Three Indonesian hackers were arrested for Magecart attacks on e-commerce sites.
In a press release on Jan 24, 2020, Indonesian National Police and the Interpol together did mentioned that, they have arrested three Indonesian hackers for employing Magecart attacks to breach into number of e-commerce websites and stealing the payment card details of the buyers. The hackers were arrested on Dec 20th and the same was disclosed on Jan 25th via Interpol’s Twitter Account. The Associate of South Asia Nation (ASEAN) cyber wing orchestrated an operation called the ‘Night Fury’ to identify the hackers behind the e-commerce data breaches.
All the three hackers are pleading guilty for their multiple cyber crimes like phishing, data theft, money laundering, and more. In the case of e-commerce websites, the hackers had made use of the unpatched vulnerabilities in Magento and WordPress platforms to breach into the site and get away with their intended data. After breaching into the websites, they have employed the card skimming technique using web skimming or JS sniffer to fetch the payment card details from the shoppers.
The hackers were reported of hacking 12 e-commerce websites as per Indonesian National Police, however according to Sanguine Security it is reported that the hackers have involved themselves in hacking 571 sites in total.
Below is the tweet from Interpol’s Cyber cell,
The ‘success gan’ which means ‘success bro’ in Indonesian is found in many infrastructure for years.
The hackers have used those stolen payment card details to purchase expensive goods and also tried to resell them for cheaper rates through certain local websites.
Interpol have confirmed that there are more sophisticated individuals in Indonesia who are practising the web skimming apart from the arrested hackers, because they have received traces of skimming even when the three hackers were under custody. It is also to be noted that two days before a Russian Hacker pleaded guilty for his cybercrimes.