Interpol covers a cybercrime platform with 70 thousand clients

[Carding]

The largest platform for the sale of professional phishing tools has ceased to exist.

The international police organization Interpol recently conducted a global operation to eliminate PhaaS, a popular platform among cybercriminals called "16shop", which has been operating on the darknet for about six years.

During the operation, a 21-year-old Indonesian man was arrested, accused of administering the platform, as well as two other persons involved in its work — one also lived in Indonesia, and the other in Japan. The police confiscated electronic devices and a number of luxury items belonging to the suspects, and the operation of the platform itself was disrupted.

According to Group-IB, a company also involved in the operation, 16shop hacking tools have been distributed on underground forums since November 2017 and have been sold to more than 70,000 users in 43 countries. These tools helped fraudsters to deceive Internet users with phishing emails and steal their personal or bank data for subsequent theft of funds.

Phishing kits were designed to steal the credentials and payment details of users of popular services such as Apple, PayPal, American Express, Amazon, and Cash App. Many of them were sold at a relatively modest price — from $ 60 to $ 150, depending on the target brand. For example, a kit for Amazon was almost $ 90 cheaper than for American Express.

According to Group-IB, more than 150,000 phishing domains were created using 16shop tools. The platform's customers attacked users in Germany, Japan, France, the United States, the United Kingdom, Thailand, and other countries. Although the suspects lived in Asia, 16shop's servers were hosted by a US-based company.

Tools such as "phishing as a service" are particularly dangerous because they allow you to automate cyber attacks, allowing anyone to launch a phishing attack in a few clicks, Interpol notes.

Even cybercriminals with basic hacking and programming skills can deploy phishing pages quickly and in large numbers using tools such as those that could be purchased in 16shop, Group-IB experts emphasize.

 

[nomorelies]

Not very famous shop,at least i did not even knew that shop

 

[Carding]

Farewell, 16shop: Interpol has liquidated the popular darknet platform and is closely interested in its participants

The 16shop phishing service closed by Interpol has changed owners more than once in its six-year history. This conclusion was made by independent Western journalist Brian Krebs, after analyzing the data associated with this site.

“The wording proposed by Interpol that the resource was selling hacking tools does not quite reflect the essence of 16shop. It was a fully automated phishing platform that provided thousands of its customers with brand-specific phishing kits and the necessary domain names to host phishing pages and obtain stolen credentials,” Krebs stated.

The journalist noted that the names of the suspects were not mentioned in the statement of Interpol about the liquidation of the resource. However, a number of cybersecurity companies, including Akamai, McAfee, and ZeroFox, have previously associated the service with a young Indonesian named Riswanda Noor Saputra, who once sold 16shop, writing under the nickname Devilscream. According to one of the Indonesian IB blogs, Saputra admitted that he was the administrator of 16shop, but has not been related to the project since the beginning of 2020.

Despite this, Devilscream was arrested in late 2021 by Indonesian police as part of a joint investigation by Interpol and the US Federal Bureau of Investigation (FBI). However, researchers who have monitored 16shop since its inception believe that Devilscream was not the original owner of the phishing platform and most likely will not be the last.

“A search in Constella Intelligence for the domain name 16shop reveals that in mid-2022, the chief administrator of the phishing service infected his Microsoft Windows desktop computer with the Redline stealer, apparently by downloading a hacked copy of Adobe Photoshop. Redline steals a lot of data from the victim's computer, including a list of recent downloads, saved passwords and cookies, as well as browser bookmarks and autofill data. These records show that the 16Shop administrator used the pseudonyms Rudi and Rizki or Rizky, and maintained several Facebook profiles under these pseudonyms,” Krebs wrote.

This user's full name (or at least part of it) is Rizky Mauluna Sidik. He lives in Bandung in West Java (Indonesia). One of the user's Facebook pages states that Rizky is the CEO and founder of BandungXploiter, whose Facebook page lists the group as a website hacker.

The liquidation of the 16shop infrastructure became known in the first half of August 2023. A 21-year-old platform operator from Indonesia was also arrested then, as well as two of his accomplices, one of whom was in Japan. According to Interpol, as a result of the work of 16shop, the data of at least 70,000 people from 43 countries were compromised.