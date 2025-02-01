E-Paper | February 01, 2025

US-Dutch action targets ‘Pakistani’ cybercrime outfit

Anwar Iqbal Published February 1, 2025 Updated February 1, 2025 05:28am

• DOJ says group known by moniker ‘The Manipulaters’ operated online marketplace for software used in financial crimes
• Law enforcement estimates network caused over $3bn in financial losses in US alone

WASHINGTON: In a major international crackdown, US and Dutch authorities claimed to have dismantled a Pakistan-based cybercrime network accused of selling hacking tools and fraud-enabling services to criminals worldwide.

The US Department of Justice (DOJ) identified the network as HeartSender, allegedly led by an individual known as Saim Raza. While the DOJ did not disclose personal details about Raza or his whereabouts, it stated that the network operated online marketplaces for over a decade, facilitating phishing, malware distribution, and large-scale financial fraud.

As part of Operation Heart Blocker, law enforcement agencies seized 39 domains and associated servers used by the network. The DOJ estimated that these platforms caused financial losses exceeding $3 million in the US alone.

“These scams not only target businesses but individuals as well, causing significant hardship to the victims,” said US Attorney Nicholas J. Ganjei. “Even though these individuals operate from abroad, their websites made it easy to distribute malicious hacking tools for a fee. However, today we have significantly disrupted their ability to harm others.”

The group created and sold phishing kits — software designed to mimic legitimate login pages for platforms like Microsoft 365, Yahoo, AOL, Intuit, iCloud, and others. These fake pages tricked victims into entering their usernames and passwords, which were then stolen and sold on underground markets.

Their flagship service, HeartSender, was an advanced spam delivery system that enabled criminals to send mass phishing emails while bypassing security filters. The software was available both as a web-based platform and as a downloadable Windows executable.

On Friday, search results for the website heartsender.com return the message: ‘This website has been seized’, alongside a DOJ notice.

Modus operandi

According to the DOJ, Raza not only sold hacking tools but also trained criminals in their use. The group provided instructional videos on YouTube, demonstrating phishing techniques and methods to evade detection. Their tools were marketed as “fully undetectable” by anti-spam and security software.

The network specialised in business email compromise (BEC) schemes, tricking companies into transferring funds to fraudulent accounts. Stolen user credentials were then used to commit further financial fraud.

Dutch authorities, who played a key role in the operation, have launched a website where individuals can check if their email credentials were compromised. Officials have warned that stolen email addresses could be exploited to target both victims and their contacts.

As part of a parallel investigation under Operation Talent, two suspects were arrested in Spain, and law enforcement seized 17 servers and 12 domains linked to cybercrime platforms, including Cracked.io, Cr acked.to, and Nulled.to. These forums had hosted millions of ads selling hacking tools. The FBI Houston Field Office is leading the investigation, with support from Dutch authorities. The DOJ acknowledged the critical role played by international partners in dismantling the network.

Who is Saim Raza?

Raza is the central figure behind The Manipulaters, a Pakistan-based cybercrime group said to be engaged in phishing and spam operations for over a decade. Under various brand names —including Fudtools, Fudpage, Fudsender, and FudCo — he specialised in selling tools designed to evade cybersecurity detection.

The term “FUD” stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

Despite previous claims of reform, The Manipulaters continued their illicit activities, attracting legal scrutiny. In January 2024, Raza contacted journalist Brian Krebs, pleading for the removal of past reports on his operations.

He claimed to have “left everything” and disclosed that Pakistani authorities had filed a police report against him. In his message, he alleged that law enforcement was primarily seeking bribes.

Raza later claimed to have left Pakistan, though the credibility of this statement remains uncertain.

Published in Dawn, February 1st, 2025

World

Read more

On DawnNews
Dawn News English

Dear visitor, the comments section is undergoing an overhaul and will return soon.

Comments
500 characters
COMMENT MOD POLICY

Latest Stories

dawn images site

Most Popular

01
02
03
04
05
06
07
08
09

Must Read

Opinion

Editorial

Counterterrorism ops
Updated 01 Feb, 2025

Counterterrorism ops

It must also maintain diplomatic pressure on the Afghan Taliban to ensure their soil is not used by anti-Pakistan actors.
Peca protests
01 Feb, 2025

Peca protests

DESPITE the immense pressures they routinely face, Pakistani journalists have always cherished and jealously...
Additional spectrum
01 Feb, 2025

Additional spectrum

PAKISTAN’S mobile operators need more spectrum, the radio waves that carry voice calls and wireless data, as their...
Cost of control
Updated 31 Jan, 2025

Cost of control

Islamabad cannot expect to get away with violating the commitments it has made to foreign partners.
Deep shock
31 Jan, 2025

Deep shock

THE AI wars have begun. For years, America sought to hold China back when it hindered access to its semiconductors,...
Provincial AIT laws
31 Jan, 2025

Provincial AIT laws

HARMONISING the provincial agriculture income tax regimes with federal personal and corporate income tax rates is ...