Illustration of a cybercriminal using a computer.
Seksan Mongkhunkhamsaw | moment | Getty Images
Interpol has hacked a massive scam website used by thousands of criminals to trick people into handing over personal information such as email addresses, passwords and banking details.
The site, called LabHost, was used by 2,000 criminals to steal users' personal details, the British Metropolitan Police said in a statement on Thursday.
Police have so far identified just under 70,000 victims from individuals in the UK who entered their details on a website linked to LabHost. 37 suspects have been arrested so far, according to the Metropolitan Police.
The police also disabled those sites and replaced the information on their pages with a message stating that law enforcement authorities had confiscated the services.
The Metropolitan Police said LabHost obtained 480,000 credit card numbers, 64,000 PIN codes, as well as more than a million passwords used for websites and other online services.
The Metropolitan Police said police had contacted up to 25,000 victims in the UK to inform them that their data had been compromised.
What is LabHost?
Police say LabHost was created in 2021 by a criminal cyber network that sought to trick victims into obtaining key personally identifiable information, such as banking details and passwords, by creating fake websites.
Criminals have been able to use it to exploit victims through existing websites, or create new websites that mimic those of trusted brands including banks, healthcare providers and postal services.
“Online fraudsters believe they can act with impunity,” Dame Lyn Owens, deputy commissioner of the Metropolitan Police, said in a statement on Thursday.
“They believe they can hide behind digital identities and platforms like LabHost, and have absolute confidence that these sites are impenetrable to the police.”
Owens added that the operation demonstrated “how law enforcement agencies around the world can collaborate with each other and with private sector partners to dismantle international fraud networks at the source.”
Private companies including blockchain analysis firm Chainalogy, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro worked with police to identify and bring down LabHost.
The investigation began in June 2022 after police received intelligence about LabHost's activities from the Cyber Defense Alliance, an intelligence-sharing partnership between banks and law enforcement agencies.
The Met's Cybercrime Unit then joined the National Crime Agency, City of London Police, Europol, UK regional authorities, as well as other international police forces to take action.