- In a joint investigation led by authorities from 19 countries, a notorious platform called LabHost has been disrupted
- The platform, set up in 2021, was known for selling phishing kits to cyber criminals
- Arrests have already been made – 4 in the UK and 5 in Australia and Holland each – but some are still absconding.
A joint operation led by law enforcers from 19 countries was successful in shutting down an online platform called LabHost that sold phishing kits to cyber criminals.
According to official reports, LabHost was set up in 2021 in Canada. The company first started offering phishing services to criminals in North America before moving to the UK and Ireland followed by other countries.
Its subscriptions came in three tiers:
- The basic plan was priced at $179/month. It offered 3 active phishing pages + a dozen other pages targeting Canadian organizations.
- The premium plan is priced at $249/month, which comes with the same benefits + a dozen other pages targeting US organizations.
- The most expensive plan priced at $300/month, offered 70 phishing pages targeting organizations across 30 countries.
The worst part is these services were customizable. One could request custom pages that mimic existing companies to trick the users. And the tools were so simple to use, that anyone could deploy them with just a few clicks.
Speaking of the products, the phishing kits basically consisted of tools that helped the hackers create fake websites to lure people into divulging their email addresses, passwords, and other confidential information.
Apart from phishing tools, LabHost offered a host of illegal services. Depending on your subscription, you could choose your targets such as financial institutions, telecommunication services providers, and postal delivery services.
Another popular tool among hackers was LabRat – it helped those criminals keep an eye on their phishing attacks and control them in real time. And it was so advanced that security measures like 2-factor authentication could do nothing to stop it.
As a result of its extensive services, it was very popular among hackers. More than 2,000 cybercriminals have used the platform at least once.
Some Shocking Numbers
- During the investigation, more than 40,000 phishing domains were discovered that already had 10,000 active users.
- So far, it’s been found that more than 70,000 victims have entered their information into a LabHost website. Out of this, only 25,000 have been identified and informed.
- Also, over the course of the past 3 years, LabHost has managed to obtain 1 million passwords, 480,000 bank card numbers, and 64,000 PIN numbers.
- And for all this work, the platform earned a little under £1 million ($1,173,000) from its customers (i.e. hackers).
More about the Operation
LabHost first came under the radar after authorities received a tip from a non-profit for finance organizations called Cyber Defence Alliance.
Following this, an investigation group was formed which consisted of:
- The National Crime Agency (NCA)
- London Police
- Europol
- Regional Organised Crime Units, and
- The Met’s Cyber Crime Unit
Private companies like Microsoft, TrendMicro, and Chainalaysts also joined the investigation along with the Shadowserver Foundation.
Arrests Made
During the investigation, over 70 addresses were searched which finally led to the arrest of 37 people worldwide.
- Out of these, 4 arrests were made in the UK, including the site‘s original developer.
- The Australian wing of the operation that’s codenamed Operation Nebulae also arrested 5 people (out of 100) and more than 200 servers supporting LabHost’s websites were taken down.
- The police in Holland also searched 6 homes, made 5 arrests, and seized 100 SIM cards and 5 firearms.
Adrian Searle, director of the National Economic Crime Centre at the NCA shared his take and said fraud is a terrible crime that not only affects the victims financially and emotionally but it also sabotages the trust we have in online services.
He further added that this operation was just a demo to show that the UK has the capability to catch and destroy those trying to disrupt the law and order here at such a massive scale.
A spokesperson from Cyber Defence Alliance added to it and said that they will continue to collaborate with the authorities, keep disrupting such internal crime platforms, and protect people from falling victim to online scams.
However, the story doesn’t end here. Law enforcement authorities are still working on nabbing the rest of the criminals who are absconding.
Share 
Krishi Chowdhary Journalist 
Question & Answers (0)