PTA clarified its position regarding reports suggesting that it assisted the United States’ FBI and Dutch police in shutting down websites linked to a cybercrime network allegedly run by Pakistani national Saim Raza. Responding to inquiries from Samaa TV, a PTA spokesperson firmly denied these claims, stressing that Pakistan had not played any role in the takedown of the 39 websites associated with the network.
“No internal or external agency contacted Pakistan for assistance in this matter.”
PTA spokesperson said in an official announcement. The authority further emphasized that the websites involved were not hosted on servers within Pakistan. PTA also stated that it had no involvement in the enforcement actions taken by the FBI and Dutch authorities, although it continues to work on improving cybersecurity measures within the country.
The U.S. Department of Justice had previously reported that the FBI, in coordination with Dutch police, seized the websites on February 1 as part of an operation targeting the ‘HeartSender’ network. This network was allegedly run by Saim Raza, also known as ‘Heartsender,’ and was accused of selling cybercrime tools that facilitated phishing, fraud, and hacking. These tools were reportedly used by criminal groups around the world, leading to significant financial losses, with the United States alone suffering losses totaling at least $3 million.
US Attorney General Nicholas J. Ganji remarked on the far-reaching consequences of such cybercrimes, noting, “Almost everyone has a friend or acquaintance who has been affected by this type of hacking. Not only businesses but ordinary individuals have suffered due to these fraudulent schemes.”
The crackdown on the ‘HeartSender’ network originated from the Netherlands, where Dutch police had been investigating fraud-enabling software since 2022. The investigation began when malicious tools were discovered on a suspect’s computer during an unrelated case. As the probe deepened, it was revealed that the ‘HeartSender’ network had been distributing various cybercrime tools, including ‘scampanes,’ ‘senders,’ and ‘cookie grabbers.’ These tools allowed cybercriminals to conduct mass phishing campaigns, steal login credentials, and compromise financial transactions.
Dutch authorities also discovered that the network had been promoting its services on YouTube, with instructional videos provided to facilitate the use of its malicious tools. Data recovered from the seized websites included login credentials of around 100,000 users, potentially exposing them to identity theft and fraud. Several individuals who had purchased these tools were also under investigation in the Netherlands.
Although PTA distanced itself from the takedown operation, it reiterated its commitment to improving cybersecurity in Pakistan. The authority pointed out the establishment of the National Telecom Computer Emergency Response Team (NT-CERT), which is responsible for monitoring cyber threats, phishing emails, and online fraud. PTA also stated that it collaborates actively with global platforms such as Google and Facebook to address phishing websites and combat fraudulent online activities.
The ‘HeartSender’ network and its alleged leader, Saim Raza, have been subjects of cybercrime investigations for some time. Cybersecurity journalist Brian Krebs has reported extensively on the activities of Raza and his group, ‘The Manipulators,’ a cybercrime organization involved in phishing and spam operations for over a decade. In a 2015 article, Krebs reported that the group was operating “hundreds of websites” designed to facilitate online fraud.
Saim Raza, who is considered the mastermind behind ‘The Manipulators,’ has operated under various aliases, including Fudtools, Fudpage, Fudsender, and FudCo. He specialized in selling hacking tools designed to bypass cybersecurity measures such as antivirus software and anti-spam systems. The term “FUD” (Fully Un-Detectable) refers to cybercrime resources that are designed to evade detection by security software.
Despite claims of having reformed in the past, Raza and his group continued their illegal activities, which eventually attracted legal scrutiny. In January 2024, Raza reportedly reached out to Brian Krebs, requesting the removal of past reports about his operations. He claimed that he had abandoned cybercrime and revealed that Pakistani authorities had filed a police case against him. Raza suggested that the case was primarily an attempt to extort a bribe from him. He later stated that he had left Pakistan, though the authenticity of this claim remains uncertain.
