• DOJ says group known by moniker ‘The Manipulaters’ operated online marketplace for software used in financial crimes
• Law enforcement estimates network caused over $3bn in financial losses in US alone

WASHINGTON: In a major international crackdown, US and Dutch authorities claimed to have dismantled a Pakistan-based cybercrime network accused of selling hacking tools and fraud-enabling services to criminals worldwide.

The US Department of Justice (DOJ) identified the network as HeartSender, allegedly led by an individual known as Saim Raza. While the DOJ did not disclose personal details about Raza or his whereabouts, it stated that the network operated online marketplaces for over a decade, facilitating phishing, malware distribution, and large-scale financial fraud.

As part of Operation Heart Blocker, law enforcement agencies seized 39 domains and associated servers used by the network. The DOJ estimated that these platforms caused financial losses exceeding $3 million in the US alone.

“These scams not only target businesses but individuals as well, causing significant hardship to the victims,” said US Attorney Nicholas J. Ganjei. “Even though these individuals operate from abroad, their websites made it easy to distribute malicious hacking tools for a fee. However, today we have significantly disrupted their ability to harm others.”

The group created and sold phishing kits — software designed to mimic legitimate login pages for platforms like Microsoft 365, Yahoo, AOL, Intuit, iCloud, and others. These fake pages tricked victims into entering their usernames and passwords, which were then stolen and sold on underground markets.

Their flagship service, HeartSender, was an advanced spam delivery system that enabled criminals to send mass phishing emails while bypassing security filters. The software was available both as a web-based platform and as a downloadable Windows executable.

On Friday, search results for the website heartsender.com return the message: ‘This website has been seized’, alongside a DOJ notice.

Modus operandi

According to the DOJ, Raza not only sold hacking tools but also trained criminals in their use. The group provided instructional videos on YouTube, demonstrating phishing techniques and methods to evade detection. Their tools were marketed as “fully undetectable” by anti-spam and security software.

The network specialised in business email compromise (BEC) schemes, tricking companies into transferring funds to fraudulent accounts. Stolen user credentials were then used to commit further financial fraud.

Dutch authorities, who played a key role in the operation, have launched a website where individuals can check if their email credentials were compromised. Officials have warned that stolen email addresses could be exploited to target both victims and their contacts.

As part of a parallel investigation under Operation Talent, two suspects were arrested in Spain, and law enforcement seized 17 servers and 12 domains linked to cybercrime platforms, including Cracked.io, Cr acked.to, and Nulled.to. These forums had hosted millions of ads selling hacking tools. The FBI Houston Field Office is leading the investigation, with support from Dutch authorities. The DOJ acknowledged the critical role played by international partners in dismantling the network.

Who is Saim Raza?

Raza is the central figure behind The Manipulaters, a Pakistan-based cybercrime group said to be engaged in phishing and spam operations for over a decade. Under various brand names —including Fudtools, Fudpage, Fudsender, and FudCo — he specialised in selling tools designed to evade cybersecurity detection.

The term “FUD” stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances.

Despite previous claims of reform, The Manipulaters continued their illicit activities, attracting legal scrutiny. In January 2024, Raza contacted journalist Brian Krebs, pleading for the removal of past reports on his operations.

He claimed to have “left everything” and disclosed that Pakistani authorities had filed a police report against him. In his message, he alleged that law enforcement was primarily seeking bribes.

Raza later claimed to have left Pakistan, though the credibility of this statement remains uncertain.

Published in Dawn, February 1st, 2025