There were arrests made of two alleged operators of the phishing-as-a-service platform "16shop" by INTERPOL in Indonesia and Japan after the agency carried out a successful investigation into the scheme, which was outsourced.
A research project that investigated cyber threats in the ten-nation Association of Southeast Asian Nations (ASEAN) bloc revealed on Tuesday that 16shop, which the international police co-operation organization described as a vendor of "phishing kits" sold to cyber criminals, was able to detect its existence as part of the research project investigating cyber threats in the bloc.
To defraud Internet users with email scams, the PaaS platform in use sells phishing kits to hackers to use to defraud them by sending an email with a pdf or a link that redirects the victim to a website that asks them for various personal information such as their credit card number. After these details have been stolen, they are used to steal money from victims by stealing their personal information.
Known as phishing, this form of cyberattack is committed by impersonating a legitimate entity through a form of communication such as email, a phone call, or a text message, with the intent of obtaining sensitive information from the victim. Several cyber threats are prevalent around the world, including phishing. Up to 90 per cent of data breaches are thought to be attributable to successful phishing attacks, making it one of the most common ways to acquire credentials and steal data from victims.
As reported by Interpol, 16shop sells phishing kits to hackers, whose aim is to covertly scam internet users with the help of these kits. In most cases, these scams involve sending emails that contain PDF files or links that redirect users to a website as the result of the sender's mistake. A site like this would then ask its victims for their credit card numbers or other sensitive information, such as Social Security numbers.
A joint operation against 16Shop was carried out with the assistance of the cyber crime department of the INTERPOL General Secretariat, Indonesian authorities, Japanese authorities, and US authorities. Several private infosec firms participated in the conference, and these included the Japan Cyber Defense Institute, Singapore's Group-IB, Palo Alto Networks' Unit 42, and Trend Micro, as well as Cybertoolbelt, an investigation platform for cybercrime.
Over 70,000 users in 43 countries have reportedly been compromised as a result of the hacking tools supplied by 16shop. In an interview with The Jakarta Post, brigadier general Adi Vivid Agustiadi Bachtiar, the director of the Indonesian National Police Cybercrime Investigation, stated that anyone can launch phishing attacks by simply clicking on their mouse.
A cybercrime expert, Bernardo Pillot, said there has been an "unprecedented increase" in the sophistication and number of cyber threats as a result of cybercrime operations at Interpol. Moreover, of late there has been an increase in “customized” attacks as criminals are looking for the highest impact as well as the highest profit from their crimes.
There is a strong indication that the platform is administrated from a country in Indonesia, according to law enforcement.
They seized electronic items, as well as several luxury vehicles, during the arrest of a 21-year-old man. A couple of other platform facilitators were also arrested after the first arrest was made by law enforcement officers.
A police investigation was launched by the National Police Agency of Japan and the Indonesian National Police shortly after the successful apprehension of the administrator which led to the identification of two facilitators and their arrest by both agencies.
Group-IB, a Singaporean infosec outfit, had analyzed 16Shop, the e-commerce platform for phishing kits, and the outfit was able to assert that over 150,000 phishing domains had been created as a result of using the outfit's kits. Information security firm Earthlink believes that the kits in question have been traded on the underground cybercriminal market since as far back as November 2017, at prices ranging from $60 up to $150 for each kit.
According to the group, phishing pages targeting the users of American Express were offered for $60, and fake Amazon pages mocking Amazon were offered for $150, which are both targeted at American Express users, respectively.
With the help of the kits, putative victims were able to see content localized to their location based on eight languages.
It was necessary to have global collaboration since many of the operations of the phishing-as-a-service vendor were hosted on servers owned and run by a US-based company to operate efficiently. To provide Indonesian investigators with the information they needed, the FBI helped to secure it.
