now browsing by tag


#nationalcybersecuritymonth | Interpol uncovers cyber crime operation in Indonesia

Source: National Cyber Security – Produced By Gregory Evans

An Interpol-coordinated cyber operation against a strain of malware targeting e-commerce websites has identified hundreds of compromised websites and led to the arrest of three individuals who were allegedly running the malicious campaign from Indonesia.

The malware, known as a JavaScript-sniffer, the online equivalent of a traditional card skimmer, targets online shopping websites. When a website is infected, the malware steals the customers’ payment card details and personal data such as names, addresses and phone numbers, sending the information to command and control (C2) servers controlled by the cyber criminals.

Dubbed Operation Night Fury, the operation was conducted with the support of cyber security firm Group-IB, which provided data on the reach of the malware that has infected websites in various locations, including in Indonesia, Australia, UK, US, Germany and Brazil. Group-IB also supported the investigation with digital forensics expertise to help identify the suspects.

The Interpol’s ASEAN Cyber Capability Desk has since disseminated cyber activity reports to the affected countries, highlighting the threat to support their national investigations. These include C2 servers and infected websites located in six countries in the Association of Southeast Asian Nations (ASEAN) region.

At the request of the Indonesian National Police, the Interpol provided technical and operational support that resulted in the arrest of three individuals suspected of commanding the C2 servers in the country.

The investigation revealed the suspects were using the stolen payment card details to purchase electronic good and other luxury items, then reselling them for a profit. They have been charged with the theft of electronic data, which carries up to a 10-year jail sentence in accordance with Indonesia’s criminal code.

“Strong and effective partnerships between police and the cyber security industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyber threat landscape,” said Craig Jones, Interpol’s director of cyber crime.

“This successful operation is just one example of how law enforcement is adapting and applying new technologies to aid investigations, and ultimately reduce the global impact of cyber crime,” he added.

In Singapore, local authorities identified and took down two of the C2 servers. Investigations in other ASEAN countries are ongoing, with the Interpol continuing to support police in locating C2 servers and infected websites, and identifying the cyber criminals involved.

The perpetrators behind the latest attack involving the use of JavaScript-sniffers were not new to the world of cyber crime. To access servers that collected stolen data and control their malware, they used virtual private network (VPN) connections to hide their real location and identity. To pay for hosting services and buy new domains, they only used stolen cards, according to Group-IB.

“Thanks to the Indonesian police and Interpol’s prompt actions, Operation Night Fury became the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the Asia-Pacific region,” said Vesta Matveeva, head of Group-IB’s cyber investigations team in the region.

“It is a great example of coordinated cross-border anti-cyber crime effort, and we are proud that our threat intelligence and digital forensics expertise helped to establish the suspects. We hope this will set a precedent for law enforcement in other jurisdiction too,” she added.

In a separate incident that took place under a year ago, the payment card information belonging to thousands of customers of Singapore banks was believed to have been compromised by a JavaScript-sniffer and put up for sale on the dark web.

During their analysis of underground card shops, Group-IB’s threat hunting team discovered a spike in the sale of raw data of 4,166 compromised payment cards – including CVV, card number and expiration date – issued by Singapore banks.

Group-IB said the data was uploaded in April 2019, and that the spike took place on 1 April when a database containing data on 1,726 compromised cards was put up. The mean figure from January to August 2019 was 2,379 cards per month.

Source link

The post #nationalcybersecuritymonth | Interpol uncovers cyber crime operation in Indonesia appeared first on National Cyber Security.

View full post on National Cyber Security

Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks

Source: National Cyber Security – Produced By Gregory Evans

Indonesian magecart hacker arrested

The Indonesian National Police in a joint press conference with Interpol earlier today announced the arrest of three Magecart-style Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.

Dubbed ‘Operation Night Fury,’ the investigation was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.

According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.

Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.

Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and login details as well.

Though Indonesian police claim these hackers had compromised 12 e-commerce websites, experts at cybersecurity firm Sanguine Security believe the same group is behind the credit card theft at more than 571 online stores.

“These hacks could be attributed because of an odd message that was left in all of the skimming code,” Sanguine Security said.

“”Success gan’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructures.’

The police revealed that the suspects used stolen credit cards to buy electronic goods and other luxury items, and then also attempted to resell some of them at a relatively low price through local e-commerce websites in Indonesia.

js credit card skimmer

On an Indonesian news channel, one of the accused even admitted to hacking e-commerce websites and injecting web skimmers since 2017.

Moreover, experts also observed similar cyberattacks linked to the same online infrastructure even after the arrest of three people, and thus believes that there are more members of this hacking group who are still at large.

The Original Source Of This Story: Source link

The post Interpol Arrests 3 Indonesian Credit Card Hackers for Magecart Attacks appeared first on National Cyber Security.

View full post on National Cyber Security

INTERPOL and the fast-paced digital threat landscape


Source: National Cyber Security – Produced By Gregory Evans

Dr. Madan Oberoi is the Director of Cyber Innovation and Outreach Directorate at the INTERPOL Global Complex for Innovation in Singapore. In this interview he talks about the key developments that allow law enforcement to stay on top the fast-paced digital threat landscape, offers insight on the challenges involved in managing international cyber innovation and research within INTERPOL, and introduces INTERPOL World 2015. What are the challenges of managing international cyber innovation and research within INTERPOL? With rapid technological advancement and effortless access to cyberspace, the world faces a range of new crime threats that are increasingly complex and intertwined. In the last few decades, we have witnessed a growing integration and interconnectedness of systems that were previously divergent, resulting in a ‘system-of-systems’. Crimes in cyberspace are not contained by national boundaries or within countries, making them a truly global threat. For example, in the cybercrime arena, the offence may have been committed in one jurisdiction or country, but the victims may be in a different jurisdiction, and regulations may differ. It is therefore extremely important that all stakeholders such as governments, police organizations, academia and private industry work together to combat these crimes. To help address this need, we […]

For more information go to, http://www., or

The post INTERPOL and the fast-paced digital threat landscape appeared first on National Cyber Security.

View full post on National Cyber Security