Phishing Tools Sold by Couple in NTT Can Breach Multi-Layered Security Systems

The Directorate of Cybercrime (Dittipidsiber) of the National Police Criminal Investigation Agency has uncovered a network providing hacking devices or phishing tools in Kupang. The hacking tools, produced and sold across countries, are capable of penetrating multi-layered security systems or Multi-Factor Authentication (MFA).

Dittipidsiber’s Brigadier General Himawan Bayu Aji explained that the sophistication of the tools was discovered after investigators recorded approximately 34,000 identified victims from January 2023 to April 2024.

“From that number, around 17,000 victims or approximately 50 percent were confirmed to have been hacked, including the script’s success in bypassing multi-layered security mechanisms or multi-factor authentication,” Himawan said during a press conference at the National Police Criminal Investigation Agency in South Jakarta on Wednesday (22/4/2026).

Himawan revealed that the two suspects in this case are GWL (24), a male SMK Multimedia graduate who was the mastermind behind creating illegal scripts autodidactically.

“Suspect GWL has been producing and refining phishing tools since 2017 before selling and distributing them in 2018,” Himawan explained.

In selling the tools, GWL created the website wellstore.com in 2018, well.store, and well.shop in 2020. These three websites are connected to a Telegram account as a communication medium and means of delivering scripts to buyers.

“The suspect used foreign-based VPS (virtual private server) services in running his business. The suspect also conducted automatic sales monitoring and provided technical support services for buyers of scripts experiencing issues,” he added.

In running this illegal business, GWL was assisted by his girlfriend, FYT (25), who handled the finances. FYT received payments from buyers in the form of crypto assets, then converted them to rupiah for withdrawal to personal bank accounts.

“Regarding the flow of funds obtained by the suspects, after payments are received through a crypto payment gateway, suspect GWL forwards the funds to the wallet owned by suspect FYT. Subsequently, they are converted to rupiah and withdrawn using suspect FYT’s personal bank account,” Himawan disclosed.

Based on coordination with the FBI, Himawan continued, it was found that the couple’s illegal activities have caused massive victims. There are 2,440 identified script buyers spread across various countries.

“There are 2,440 buyers who transacted from 2019 to 2024 through VPS infrastructure located in Dubai and Moldova. All transactions have been confirmed using crypto assets recorded in the purchase history,” Himawan stated.

Data was also obtained on around 34,000 identified victims in the period January 2023-April 2024. From that number, 17,000 victims or approximately 50 percent were confirmed to have been hacked.

“From the analysis of 157 victims, 53 percent are from the United States, while the remaining 47 percent are from various countries around the world,” Himawan explained.

“Among that group, nine Indonesian companies were also identified as victims,” he detailed.

The total global losses caused by the use of these hacking tools are estimated to reach USD 20 million or approximately Rp 350 billion. Meanwhile, the two suspects reaped personal profits of up to Rp 25 billion during operations since 2019.

In addition to arresting the perpetrators, police seized various assets worth Rp 4.5 billion suspected to be strongly derived from criminal proceeds. The evidence secured includes cars, motorcycles, land and buildings (SHM), computers, dozens of ATM cards, and crypto wallets.

Due to their actions, suspect GWL is charged under Article 51 paragraph (1) jo Article 35 and/or Article 50 jo Article 34 paragraph (1) of Law Number 1 of 2024 on the Second Amendment to Law Number 11 of 2008 on Electronic Information and Transactions (UU ITE), with a maximum penalty of 15 years imprisonment and a fine of Rp 10 billion.

Meanwhile, FYT is charged under Article 607 paragraph (1) Letter a or Letter c of Law Number 1 of 2023 on the Criminal Code (TPPU), with a penalty of 15 years imprisonment and a fine of Rp 5 billion.