Cross-Border Phishing Tools Syndicate Active Since 2018, Profits Rp 25 Billion

The Directorate of Cybercrime (Dittipidsiber) of the National Police Criminal Investigation Agency has arrested a couple selling hacking devices or phishing tools across borders in Kupang City, East Nusa Tenggara (NTT). This illegal practice has been carried out by the perpetrators since 2018. “Indications of the perpetrators’ profits during their operational period are estimated to have obtained income of around Rp 25 billion throughout the period from 2019 to 2024,” said Dirtipidsiber of the National Police Criminal Investigation Agency, Brigadier General Himawan Bayu Aji, during a press conference at the National Police Criminal Investigation Agency in South Jakarta on Wednesday (22/4/2026). The two suspects are GWL (24), a male SMK Multimedia graduate who is the mastermind behind creating illegal scripts autodidactically, and his girlfriend initialled FYT (25), who handled the finances from the crime. GWL has been producing and developing phishing tools independently since 2018. He operated several sites such as w3ll.store, well.store, and well.shop to market the tools. “Suspect GWL acted as the main perpetrator who produced and sold independently since 2018. His background is an SMK Multimedia graduate and he acquired the skills to create scripts autodidactically,” Himawan explained. Meanwhile, his girlfriend FYT provided fund storage through crypto wallets. FYT was responsible for converting crypto payments into Rupiah and withdrawing them via personal bank accounts. “The suspect has been the girlfriend of suspect GWL since 2016 and assisted the suspect in managing the finances from script sales,” Himawan stated. In running this illegal business, the two suspects used Virtual Private Server (VPS) services located abroad. “The suspects also conducted automatic sales monitoring and provided technical support services for script buyers experiencing issues,” Himawan clarified. Although based in Kupang, the reach of this couple’s crime spans a global scale. Based on data gathered with the FBI, there are 2,440 buyers of scripts made by GWL scattered across various countries. This activity has resulted in at least 34,000 hacking victims worldwide, with an estimated total loss of 20 million USD or approximately Rp 350 billion. The police not only arrested the two perpetrators but also seized various assets strongly suspected to originate from crime proceeds worth Rp 4.5 billion. The seized assets from the couple include cars, motorbikes, land and buildings (SHM), computers, dozens of ATM cards, and crypto wallets. “The uncovering of this case directly breaks the criminal infrastructure supply chain, which effectively prevents massive future cybercrime waves,” Himawan stated. For their actions, suspect GWL is charged under Article 51 paragraph (1) jo Article 35 and/or Article 50 jo Article 34 paragraph (1) of Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (UU ITE), with a maximum penalty of 15 years imprisonment and a fine of Rp 10 billion. Meanwhile, FYT is charged under Article 607 paragraph (1) Letter a or Letter c of Law Number 1 of 2023 on the Criminal Code (TPPU), with a penalty of 15 years imprisonment and a fine of Rp 5 billion.