Police have successfully dismantled a criminal gang accused of orchestrating a sophisticated fraud scheme using Labhost, a technology service that enabled them to send fraudulent text messages.
What are Fraudulent Text Messages
Fraudulent text messages, commonly known as “smishing” (SMS phishing), are text messages sent with the intent to deceive or trick individuals into providing sensitive information or taking harmful actions. These messages often appear to be from a legitimate source, such as a bank, government agency, or well-known company but are actually from scammers or cybercriminals.
Labhost Users
LabHost was a notorious cybercrime platform that operated under the guise of a ‘phishing-as-a-service’ provider. It was established in late 2021 and quickly became a hub for cybercriminals, offering them the tools and infrastructure to create and manage phishing campaigns without requiring advanced technical skills. For a monthly subscription fee, users could access a variety of phishing kits designed to mimic legitimate websites of banks, streaming services, and postal services, among others.
The platform facilitated the theft of sensitive personal information, such as bank details and passwords, from unsuspecting victims. LabHost’s operation was extensive, with over 40,000 fraudulent domains created to deceive individuals and gather their data.
The downfall of LabHost came after a coordinated international law enforcement effort led to the disruption of its services and the arrest of 37 suspects associated with the platform. The operation, which involved police forces from 19 countries and partnerships with private sector entities, revealed the scale of LabHost’s criminal activities.
Cyber Defense Alliance
The gang’s activities were discovered in 2022 by the Cyber Defence Alliance, a small team of investigators funded by UK financial bodies to infiltrate criminal networks on the dark web.
The Cyber Defence Alliance (CDA) is a collaborative non-profit organization established in the UK in 2015. It was formed by a coalition of four international banks with the support of law enforcement agencies. The CDA’s mission is to reduce the impact of cyber attacks, counter the threats posed by cybercriminals, and increase the effectiveness of cybersecurity and resilience efforts. It achieves this by sharing resources, expertise, and knowledge among its members, which include financial institutions, government bodies, law enforcement, intelligence agencies, and telecommunication operators. The CDA provides a trusted environment for its members to exchange intelligence and knowledge, offering timely insights into new and emerging cyber threats.
The services offered by the CDA are diverse and prioritize proactive network defence, incident response, attribution, arrest, disruption, and strategic assessment. It acts as a central hub for real-time sharing of sensitive information between financial institutions to mitigate and investigate threats. The CDA also provides collective incident support, alerting and reporting of cyber threats, threat modelling, training, and development of in-house tools. By maintaining strong partnerships with government agencies, telecom providers, and like-minded organizations, the CDA plays a crucial role in the collective effort to secure a better digital future.
The platform had amassed profits close to £1 million from its illicit operations, and its takedown was a significant blow to the phishing underworld.
Investigators also seized the email addresses of 800 criminals paying up to £300 a month to use the LabHost service. They will be sent personalised videos making clear police know who they are and what they have been doing.
The strategy, which follows advice from behavioural psychologists, is designed to undermine criminal confidence in the security of scam services.
