Indonesian Political, Business & Finance News

FBI Appreciates Polri for Busting Phishing Tools Syndicate Causing Rp 350 Billion Losses

| Source: DETIK Translated from Indonesian | Legal
FBI Appreciates Polri for Busting Phishing Tools Syndicate Causing Rp 350 Billion Losses
Image: DETIK

The Federal Bureau of Investigation (FBI) has expressed appreciation to the Polri Criminal Investigation Agency (Bareskrim) for successfully dismantling a syndicate selling hacking devices or phishing tools based in Kupang City, East Nusa Tenggara (NTT). This illegal practice resulted in losses amounting to USD 20 million, or approximately Rp 350 billion.

FBI Law Enforcement Attaché for Indonesia and Timor Leste, Robert F. Lafferty, described the success of this disclosure as the fruit of a long investigation that began several years ago.

“The FBI and the Republic of Indonesia National Police have successfully concluded a years-long investigation to dismantle a sophisticated global phishing network,” said Robert during a press conference at Bareskrim Polri, South Jakarta, on Wednesday (22/4/2026).

“The perpetrators developed malicious ‘Well’ devices and attempted to carry out fraudulent transactions worth more than USD 20 million,” he continued.

Robert explained that this operation represents an extraordinary team effort between the United States and Indonesia. The investigation focused on hunting down the main developers of the devices to ensure no safe haven remains for cross-border cybercriminals.

In its execution, Robert revealed a coordinated division of tasks between the FBI, Bareskrim Polri, and the NTT Provincial Police (Polda). The FBI, according to him, monitored digital trails and fund flows in the United States, while Polri conducted field operations to capture the mastermind.

“The FBI monitored digital trails and tracked financial flows in the United States, while Polri carried out crucial field operations to track down the operation’s mastermind and gather digital evidence,” he clarified.

Robert noted that the perpetrators relied on the illusion of distance and security in cyberspace to cover their activities. Therefore, through this arrest, investigators have shattered the perpetrators’ illusion of hiding behind distance and digital space.

“This is not just a technical disruption, but a total dismantling of a criminal enterprise,” Robert emphasised.

Based on FBI data, throughout 2023–2024, the phishing devices produced by the perpetrators had caused more than 17,000 victims spread across nearly every continent. This tool served as the main engine in global business email hacking schemes and identity theft.

Echoing Robert, FBI Atlanta Special Agent in Charge, Marlo Graham, in a statement read by Robert, described the device controlled by the perpetrators as a highly comprehensive cybercrime platform.

“This is not just phishing; this is a full-service cybercrime platform. And we will continue to work with domestic and foreign law enforcement partners using all available means to protect the public,” said Robert.

Through this disclosure by Bareskrim, the FBI is optimistic that the main source of international credential theft has been severed. Robert thanked Polri for their commitment to creating a safer digital world.

“We have set a precedent that transnational cybercriminal threats will be met with a united global law enforcement response,” he stated.

“We are very grateful to our colleagues in Indonesia for their partnership and commitment to a safer digital world,” Robert concluded.

Bareskrim Arrests Couple Selling Phishing Tools

The Bareskrim Polri Cyber Crime Directorate dismantled a cross-border network providing hacking devices or phishing tools. Police arrested two perpetrators involved in the illegal practice.

“Investigators from the Bareskrim Polri Cyber Directorate, along with the NTT Provincial Police Criminal Investigation Unit, successfully tracked and secured two perpetrators in Kupang City, NTT,” said the Head of the Cyber Directorate at Bareskrim Polri, Brigadier General Himawan Bayu Aji, during a press conference at Bareskrim Polri, South Jakarta, on Wednesday (22/4/2026).

The two suspects are GWL (24), a male high school Multimedia graduate who became the mastermind behind creating illegal scripts autodidactically, and his girlfriend initialled FYT (25), who managed the proceeds of crime.

According to him, GWL has been independently producing and developing phishing tools since 2018. He operated several sites, such as w3ll.store, well.store, and well.shop, to market the tools.

“Suspect GWL acted as the main perpetrator who produced and sold independently since 2018. His background is a Multimedia vocational high school graduate and he acquired script-making skills autodidactically,” Himawan explained.

Meanwhile, his girlfriend FYT provided fund storage through crypto wallets. FYT was responsible for converting crypto payments into rupiah and withdrawing them via personal bank accounts.

“The suspect is GWL’s girlfriend since 2016 and assisted the suspect in managing sales finances,” Himawan said.

View JSON | Print