International law enforcement is hailing last week’s bust of LabHost, the world’s largest phishing-as-a-service platform, as a major victory in the war against cybercrime. In addition to multiple arrests, the Europol-co-ordinated investigation also unearthed the identities of around 10,000 users of the illegal site, many of whom are now already under police investigation.
The year-long investigation, led by the UK’s London Metropolitan Police, resulted in the arrest of 37 suspects worldwide following Europol-coordinated raids across 70 addresses worldwide. Partners in the investigation also included Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro.
“LabHost has become a significant tool for cybercriminals around the world. For a monthly subscription, the platform provided phishing kits, infrastructure for hosting pages, interactive functionality for directly engaging with victims, and campaign overview services,” says Europol.
LabHost offered users over 170 fake websites
With a monthly fee averaging $249, LabHost offered a range of illicit services that were customizable and could be deployed with just a few clicks. Depending on the subscription, criminals were provided an escalating scope of targets from financial institutions, postal delivery services, and telecommunication services providers, among others. Labhost offered a menu of over 170 fake websites providing convincing phishing pages for its users to choose from. The investigation uncovered at least 40.000 phishing domains linked to LabHost, which had some 10,000 users worldwide.
“Since creation, LabHost has received just under £1 million ($1,173,000) in payments from criminal users, many of whom met cyber-crime detectives have now been able to identify. Some have been arrested in this week’s activity, others are now the focus of the ongoing investigation and have been warned we’re now working to track them down,” says the London Metropolitan Police.
Work on rounding up users of the illicit site began almost immediately after the initial coordinated busts. Shortly after the platform was disrupted, 800 users received a message telling them the police knew who they were and what they’d been doing, how much they’d paid to LabHost, how many different sites they’d accessed, and how many lines of data they’d received.
