A global investigation coordinated by INTERPOL has resulted in the shutdown of a notorious ‘phishing-as-a-service’ (PaaS) platform known as ’16shop’. The platform sold ‘phishing kits’ to hackers looking to defraud internet users through email scams. The investigations led to the arrest of the platform’s operator and one facilitator in Indonesia, with another facilitator arrested in Japan.
The arrests were made possible through intensive intelligence-sharing between the INTERPOL General Secretariat’s cybercrime directorate, national law enforcement agencies in Indonesia, Japan, and the United States, and private sector partners including Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42, and Trend Micro. Additional support was provided by Cybertoolbelt.
Phishing is considered to be the most prevalent cyber threat in the world, and it is estimated that up to 90% of data breaches are linked to successful phishing attacks. The victims of these attacks typically receive an email with a pdf file or link that redirects them to a site requesting their credit card or personally identifiable information. This information is then stolen and used to extract money from the victims.
Assistant Director of Cybercrime Operations at INTERPOL, Bernardo Pillot, emphasized the devastating impact of cyberattacks like phishing, stating, “Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating.”
Pillot further explained that there has been an unprecedented increase in the number and sophistication of cyber threats in recent years. Criminals are now tailoring their attacks for maximum impact and maximum profit.
The investigation into the ’16shop’ platform began when analysts from INTERPOL’s cybercrime division flagged it during a project on researching cyber threats in the ASEAN region. With assistance from private sector partners, the INTERPOL team was able to determine the identity and probable location of the platform’s administrator, who was based in Indonesia.
As the platform’s servers were hosted by a company in the United States, analysts collaborated with the INTERPOL National Central Bureau in Washington and the Federal Bureau of Investigation to gather key information for Indonesian investigators. A criminal intelligence report was then compiled and dispatched to the Indonesian National Police’s Directorate of Cyber Crimes. This allowed the national law enforcement agency to arrest the platform’s administrator, a 21-year-old man, and seize electronic items and luxury vehicles.
The successful arrest of the administrator led to the sharing of information between the National Police Agency of Japan and the Indonesian National Police, resulting in the identification and arrest of two facilitators.
Brigadier General Adi Vivid Agustiadi Bachtiar, Director of the Indonesian National Police’s Cyber Crime Investigation, highlighted the concerning trend of crime-ware being offered widely as a subscription service, which enables anyone to launch a phishing attack with just a few clicks. He emphasized the importance of collaboration between law enforcement agencies and private sectors in tackling this issue and preventing more people from falling victim to phishing attacks.
INTERPOL’s cybercrime directorate brings together cyber experts from law enforcement and industry to gather and analyze information on criminal activities in cyberspace, providing countries with coherent and actionable intelligence.
The shutdown of the ’16shop’ platform is a significant step in combating the prevalence of phishing attacks. By targeting the operators and facilitators behind such platforms, law enforcement agencies and private sector partners are working together to disrupt cybercriminal networks and protect internet users from becoming victims of these scams. However, the fight against cybercrime is an ongoing battle, requiring continued cooperation and intelligence-sharing to stay one step ahead of the criminals.