Indonesian authorities have dismantled a sophisticated international cybercrime operation involving the sale of phishing tools, leading to the arrest of a young couple accused of running the scheme. The case highlights the growing scale of transnational digital crime and the increasing collaboration between global law enforcement agencies.
The operation was uncovered by Indonesia’s National Police Criminal Investigation Agency (Bareskrim Polri) in coordination with the United States’ Federal Bureau of Investigation (FBI). Investigators tracked the suspects to Kupang, a city in East Nusa Tenggara province, where both individuals were apprehended after an extensive cyber investigation.
Authorities identified the suspects by their initials, GWL (24) and FYT (25), who were not only criminal partners but also romantically involved. GWL is believed to be the mastermind behind the operation, responsible for designing and developing phishing tools used to conduct online fraud. Despite having only a vocational high school background in multimedia, he reportedly taught himself how to create sophisticated hacking scripts.
According to investigators, GWL began developing these tools as early as 2017 and started selling them commercially in 2018. He operated several websites to market his products, offering phishing kits capable of bypassing advanced security systems, including multi-factor authentication. These tools were sold to buyers across multiple countries, making the operation truly global in scope.
FYT played a crucial supporting role in the operation by managing its financial side. She handled payments from buyers, which were primarily conducted through cryptocurrency to obscure transaction trails. After receiving funds via crypto payment gateways, she converted them into Indonesian rupiah and withdrew the money through personal bank accounts. This system allowed the pair to maintain a steady flow of illicit income while minimizing detection risks.
The scale of the operation was significant. Authorities revealed that more than 2,400 buyers from various countries had purchased the phishing tools between 2019 and 2024. These tools were then used in cyberattacks affecting tens of thousands of victims worldwide. Investigators identified approximately 34,000 potential victims, with around half confirmed to have been successfully targeted.
The financial damage caused by the scheme is estimated to be enormous. Law enforcement officials reported global losses of up to $20 million, or roughly Rp 350 billion. Meanwhile, the suspects themselves are believed to have earned around Rp 25 billion from their illegal activities over several years.
The investigation also revealed that the couple relied on overseas infrastructure to support their operation. They used virtual private servers (VPS) located in countries such as Dubai and Moldova to host their platforms and manage transactions. This cross-border setup made the network more difficult to trace and underscored the complexity of modern cybercrime operations.
Law enforcement officials emphasized that the success of this case was due to strong international cooperation, particularly with the FBI. The joint effort enabled investigators to track digital footprints, identify transaction patterns, and ultimately locate the suspects despite the use of anonymizing technologies.
Both suspects are now in custody and face serious charges under Indonesian law. They could receive lengthy prison sentences and substantial fines if convicted. Authorities have also indicated that further investigations are ongoing, including efforts to identify additional suspects and recover assets linked to the operation.
This case serves as a stark reminder of the evolving nature of cybercrime, where individuals with relatively modest technical backgrounds can build global criminal enterprises using digital tools. It also underscores the importance of international collaboration in tackling cyber threats that transcend national borders.
