Cross-Border Phishing Tools Syndicate Dismantled, Perpetrators a Romantic Couple
The Directorate of Cyber Crime (Dittipidsiber) of the National Police Criminal Investigation Agency has dismantled a network providing hacking devices or phishing tools. This revelation was achieved in cooperation with the United States Federal Bureau of Investigation (FBI).
Dittipidsiber’s Brigadier General Himawan Bayu Aji stated that his team successfully arrested two perpetrators involved in this illegal practice. The pair operated across borders.
“Investigators from the Directorate of Cyber of the National Police Criminal Investigation Agency, along with the NTT Provincial Police’s Criminal Investigation Directorate, successfully tracked and secured two perpetrators in Kupang City, NTT,” said Himawan Bayu Aji during a press conference at the National Police Criminal Investigation Agency in South Jakarta on Wednesday (22/4/2026).
The two suspects are GWL (24), a male high school multimedia graduate who was the mastermind behind creating illegal scripts autodidactically, and his girlfriend FYT (25), who handled the finances from the crimes.
Himawan explained that GWL had been independently producing and developing phishing tools since 2018. He operated several websites, such as w3ll.store, well.store, and well.shop, to market the tools.
“Suspect GWL acted as the main perpetrator who produced and sold independently since 2018. His background is a multimedia vocational high school graduate, and he acquired script-making skills autodidactically,” Himawan clarified.
Meanwhile, his girlfriend FYT provided fund storage through cryptocurrency wallets. FYT was responsible for converting cryptocurrency payments into rupiah and withdrawing them via personal bank accounts.
“The suspect is GWL’s girlfriend since 2016 and assisted the suspect in managing sales finances,” he said.
Himawan revealed that in running their illegal business, the two suspects used virtual private server (VPS) services located abroad.
“The suspects also conducted automatic sales monitoring and provided technical support services to script buyers experiencing issues,” he explained.
Thousands Become Victims
Based on coordination with the FBI, Himawan continued, it was found that the couple’s illegal activities had caused massive victims. It was identified that there were 2,440 script buyers spread across various countries.
“There were 2,440 buyers who transacted from 2019 to 2024 through VPS infrastructure in Dubai and Moldova. All transactions were confirmed using cryptocurrency assets recorded in purchase history,” Himawan stated.
Data was also obtained on approximately 34,000 identified victims from January 2023 to April 2024. Of that number, 17,000 victims or about 50 percent were confirmed to have experienced hacking.
“From analysis of 157 victims, 53 percent are from the United States, while the remaining 47 percent are from various countries worldwide,” Himawan explained.
“Within that group, nine Indonesian company entities were also identified as victims,” he detailed.
The two suspects had reaped profits of up to Rp 25 billion since carrying out their illegal actions. Meanwhile, the losses inflicted on victims from the use of scripts sold by the suspects are estimated at USD 20 million or approximately Rp 350 billion.
From the two perpetrators, investigators have seized assets worth Rp 4.5 billion strongly suspected to be proceeds of crime. The evidence secured includes cars, motorcycles, land and buildings (SHM), computers, dozens of ATM cards, and cryptocurrency wallets.
For their actions, suspect GWL is charged under Article 51 paragraph (1) in conjunction with Article 35 and/or Article 50 in conjunction with Article 34 paragraph (1) of Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (UU ITE), with a maximum penalty of 15 years imprisonment and a fine of Rp 10 billion.
Meanwhile, FYT is charged under Article 607 paragraph (1) letter a or letter c of Law Number 1 of 2023 on the Criminal Code (TPPU), with a penalty of 15 years imprisonment and a fine of Rp 5 billion.