Illustration of a cybercriminal using a computer.
Seksan Mongkhonkhamsao | moment | Getty Images
A huge scam website used by thousands of criminals to trick people into handing over personal details such as email addresses, passwords and banking details has been infiltrated by international police.
Britain's Metropolitan Police said in a statement on Thursday that the website, called LabHost, was used by 2,000 criminals to steal personal information from users.
Police have so far identified almost 70,000 individual British victims who entered their details on one of LabHost's websites. According to the Metropolitan Police, a total of 37 suspects have been arrested so far.
Police also took down LabHost's websites and replaced the information on its pages with a message that law enforcement had seized the services.
According to the Metropolitan Police, LabHost obtained 480,000 credit card numbers, 64,000 PIN codes and more than 1 million passwords used for websites and other online services.
The Metropolitan Police said up to 25,000 victims in the UK were contacted by police to inform them that their data had been compromised.
Who is LabHost?
According to police, LabHost was founded in 2021 by a criminal cyber network that sought to extract important personal information such as banking details and passwords from victims by creating fake websites.
This allowed criminals to exploit victims through existing websites or create new websites that mimic those of trusted brands, including banks, healthcare providers and postal services.
“Online fraudsters believe they can operate with impunity,” Dame Lynne Owens, assistant commissioner of the Metropolitan Police Service, said in a statement on Thursday.
“They believe they can hide behind digital identities and platforms like LabHost and have absolute confidence that these sites are impenetrable to police.”
Owens added that the operation demonstrated “how law enforcement agencies worldwide can and will work with each other and with private sector partners to dismantle international fraud networks at the source.”
Private companies, including blockchain analytics firm Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation and Trend Micro, worked with police to identify and take down LabHost.
The investigation began in June 2022 after police received information about LabHost's activities from the Cyber Defense Alliance, an information-sharing alliance between banks and law enforcement agencies.
The Met's Cyber Crime Unit then joined forces with the National Crime Agency, City of London Police, Europol, regional UK authorities as well as other international police forces to take action.
