US, Dutch forces dismantle major Pakistan-based cybercrime network

A joint operation by the U.S. and Dutch authorities has shut down 39 domains linked to a cybercrime network based in Pakistan. The operation targeted sites run by Saim Raza, known as "HeartSender," whose tools have caused over $3 million in U.S. losses since 2020, according to U.S. Attorney Nicholas Ganjei.

"Even though these people reside abroad, the use of these websites made it easy for them to spread their malicious hacking tools for a fee," Ganjei said. "However, today we have significantly disrupted their ability to harm others."

The operation, which Dutch police say began after they discovered suspicious software during an unrelated 2022 investigation, targeted websites selling tools called "ScamPens," "Senders," and "Cookie Grabbers." These tools were marketed as "fully undetectable" by security software and came with tutorial videos to make them accessible to non-technical users.

Investigators found approximately 100,000 compromised usernames and passwords during the operation, Dutch police said. The tools were primarily used in business email compromise schemes, where criminals trick companies into sending money to accounts they control.

The group, also known as "DomainManipulators," operated what Dutch police described as criminal web shops. These online stores were advertised on YouTube, making sophisticated cyber fraud tools available to anyone willing to pay.

According to Brian Krebs, a former U.S. journalist and digital security expert who has been tracking the network for over a decade, the group has been operating hundreds of websites selling fraud tools since at least 2015.

Customers also under investigation

Dutch authorities said their investigation extends beyond the network itself to include customers who purchased these tools, including Dutch citizens. The tools enabled criminals to send mass fraudulent emails and steal login credentials from victims.

The operation highlighted the increasingly sophisticated nature of cybercrime marketplaces. The network didn't just sell tools; it provided comprehensive support, including video tutorials that showed customers how to use the fraudulent software effectively.

The case is being prosecuted by Assistant U.S. Attorney Rodolfo Ramirez and Trial Attorney Gaelin Bernstein, with the FBI's Houston office leading the ongoing investigation.