Polri and FBI Map Phishing Crime Ecosystem After Busting Couple's Operation in NTT
Bareskrim Polri, together with the Federal Bureau of Investigation (FBI), will map the cybercrime ecosystem related to the sale of hacking devices or phishing tools by a couple in NTT. Police are now identifying thousands of buyers of the scripts scattered across various countries.
Dirtipidsiber Bareskrim Polri, Brigadier General Himawan Bayu Aji, stated that his team has arrested two suspects in the case. They are GWL (24) and his partner FYT (25).
He revealed that the main role of the suspects in this case is as developers and sellers of phishing scripts. Not only selling, the perpetrators also provide assistance services to their buyers.
“The perpetrators’ role is to create as developers of scripts. Then, after creating them, they sell them,” said Himawan during a press conference at Bareskrim Polri, South Jakarta, on Wednesday (22/4/2026).
“In that buying and selling, the buyers also conduct monitoring to provide assistance. How to use it, whether there are any issues or not,” he continued.
Himawan explained that investigators are currently delving into whether the two suspects only acted as tool providers or also participated in phishing attacks using their own creations.
Bareskrim recorded approximately 2,440 buyers of the scripts from the suspects throughout 2019-2024 via VPS infrastructure located in Dubai and Moldova. All transactions used cryptocurrency assets recorded in purchase histories.
Himawan stated that his team is now focusing on synchronising the phishing crime ecosystem flow, from script creation, the sales process, to its impact on victims.
“So we look at the suspects creating scripts then selling them, bought, and then the buyers are the victims. Later we will synchronise the ecosystem, how the usage mechanism is from the sales in the middle. That will be synchronised into a flow originating from the relevant scripts,” explained Himawan.
He mentioned that in Indonesia, nine corporate entities have been identified as victims. Police are tracing whether these companies were attacked directly by the suspects or by other parties who bought the scripts from them.
“Specifically in Indonesia, these are victims of nine companies that we are identifying. Later we will see the origin, whether directly from the suspects or from the script buyers who conducted activities towards the nine companies,” said Himawan.
In dismantling this cross-border operating syndicate, Polri coordinated with the Federal Bureau of Investigation (FBI). This cooperation includes data exchange to identify victims abroad through the FBI’s system.
“We are cooperating with various stakeholders, both international and national. One of them is with the FBI, this is also to provide supporting data to us so we can see what the actual victims are,” said Himawan.
Himawan mentioned that the FBI has a mechanism portal called the Internet Crime Complaint Center (IC3) that accommodates cybercrime reports from victims worldwide. This data is now being synchronised with Bareskrim’s findings to ensnare other perpetrators.
“They (FBI) have the IC3 system mechanism so they can know the victims who reported to the FBI. The victims can be abroad,” he concluded.
Bareskrim Arrests Couple Selling Phishing Tools
The Cyber Directorate of Bareskrim Polri has dismantled a network providing hacking devices or phishing tools operating across countries. Police arrested two perpetrators involved in the illegal practice.
“Investigators from the Cyber Directorate of Bareskrim Polri, together with Ditreskrimsus of Polda NTT, successfully tracked and secured two perpetrators in Kupang City, NTT,” said Dirtipidsiber Bareskrim Polri, Brigadier General Himawan Bayu Aji, during a press conference at Bareskrim Polri, South Jakarta, on Wednesday (22/4/2026).
The two suspects are GWL (24), a male SMK Multimedia graduate who became the mastermind creating illegal scripts autodidactically, and his partner FYT (25), who handled the finances from the crimes.