take advantage.
However, increased unwanted attention may prompt "affiliates" - i.e. providers of stolen credit card data - to these online CC stores to question the risks associated with selling their data to a third party. As a result, Digital Shadows is now starting to see more and more affiliates directly advertising their datasets on cybercriminals' forums to try to neutralize this threat. Vending on forums not only eliminates the financial impact of selling through third parties, but also gives more control over who can view and buy data in general. The flip side of advertising on the forum is the search for interested and reliable buyers.
Figure 4: CC Database advertised on the Dark Web forum
The impact of the BriansClub attack on the wider CC AVC scene is not yet clear. The existence of any platform depends on the reaction of the cybercrime community. Attackers can either continue to use BriansClub and similar services despite unwanted attention, or switch exclusively to cybercriminals' forums to buy and sell such datasets or a combination of them. While the CC AVC scene as a whole may get some reputational impact from this attack, it is likely that the publicity will prove to skeptical users that the available data are legitimate and worth a significant investment.
Over the past three weeks, Digital Shadows has watched another popular Darknet crime market, Nightmare, face a number of abuses. Sellers have had difficulty logging into accounts, deleting them from the popular dark website Dark Fail and chattering on cybercriminals' forums on dark webs including Dread, Torum and Hub - all pointing to the possibility that the time of the Nightmare market has come.
The markets CC/CVV of cybercriminals in English remain under constant pressure, both because of external factors and factors related to their situation in the cybercrime environment.
The nightmare seems to be in the middle of the day. Last year we saw the Olympus market, which is projected to become the next-generation market, stop trading, followed soon by another rising star, Rapture. In April 2019, Dream Market announced the closure; Shortly thereafter, the Darknet market, Wall Street Market, reportedly cheated on the exit. The demise of Nightmare accurately reflects the decline of other Darknet markets; namely, whether it is exit fraud, internecine struggle or violation of law and order, it is unlikely that the site will be restored. Digital Shadows identified three key factors that probably influenced his likely departure:
The nightmare market has long been involved in drama. Rumours of fraud with the exit from Nightmare first emerged in April - May 2019. Then, the market reportedly crashed in July, exposing mimonik suppliers and internal communications
between staff. The hack was allegedly carried out by a former Nightmare insider who wanted to show that the site was going to "get out of the scam." Nightmare administrators quickly refuted the allegations, stressing that they
had no intention of doing so. Unsurprisingly, customer confidence in the site has not been restored.
A breach of this magnitude showed both cybercriminals and clients that we did not provide the deposited funds; this was crucial to undermining confidence in the market.
The aforementioned could prove to the cybercriminals community that Nightmare is not suitable for security, as bad measures can scare off cybercriminals (they like to know that their funds are available and secure).
The nightmarish market has a "terrible UX," one user said back in April at the Darknet discussion forum The Hub. Another user said it was "impossible" to send messages to vendors or even report bugs. UX (user experience) and website performance, as we have stated earlier, are important components for the success of the market. They must be successfully built into the site - key factors of both loyalty and demand. According to the principle, a satisfied buyer is a regular buyer. Nightmare can do little to stop the transition to the best platforms.
Figures 1 and 2: Complaints about Nightmare at the Hub Discussion Forum.
Ratings are important, and the Darknet is no exception. The decline in trust has forced the cybercrime community to turn its back on Nightmare.
Dread, a Reddit-style community with a large sectarian base, called the site's server status "fraudulent." Many Nightmare customers, who spent time and added funds to the site, turn to Dread to express their frustration and warn others: one urged others to "stay away" from Nightmare, another recommended "FREE COUNTING as soon as possible", and another was less sympathetic, accepting the attitude of "I told you so."
Figure 3: The nightmare market is discredited on Dread
To top it off, Dark Fail - a site that allows users to check whether Darknet sites are online - first changed it to "fraud" and then completely removed the "URL" from their lists (see Figure 3). Such a move confirms that even Dark Fail does not trust the Nightmare market.
Such instability creates a headache (perhaps even a migraine) for the English-speaking cybercrime world. New markets appear, then they disappear, which creates chaos. However, such chaos is fast becoming an increasingly visible feature of cybercriminals. But will these events affect the trade in cybercriminals? Here's what we value: