S’pore cyber-security firm and others helped Interpol bust platform selling phishing kits
Sign up now: Get ST's newsletters delivered to your inbox
The phishing kits used to mimic legitimate websites were sold on various hacker forums since 2017, before Interpol shut it down.
PHOTO: ST FILE
SINGAPORE – A Singapore-based cyber-security firm was among several others that collaborated with Interpol and various international law enforcement agencies to bust a platform that sold phishing kits responsible for thousands of fake domains.
The kits allowed scammers to dupe unsuspecting victims into giving up payment details or personal information through fake pages set up to target users of popular services such as those by Amazon, Apple and PayPal, among others.
Three men have been arrested, with one convicted. The two suspects are believed to be behind 16shop, the platform that sold the kits.
Group-IB – the Singapore-based cyber-security firm involved in the bust – said in a statement on Tuesday that more than 150,000 phishing domains have been created by the software sold by the platform, with more than 70,000 users in 43 countries compromised, according to Interpol.
The software was created by Riswanda Noor Saputra, 23, when he was just 17 years old.
He was arrested in November 2021 in Indonesia, and was sentenced the following year to 30 months in jail and fined 500 million rupiah (S$44,200). He was released on parole in April.
The second man was arrested in Japan in August 2022, while the last of the trio was nabbed on July 9 in Indonesia.
All three are Indonesians.
Group-IB said the phishing kits used to mimic legitimate websites were sold on various hacker forums since at least November 2017, before Interpol shut it down in August.
Depending on the brand that scammers wished to imitate, the phishing kit costs anywhere between US$60 (S$80) and US$150. Buyers were provided with localised versions of websites based on the intended victims’ location.
The arrests were made following an investigation that spanned years, reported Japanese newspaper Asahi Shimbun on Wednesday.
They were also the result of a concerted effort coordinated by Interpol, in collaboration with law enforcement agencies in Indonesia, Japan and the United States, along with several cyber-security firms.
One of the companies involved in tracing the suspects was US firm Palo Alto Networks’ Unit 42.
In an interview with The Straits Times on Friday, Mr Sean Duca, Palo Alto Networks’ vice-president and regional chief security officer for Asia-Pacific and Japan, said it focused on identifying the phishing software and who it was targeting.
Describing threat intelligence as “finding that one needle”, he said it boiled down to mapping out common threads, such as determining IP addresses or going through lines of code to determine if there were any similarities.
Mr Duca said that, with the advent of cloud networks, the entry level of cybercrime has been lowered.
“For them, their lives become a little easier. (They might) have no skills nor the knowledge, but they have intent, and they just need to part with a couple of dollars... to get access to this world,” he added.
He advised consumers to exercise greater caution when receiving links from third parties.
“The key thing... is to just stop and think before you click on any e-mail that you receive,” he said.
“If you’re in doubt, just open up your Web browser and access a website directly instead of clicking any links that were shared.”
