The Metropolitan Police Service’s (MPS) has compromised a sizable fraud website that hundreds of offenders use to fool victims into giving up personal information like email addresses, passwords, and bank account information.
TakeAway Points:
- In a statement released on Thursday, the British Metropolitan Police said that 2,000 thieves had stolen personal information from users of the LabHost website.
- Police located slightly under 70,000 distinct victims in the United Kingdom who provided personal information on one of LabHost’s websites.
- The websites of LabHost were taken down and replaced with a notice claiming that the services had been taken over by police enforcement.
LabHost Website Exposed
The website LabHost was exploited by 2,000 offenders to steal the personal information of users, according to a statement released by the British Metropolitan Police on Thursday.
So far, authorities have located slightly under 70,000 distinct victims in the United Kingdom who supplied their personal information on one of LabHost’s websites. The Metropolitan Police report that 37 people have been taken into custody thus far.
Additionally, police have interfered with LabHost’s website, replacing content with a notice claiming that the services have been taken over by law enforcement.
According to the Metropolitan Police, LabHost acquired almost 1 million passwords for websites and other online services, along with 480,000 credit card information and 64,000 PIN codes.
According to the Metropolitan Police, police have notified up to 25,000 people in the United Kingdom that their data has been hacked.
About the LabHost
Law enforcement from 19 countries took part in the operation to “severely disrupt one of the world’s largest phishing-as-a-service platform”.
According to the police, LabHost was founded in 2021 by a criminal cyber network that used phoney websites to trick people into giving up important personally identifiable information, like bank account information and passwords.
With it, thieves could take advantage of victims via already-existing websites or build new ones that looked like reputable companies like postal services, banks, and healthcare institutions.
The operation to “severely disrupt one of the world’s major phishing-as-a-service platforms” involved 19 different nations’ law enforcement agencies.
Arrest of Suspects
A total of 37 suspects were detained by international law enforcement agencies and UK law enforcement between Sunday, April 14, and Wednesday, April 15.
This included arrests at both Manchester and Luton airports, as well as in Essex and London. Both in the UK and across the world, more than 70 addresses were searched.
On Wednesday, LabHost and its linked fraudulent sites were disrupted, and existing information was replaced with a message stating law enforcement had seized the services.
“Online fraudsters think they can act with impunity,” Dame Lynne Owens, deputy commissioner of the Metropolitan Police Service, said in a statement Thursday.
“They believe they can hide behind digital identities and platforms such as LabHost and have absolute confidence that these sites are impenetrable by policing.”
The Investigation of LabHost
According to Owens, the investigation demonstrated “how law enforcement worldwide can, and will, come together with partners in the business sector to dismantle transnational fraud networks at source.”
In collaboration with law enforcement, private enterprises including Trend Micro, Intel 471, Microsoft, The Shadowserver Foundation, and Chainalysis—a blockchain analysis firm—identified and took down LabHost.
Following information regarding LabHost’s operations from the Cyber Defence Alliance—a coalition of banks and law enforcement agencies that share intelligence—police launched an inquiry in June 2022.
After that, the Met’s Cyber Crime Unit teamed up to take action with the National Crime Agency, City of London Police, Europol, local U.K. authorities, and other foreign law enforcement agencies.