Pakistan Telecommunication Authority (PTA) on Monday clarified that it had no role in assisting the United States' Federal Bureau of Investigation (FBI) and Dutch police in shutting down websites linked to the cybercrime network allegedly run by Pakistani national Saim Raza.

To questions from Samaa TV, a PTA spokesperson denied reports suggesting Pakistan’s role in blocking 39 websites affiliated with the network, emphasizing that the authority had not received any request from internal or external agencies in this regard.

"No internal or external agency contacted Pakistan for assistance in this matter," the PTA said, adding that the websites in question were not hosted on Pakistani servers.

The authority further stated that, while it continues to work on strengthening cybersecurity measures in the country, it had no involvement in the enforcement actions taken by the FBI and Dutch authorities.

According to the US Department of Justice, the FBI and Dutch police seized the websites as part of an operation targeting the 'HeartSender' network, which was allegedly engaged in selling cybercrime tools used for phishing, fraud, and hacking.

 Global crackdown on cybercrime

On February 1, US authorities confirmed that the FBI, in coordination with Dutch police, had taken down 39 websites and associated web servers linked to the network, which had been operating since at least 2020. The operation was launched after an investigation revealed that the network, allegedly run by Saim Raza alias ‘Heartsender,’ was involved in selling hacking and fraud-enabling tools to criminal groups worldwide.

According to US authorities, these tools were used to defraud individuals and businesses, causing financial losses of at least $3 million in the United States alone.

US Attorney General Nicholas J. Ganji underscored the impact of such cybercriminal activities, stating that, “Almost everyone has a friend or acquaintance who has been affected by this type of hacking. Not only businesses but ordinary individuals have suffered due to these fraudulent schemes.”

The crackdown on the Saim Raza network was part of a larger cybercrime investigation that originated in the Netherlands. Dutch police revealed that in 2022, their cybercrime team began investigating fraud-enabling software after discovering malicious tools on a suspect’s computer during an unrelated case.

The subsequent probe revealed that the ‘HeartSender’ network was responsible for distributing various cybercrime tools, including ‘scampanes,’ ‘senders,’ and ‘cookie grabbers.’ These tools allowed cybercriminals to send mass phishing emails, steal login credentials, and compromise financial transactions.

Authorities also found that the network was advertising its services on YouTube and providing instructional videos to facilitate their use. Data recovered from the seized websites included login credentials of approximately 100,000 users, potentially placing them at risk of identity theft and fraud.

Dutch authorities confirmed that several individuals who purchased these tools were under investigation in the Netherlands.

PTA’s cybersecurity measures

While distancing itself from the takedown, PTA reiterated its commitment to enhancing Pakistan’s cybersecurity infrastructure. The authority highlighted the establishment of the National Telecom Computer Emergency Response Team (NT-CERT), which monitors cyber threats, phishing emails, and online fraud.

PTA further stated that it actively collaborates with global platforms such as Google and Facebook to curb phishing websites and fraudulent online activities. 

Past Allegations Against ‘HeartSender’ Network
This is not the first time that the name of Saim Raza or his group has surfaced in cybercrime investigations.

Renowned cybersecurity journalist Brian Krebs has been reporting on the ‘HeartSender’ network and its alleged links to the cybercriminal group ‘D-Manipulators’ for nearly a decade. In a 2015 article, Krebs detailed how the group was operating “hundreds of websites” facilitating online fraud.