16shop Phishing-As-A-Service Platform Taken Down

By Interpol & SCARS Editorial Team – Society of Citizems Against Relationship Scams Inc.
16shop Phishing-As-A-Service Platform Taken Down

Interpol Coordinated Takes Down 16shop Phishing-As-A-Service Platform Used By 70,000 People

16shop Notorious phishing platform shut down, arrests in international police operation

Table of contents

In a remarkable triumph over cybercriminal activity, the curtains have fallen on the nefarious phishing-as-a-service platform known as 16shop. This decisive outcome emerged from a comprehensive international effort led by Interpol.

The Story

In the aftermath of this concerted operation, a 21-year-old Indonesian individual, alleged to be the orchestrator of the platform, now faces apprehension. Two additional individuals, linked to the platform’s activities, have also been captured—one located in Indonesia and the other in Japan. Seizing the opportunity, law enforcement agencies secured electronic devices and opulent belongings belonging to the suspects.

A significant player in this operation was cybersecurity investigators Group-IB, which revealed that 16shop’s arsenal of hacking tools had been circulating within the underbelly of cybercrime forums since at least November 2017. Disturbingly, these tools were distributed to over 70,000 users across 43 countries. The malevolent potential of these tools empowered hackers to deftly manipulate unsuspecting individuals through email scams, systematically extracting personal and financial information for illicit gains.

Among these tools were meticulously crafted phishing kits, strategically designed to extract credentials and payment details from users of esteemed services such as Apple, PayPal, Amazon, American Express, and Cash App. Marketed at reasonable costs ranging from $60 to $150, the pricing fluctuated based on the prestige of the targeted brand. For instance, the Amazon kit was nearly $90 more affordable than its American Express counterpart.

The enormity of 16shop’s impact is illuminated by the staggering creation of over 150,000 phishing domains. Group-IB, headquartered in Singapore, unveiled a client base that systematically victimized individuals across diverse countries including Germany, Japan, the U.S., France, the U.K., and Thailand. Strikingly, while the masterminds hailed from Asia, the platform’s infrastructure was upheld by servers hosted through a U.S.-based company.

The sinister power of phishing-as-a-service tools lies in their ability to automate cyberattacks. Interpol underscored the accessibility of these tools, enabling “any person to leverage this type of service to launch a phishing attack with a few clicks.” Even individuals with modest cyber skills can propagate phishing pages at scale, thanks to these turnkey kits—a revelation that Group-IB brought into sharp focus.

In the wake of this triumph, the lesson is clear: unity and unwavering commitment can pierce the veil of cybercrime, illuminating a safer digital landscape for all.

According to INTERPOL

The platform sold hacking tools to compromise more than 70,000 users in 43 countries

SINGAPORE – A notorious ‘phishing-as-a-service’ (PaaS) platform known as ‘16shop’ has been shut down in a global investigation coordinated by INTERPOL, with Indonesian authorities arresting its operator and one of its facilitators, with another arrested in Japan.

The three arrests, which concluded with actions against a suspect last month, was made possible due to the intensive intelligence-sharing between the INTERPOL General Secretariat’s cybercrime directorate, national law enforcement in Indonesia, Japan and the United States and private sector partners including Cyber Defense Institute, Group-IB, Palo Alto Networks Unit 42 and Trend Micro, with added support from Cybertoolbelt.

The PaaS platform sold ‘phishing kits’ to hackers seeking to defraud Internet users through email scams where victims typically receive an email with a pdf file or link that redirects to a site requesting the victims’ credit card or other personally identifiable information. This information is then stolen and used to extract money from the victims.

Phishing is considered the most prevalent cyber threat in the world, and it is estimated that up to 90 per cent of data breaches are linked to successful phishing attacks, making it a major source of stolen credentials and information.

“Cyberattacks such as phishing may be borderless and virtual in nature, but their impact on victims is real and devastating.”
Bernardo Pillot, INTERPOL’s Assistant Director of Cybercrime Operations
“In recent years, we have seen an unprecedented increase in both the number of cyber threats and their sophistication, with attacks becoming more tailored as criminals aim for maximum impact, and maximum profit,” added Assistant Director Pillot.

Luxury vehicles

The PaaS platform was flagged by analysts in INTERPOL’s cybercrime division during an ongoing project researching cyber threats in the ASEAN region, supported by Japan’s National Police Agency.

Assisted with information from an array of private sector partners, the INTERPOL team was soon able to determine the identity and probable location of the platform’s administrator. As the platform’s registration indicated, he was based in Indonesia.

Because the platform’s servers were hosted by a company based in the United States, analysts liaised with the INTERPOL National Central Bureau in Washington and the Federal Bureau of Investigation to secure key information for Indonesian investigators.

The INTERPOL team compiled and dispatched a criminal intelligence report to the Indonesian National Police’s Directorate of Cyber Crimes, which allowed national law enforcement to arrest the administrator, a 21-year-old man, seizing electronic items and several luxury vehicles in the process.

Following the successful apprehension of the administrator, further information was shared between the National Police Agency of Japan and the Indonesian National Police resulting in the identification and arrest of two facilitators.

“Phishing isn’t a new phenomenon, but when the crime-ware is being offer widely on subscription and to automate phishing campaigns, it enables any person to leverage this type of service to launch a phishing attack with a few clicks,” said Brigadier General Adi Vivid Agustiadi Bachtiar, Director of the Indonesian National Police’s Cyber Crime Investigation.

“This operation is only successful as we work closely with various stakeholders from the law enforcement community as well as the private sectors, to uproot the root problem to stop the crime-ware being offered as a service and also stopping more people from falling victim to phishing attacks,” added Brigadier General Adi Vivid Agustiadi Bachtiar.

INTERPOL’s cybercrime directorate brings together cyber experts from law enforcement and industry to gather and analyze all available information on criminal activities in cyberspace to provide countries with coherent, actionable intelligence.

Resources:

More:

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

More ScamsNOW.com Articles

SCARS LINKS:   AgainstScams.org    RomanceScamsNOW.com    ContraEstafas.org    ScammerPhotos.com    Anyscam.com    ScamsNOW.com

reporting.AgainstScams.org    support.AgainstScams.org    membership.AgainstScams.org    donate.AgainstScams.org    shop.AgainstScams.org

youtube.AgainstScams.org    linkedin.AgainstScams.org    facebook.AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

Opinions

The opinions of the author are not necessarily those of the Society of Citizens Against Rleationship Scams Inc. The author is solely responsible for the content of their work. SCARS is protected under the Communications Decency Act (CDA) section 230 from liability.

Disclaimer:

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use

Legal Notices: 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

SCARS, SCARS|INTERNATIONAL, SCARS, SCARS|SUPPORT, SCARS, RSN, Romance Scams Now, SCARS|INTERNATION, SCARS|WORLDWIDE, SCARS|GLOBAL, SCARS, Society of Citizens Against Relationship Scams, Society of Citizens Against Romance Scams, SCARS|ANYSCAM, Project Anyscam, Anyscam, SCARS|GOFCH, GOFCH, SCARS|CHINA, SCARS|CDN, SCARS|UK, SCARS|LATINOAMERICA, SCARS|MEMBER, SCARS|VOLUNTEER, SCARS Cybercriminal Data Network, Cobalt Alert, Scam Victims Support Group, SCARS ANGELS, SCARS RANGERS, SCARS MARSHALLS, SCARS PARTNERS, are all trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the legal department for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org