The Indonesian police revealed the details of a coordinated Interpol anti-skimming campaign dubbed ‘Operation Night Fury’ that resulted in the arrest of three Indonesian hackers allegedly responsible for a slew Magecart-like attacks aimed at stealing payment card data. The investigation was conducted with support from European and US cyberteams.
The suspects were arrested in last December in Jakarta and Yogyakarta and charged with data theft, fraud, and unauthorized access to computer systems. The hackers face up to 10 years in prison under article 363 of the Indonesian Criminal Code.
As with other Magecart attacks, the hackers compromised websites and injected JS sniffers in order to steal users’ payment card info. According to authorities, the suspects used the stolen data to buy electronic goods and other luxury items and tried to resell the them at a relatively cheap price or below the market price.
The Indonesian police reported that this group have compromised at least 12 (mostly European) e-commerce websites, but, according to cybersecurity firm Sanguine Security that has been tracking the group’s activity for several years, the trio is behind the credit card theft at more than 571 online stores.
The attribution of these attacks is based on the strange message in all of the skimming code.
“‘Success gan !’ translates to ‘Success bro’ in Indonesian and has been present for years on all of their skimming infrastructure”, the researchers said.
The experts said they have observed similar attacks linked to the same online infrastructure even after the arrests suggesting that there are more members of this group who are still at large.
“We found 27 stores that are still being skimmed using the same code. Several exfiltration servers are still actively collecting intercepted payments, notably the brazen magecart.net domain,” the firm said.