Pierluigi Paganini January 26, 2020

The Indonesian National Police and the Interpol announced the arrest of three Indonesian hackers who carried out Magecart attacks.

The Indonesian National Police in a joint press conference with Interpol announced the result of an investigation dubbed ‘Operation Night Fury’ that allowed to arrest three hackers that carried out Magecart attacks to steal payment card data.

The three hackers had compromised hundreds of e-commerce websites worldwide.

The Operation Night Fury was led by Interpol’s ASEAN Cyber Capability Desk, a joint initiative to drive intelligence-led and coordinated actions against cybercrime in ASEAN through the implementation of a harmonized regional coordination framework.

The three hackers were arrested in December in Jakarta and Yogyakarta and charged with data theft, fraud, and unauthorized access to computer systems. The men face up to 10 years in prison under article 363 of the Indonesian Criminal Code.

According to the authorities, the hackers had compromised at least 12 e-commerce websites, but the trio may be involved in a larger number of attacks.

Researchers from Sanguine Security have tracked the activity of this group for several years and believe they have compromised than 571 e-commerce stores.

The attribution of the 571 attacks to this specific group is based on an odd message that was left in all of the skimming code they used:

“Success gan !” translates to “Success bro” in Indonesian.

According to the authorities, the suspects used stolen credit cards to buy electronic goods and other luxury items, and then resell on local e-commerce websites in Indonesia.

“The modus operandi of the suspect is to infect hundreds of e-commerce originating from various countries in the world, after getting the results in the form of thousands of payment data used for shopping payments in e-commerce, the suspects use the stolen data to spend electronic goods and other luxury goods.” reads the press release published by the police.

“The suspects also tried to resell the goods after they received from the shipper online and through e-commerce in Indonesia at a relatively cheap price or below the market price, evidence secured by Dittipidsiber 1 laptop, 5 mobile phones of various brands, 1 unit CPU, 3 pieces of KTP on behalf of the perpetrators, 1 BCA token, and 2 ATM cards. Of the 500 data losses, the perpetrators made a profit of 300-400 million.”

According to the experts from Sanguine Security, this group is responsible only for 1% of overall attacks carried out by groups under the Magecart umbrella, this means that many other hackers are ready to attack e-commerce sites worldwide.

“This group had a serious impact on global ecommerce security in recent years, by skimming at least 571 hacked stores.” concluded the experts. “However, they were responsible for just 1% of all Magecart incidents since 2018 and should be considered small catch. Sanguine Security estimates that there are yet another 40 to 50 more sophisticated individuals involved in web-skimming activity.”

Pierluigi Paganini

(SecurityAffairs – Magecart, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]