FBI appreciates cooperation with Polri in uncovering phishing tools case

Jakarta - The United States Federal Bureau of Investigation (FBI) has expressed appreciation for the strong cooperation with the Indonesian National Police (Polri) in uncovering a cross-border case involving the sale of phishing tools. “This operation demonstrates extraordinary teamwork between the United States and Indonesia, specifically targeting the developers of those phishing devices,” stated FBI Law Enforcement Attaché for Indonesia and Timor Leste Robert F. Lafferty at the Bareskrim Polri building in Jakarta on Wednesday. He explained that the investigation was a strategic effort between the FBI, the Directorate of Cybercrime (Dittipidsiber) of Bareskrim Polri, and the NTT Provincial Police to dismantle safe havens for cyber criminals operating across international borders. In this operation, he added, the FBI monitored digital traces and tracked fund flows within the US territory, while Polri conducted field operations to locate the masterminds and gather digital evidence. “Cyber criminals rely on the illusion of distance and security in the virtual world to cover their activities. Our partnership with Polri has shattered that illusion,” he said. On behalf of the FBI, he thanked Polri for the partnership and commitment to creating a safer digital world. In the phishing tools sales case, Dittipidsiber Bareskrim Polri has named two suspects, GWL and FYT, who are a romantic couple. Dittipidsiber Bareskrim Polri Brigadier General Himawan Bayu Aji explained that suspect GWL, a male, played the main role as the primary perpetrator who produced, sold, and developed phishing tools independently since 2018. “The suspect’s background is a graduate of a multimedia vocational high school and acquired skills in creating scripts autodidactically,” he stated. Meanwhile, suspect FYT, a female, was responsible for providing shelter and managing funds from the criminal sale of phishing tools through crypto wallets since 2018. “Suspect FYT has been the girlfriend of suspect GWL since 2016 and assisted in managing the finances from the sale of scripts (phishing tools),” he said. Based on the investigation results, approximately 34,000 victims have been identified in the period from January 2023 to April 2024. Of that number, 17,000 victims were confirmed to have experienced hacking or account compromise, including the success of the phishing tools scripts in bypassing multi-layered security mechanisms or Multi-Factor Authentication (MFA). Furthermore, analysis of 157 victims showed that 53 percent were from the US, while the remaining 47 percent were from various countries around the world. “Within that group, nine Indonesian companies were also identified as victims,” he said. He also revealed that the losses to the victims during the period from January 2023 to April 2024 are estimated to reach around $20 million or approximately Rp350 billion. In addition, it was discovered that there were 2,440 buyers who conducted transactions during the period from 2019 to 2024 through virtual private servers (VPS) located in Dubai and Moldova. “All transactions have been confirmed using crypto assets recorded in the purchase history,” he stated.