Three men have been arrested in Indonesia in a region-wide crackdown on gangs using the infamous Magecart digital skimming code, according to Interpol.
The law enforcement organization worked with private sector partner Group-IB to identify and analyze hundreds of e-commerce websites around the world infected with the malicious JavaScript.
Its Operation Night Fury saw Interpol’s central ASEAN Cyber Capability Desk send reports to police in the affected countries, including six in southeast Asia.
One of these was Indonesia, where three men were arrested on suspicion of running Magecart C&C servers there.
According to Interpol, the suspects are thought to have been using the stolen card details to buy luxury goods and electronics and then resell them to launder their profits.
Singaporean police have also been able to disable two further C&C servers following intelligence gleaned from the operation, while investigations in other ASEAN countries are ongoing, Interpol said.
“Strong and effective partnerships between police and the cybersecurity industry are essential to ensure law enforcement worldwide has access to the information they need to address the scale and complexity of today’s cyber threat landscape,” said Interpol director of cybercrime, Craig Jones.
“This successful operation is just one example of how law enforcement is working with industry partners, adapting and applying new technologies to aid investigations, and ultimately reduce the global impact of cybercrime.”
This could well be the first time Magecart hackers have been arrested by police. Digital skimming code is now used by multiple groups around the world, making it harder for police to tackle.
The news comes just weeks after Interpol celebrated another win: a public-private partnership with Trend Micro led to the identification of over 20,000 routers in southeast Asia infected with crypto-mining malware.
Thanks to Operation Goldfish Alpha, police managed to reduce this number by 78% and efforts are continuing to identify the remaining compromised devices.