Three individuals in Indonesia and Japan were arrested for their alleged roles in "16shop," a notorious phishing-as-a-service (Paas) platform that was recently shut down by Interpol after a global investigation.
Law enforcement from Indonesia, Japan, and the US, as well as the Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42, Trend Micro, and Cybertoolbelt, teamed up in the takedown operation.
16shop is a phishing-as-a-service platform that sold hacking tools — also called "phishing kits" — to criminals with the intent of scamming Internet users. The group's tools were employed in attacks against some 70,000 victims in 43 countries.
The nefarious service was first flagged by analysts in Interpol's cybercrime division while researching threats in the ASEAN region. The Interpol team was able to identify the platform administrator and discern a likely location with the help of private sector partners. Once Indonesian National Police's Directorate of Cyber Crimes was informed with an intelligence report, a 21-year-old man was taken into custody. His arrest led to further information being shared and additional arrests being made.
"Phishing isn't a new phenomenon, but when the crime-ware is being offer widely on subscription and to automate phishing campaigns, it enables any person to leverage this type of service to launch a phishing attack with a few clicks," said Brigadier General Adi Vivid Agustiadi Bachtiar, director of the Indonesian National Police's Cyber Crime Investigation.