Police take down massive fraud website LabHost

Illustration of a cybercriminal using a computer.

Seksan Mongkhonkhamsao | Instant | Getty Images

A huge scam website used by thousands of criminals to trick people into providing personal information such as email addresses, passwords and banking details has been infiltrated by international police.

Britain’s Metropolitan Police said in a statement Thursday that the website, called LabHost, had been used by 2,000 criminals to steal users’ personal information.

Police have so far identified just under 70,000 UK victims who entered their details into one of LabHost’s websites. A total of 37 suspects have been arrested so far, according to the Metropolitan Police.

Police also disrupted LabHost’s websites and replaced information on its pages with a message indicating that law enforcement had seized the services.

LabHost obtained 480,000 credit card numbers, 64,000 PIN codes, as well as more than a million passwords used for websites and other online services, the Metropolitan Police said.

The Metropolitan Police said up to 25,000 victims in the UK had been contacted by police to inform them their data had been compromised.

Who is LabHost?

Police say LabHost was created in 2021 by a criminal cyber network that sought to extract personally identifiable information, such as banking details and passwords, from victims by creating fake websites.

Criminals were able to use it to exploit their victims through existing sites or create new websites imitating those of trusted brands, including banks, healthcare providers and postal services.

“Online fraudsters believe they can act with impunity,” Dame Lynne Owens, assistant commissioner of the Metropolitan Police Service, said in a statement on Thursday.

“They believe they can hide behind digital identities and platforms like LabHost and are absolutely convinced that these sites are impenetrable by the police.”

Owens added that the operation showed “how law enforcement agencies around the world can, and will, come together with each other and private sector partners to dismantle international fraud networks at the source.”

Private companies, including blockchain analytics firm Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro, worked with police to identify and bring down LabHost.

The investigation began in June 2022 after police received intelligence about LabHost’s activities from the Cyber ​​Defense Alliance, an intelligence-sharing alliance between banks and law enforcement.

The Met’s cybercrime unit subsequently joined forces with the National Crime Agency, City of London Police, Europol, regional authorities across the UK, as well as other international police forces to act.

Change Healthcare's $22 million ransom may have been intercepted on the dark web


Back to top button