Dutch National Police takes down criminal marketplace HeartSender

With the help of the US Department of Justice and the FBI, the Dutch National Police has seized multiple servers belonging to illicit marketplace HeartSender.
HeartSender wasn’t a single illegal marketplace, but consisted of several criminal online web shops that sold tools that facilitated digital fraud, such as ‘Senders’, ‘Scampages’, and ‘Cookie grabbers’. These shops were individually promoted via YouTube and other online channels.
The tools these web shops sold were used by hackers to send large amounts of spam and phishing emails to unsuspecting and gullible victims in order to steal their login credentials. In addition, cybercriminals could also buy access to hacked infrastructure in these web shops, including cPanels, smpt-servers, and WordPress accounts.
According to the American and Dutch authorities, the developers and administrators responsible for HeartSender had thousands of customers worldwide.
The Cybercrime Team of the Dutch National Police launched an investigation into the group in 2022, after phishing software was found on the computer of a suspect in another case. US authorities were already investigating this group. The US Department of Justice, the FBI, and the Dutch National Police joined forces, which led to ‘Operation Heart Blocker’.
During Operation Heart Blocker, 39 servers and several domains were seized. In addition, police officers confiscated numerous datasets containing data of millions of victims worldwide, including sensitive information from over 100,000 Dutch citizens. The datasets included usernames and passwords that may have been misused by hackers.
The Dutch Cybercrime Team is tracking a number of buyers of the scamming tools. Presumably, these buyers include Dutch nationals. Although numerous servers and domains have been seized, the investigation into the makers and buyers of the phishing software isn’t yet completed.
HeartSender was considered the illicit online marketplace to go to for starting cybercriminals and so-called ‘script kiddies’. “You no longer had to be the smartest in the class and be able to program, you could simply buy software there to commit crimes,” Anouk Bonekamp explains to Dutch news outlet NOS.
HeartSender was accessible through the regular web and even had a professional customer service. “You could consider it as a real company,” Bonekamp adds.
Your email address will not be published. Required fields are marked