Interpol gets hold of three Indonesian Credit Card Hackers for Magecart attacks
The Indonesian National Police, Interpol and cybersecurity firm Group-IB together in a conference announced the arrest of three Magecart-style Indonesian hackers. These cyber criminals compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers.
Termed as 'Operation Night Fury', the investigation was led by Interpol's ASEAN Cyber Capability Desk. It is a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.
According to the press conference, all three accused (23, 26, and 35 years old) were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud, and unauthorized access.
"The operation is still ongoing in the other five ASEAN countries with which the intelligence was also shared. This case marks the first successful multi-jurisdictional operation against the operators of JavaScript-sniffers in the region," Group-IB said.
The group used VPNs while connecting to their command-and-control servers and stolen payment cards to buy new domains. This move is to hide their location and identity.
Group-IB helped Interpol identifying the suspects with its digital forensics expertise and "during the special operation, Indonesian Cyber Police seized laptops, mobile phones of various brands, CPU units, IDs, BCA Token, and ATM cards."
Just like most of the other widespread Magecart attacks, the modus operandi behind this series of attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.
Hackers then secretly implanted digital credit card skimming code—also known as web skimming or JS sniffers—on those compromised websites to intercept users' inputs in real-time and steal their payment card numbers, names, addresses and login details as well.
Cybersecurity experts at Group-IB have been tracking activities of this Magecart group since 2018, who were identified as the operators of JavaScript-sniffer family, dubbed "GetBilling."
Though Indonesian police claim these hackers had compromised 12 e-commerce websites, experts at cybersecurity firm Sanguine Security believe the same group is behind the credit card theft at more than 571 online stores.
Group-IB investigation confirmed that the number of websites infected with GetBilling sniffer is likely to be higher than 200 confirmed cases in Indonesia, Australia, Europe, the United States, South America, and some other countries.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.