The Indonesian National Police in a joint press conference with Interpol announced the arrest of three Indonesian hackers responsible for Magecart-style attacks compromising numerous international e-commerce websites and stealing payment card details of their online shoppers.
The investigation dubbed ‘Operation Night Fury,’ was led by Interpol’s ASEAN Cyber Capability Desk which is a joint initiative by law enforcement agencies of Southeast Asian countries to combat cybercrime.
According to the press conference, all three accused were arrested last year in December from Jakarta and Yogyakarta and charged with criminal laws related to the data theft, fraud and unauthorized access.
Similar to other Magecart attacks, the technique behind these attacks also involved exploiting unpatched vulnerabilities in e-commerce websites powered by Magento and WordPress content management platforms.
Hackers secretly implanted digital credit card skimming code on the compromised websites to intercept users’ inputs in real-time and steal their payment card numbers, names, addresses and login details.
Indonesian police stated that these hackers compromised 12 e-commerce websites but according to the experts at cybersecurity firm Sanguine Security, the group is behind the credit card theft at more than 571 online stores.
Sanguine Security said that these hacks could be attributed due to an odd message that was left in all of the skimming code. ‘Success gan’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructures.’
The suspects used stolen credit cards to buy electronic goods and other luxury items, and also tried to resell some of them at a relatively low price through local e-commerce websites in Indonesia.
One of the accused admitted to hacking e-commerce websites and injecting web skimmers since 2017.
The experts have found similar cyber attacks linked to the same online infrastructure even after the arrest of three people and so it is believed that there are more members of this hacking group still at large.