{
    "success": true,
    "data": {
        "id": 1694954,
        "msgid": "6-facts-about-the-international-phishing-tools-syndicate-lovers-busted-by-bareskrim-1776905458",
        "date": "2026-04-23 07:23:51",
        "title": "6 Facts About the International Phishing Tools Syndicate Lovers Busted by Bareskrim",
        "author": "",
        "source": "DETIK",
        "tags": "",
        "topic": "Legal",
        "summary": "Indonesian police, in collaboration with the FBI, have dismantled an international cybercrime network operated by a couple in Kupang, East Nusa Tenggara, who developed and sold phishing tools causing global losses of approximately Rp 350 billion and affecting 34,000 victims, including many from the United States. The male suspect, a self-taught SMK graduate, created the sophisticated scripts capable of bypassing multi-factor authentication, while his partner managed the finances through cryptocurrency wallets. This case highlights the growing threat of organised cross-border cybercrime and the effectiveness of cyber patrols in uncovering such operations.",
        "content": "<p>The Directorate of Cyber Crime at Bareskrim Polri has dismantled a\ncross-border network providing cyber fraud software or phishing tools,\nheadquartered in Kupang. It turns out that the fraud was carried out by\na couple, namely the man GWL (24) and the woman FYT (25). According to\npolice data, the couple\u2019s deceitful actions caused global losses of up\nto Rp 250 billion. In investigating the case, Bareskrim Polri\ncollaborated with the Federal Bureau of Investigation (FBI) due to its\norganised, cross-border cybercrime nature. A total of 34,000 people\nbecame victims, including from the United States (US). The suspects\nreaped profits of billions of rupiah from their fraudulent activities.\nHere are 6 facts about the case: 1. The Perpetrators Are a Couple\nDittipidsiber Bareskrim Polri Brigjen Himawan Bayu Aji stated that his\nteam successfully arrested two individuals involved in the network\nproviding hacking devices or phishing tools. Both operated across\nborders. \u201cInvestigators from the Directorate of Cyber at Bareskrim\nPolri, together with Ditreskrimsus Polda NTT, successfully tracked and\nsecured two perpetrators in Kupang City, NTT,\u201d said Himawan Bayu Aji\nduring a press conference at Bareskrim Polri, South Jakarta, on\nWednesday (22\/4\/2026). The two suspects are GWL (24), a male SMK\nmultimedia graduate who was the mastermind behind creating illegal\nscripts autodidactically, and his girlfriend FYT (25), who handled the\nfinances from the crimes. Himawan explained that GWL had been\nindependently producing and developing phishing tools since 2018. He\noperated several sites, such as w3ll.store, well.store, and well.shop,\nto market the tools. \u201cSuspect GWL acted as the main perpetrator who\nproduced and sold independently since 2018. His background is an SMK\nmultimedia graduate and he acquired scripting skills autodidactically,\u201d\nHimawan clarified. Meanwhile, his girlfriend FYT provided fund storage\nthrough cryptocurrency wallets. FYT was responsible for converting\ncrypto payments into rupiah and withdrawing them via personal bank\naccounts. \u201cThe suspect has been GWL\u2019s girlfriend since 2016 and assisted\nin managing the finances from script sales,\u201d he said. Himawan revealed\nthat in running their illegal business, the two suspects used virtual\nprivate server (VPS) services located abroad. \u201cThe suspects also\nconducted automatic sales monitoring and provided technical support for\nbuyers of scripts experiencing issues,\u201d he explained. 2. Losses Reach Rp\n350 Billion Police also uncovered the losses from this cyber fraud or\nphishing tools. The global losses from these practices reached Rp 350\nbillion. \u201cInvestigators have uncovered an international phishing tools\nsales network. From the suspects\u2019 actions, it has caused global losses\nof around USD 20 million, or approximately Rp 350 billion,\u201d said\nWakabareskrim Polri Irjen Nunung Syaifudin during a press conference at\nBareskrim Polri building, South Jakarta, on Wednesday (22\/4). Nunung\nsaid the case was uncovered through cyber patrols. The site was found to\nbe selling software for illegal activities. \u201cThis case was uncovered\nstarting from cyber patrols that found the site www.3ll.cc selling\nphishing tools,\u201d he explained. According to Nunung, investigators then\nconducted in-depth investigations using undercover buy methods or covert\npurchases using crypto assets to verify the software\u2019s function. The\nresult was that the tool was used for phishing or illegal access to\nothers\u2019 personal data. Based on investigator data, this network had a\nvery wide reach. From 2019 to 2024, thousands of people were recorded as\nhaving purchased the illegal tools. \u201cIn this uncovering, investigators\nsuccessfully exposed the international phishing tools sales network.\nThen, investigators also identified 2,440 buyers in the period from\n2019-2024,\u201d said Nunung. Nunung stated that phishing tools are a serious\nthreat. They serve as entry points for various larger cybercrimes.\n\u201cCybercrime today has evolved into organised cross-border crime.\nPhishing tools traded by perpetrators become gateways for other digital\ncrimes, such as online fraud, data theft, and Business Email Compromise\n(BEC),\u201d he said. 3. Bypasses Layered Security Dittipidsiber Bareskrim\nPolri dismantled the hacking device or phishing tools provider network\nin Kupang. It was stated that the hacking tools produced and sold across\nborders were capable of penetrating layered security systems or\nMulti-Factor Authentication (MFA). Dittipidsiber Bareskrim Polri Brigjen\nHimawan Bayu Aji explained that the sophistication of the tool was\ndiscovered after investigators recorded around 34,000 identified victims\nfrom January 2023 to April 2024. \u201cFrom that number, 17,000 victims or\nabout 50 percent were confirmed to have been hacked, including the\nscript\u2019s success in bypassing multi-factor authentication mechanisms,\u201d\nsaid Himawan during a press conference at Bareskrim Polri, South\nJakarta, on Wednesday (22\/4). Himawan revealed that the two suspects in\nthis case are GWL (24), a male SMK Multimedia graduate who was the\nmastermind behind illegal scripts autodidactically. In selling the\ntools, GWL created the website wellstore.com in 2018, well.store, and\nwell.shop in 2020. These three websites were connected to a Telegram\naccount as a communication medium and means of delivering scripts to\nbuyers. \u201cThe suspect in running his business used VPS (virtual private\nserver) services located abroad. The suspect also conducted automatic\nsales monitoring and provided technical support for buyers of scripts\nexperiencing issues,\u201d he added. In running this illegal business, GWL\nwas assisted by his girlfriend,<\/p>",
        "url": "https:\/\/jawawa.id\/newsitem\/6-facts-about-the-international-phishing-tools-syndicate-lovers-busted-by-bareskrim-1776905458",
        "image": ""
    },
    "sponsor": "Okusi Associates",
    "sponsor_url": "https:\/\/okusiassociates.com"
}