Five people are suspected of participating in a scheme that has illegally obtained personal credentials from over 94,000 Australians.
Authorities have apprehended five individuals across different regions in a joint effort to dismantle a global cybercrime network. This operation aimed to disrupt a platform used by cybercriminals to illicitly obtain personal information from victims worldwide, with a significant impact on over 94,000 individuals in Australia.
The apprehended individuals reportedly used a platform named LabHost to trick unsuspecting victims into disclosing their personal information, such as online banking credentials, credit card details, and passwords, through persistent phishing attacks sent via text messages and emails.
An estimated 10,000 cybercriminals are believed to utilise the platform on a global scale. As part of a collaborative effort by law enforcement agencies, an additional 32 individuals have been apprehended in foreign countries.
Law enforcement agencies conducted a series of search warrants in multiple states on Wednesday. The operation involved the AFP, state, and territory police, resulting in the execution of 22 warrants. Fourteen warrants were carried out in Victoria, two in Queensland, three in NSW, one in South Australia, and two in Western Australia.
During the execution of the warrants, two individuals from Melbourne and Adelaide were apprehended by the police. It is alleged that these individuals were LabHost users and have been charged with cybercrime offenses.
Victoria Police apprehended and charged three individuals from Melbourne for drug-related offences. Cybercriminals reportedly promoted LabHost as a comprehensive phishing solution, enabling them to create over 170 fake websites that mimicked well-known banks, government entities, and other prominent organisations. These deceptive websites aimed to deceive unsuspecting individuals into thinking they were accessing legitimate platforms.
According to AFP Acting Assistant Commissioner Cyber Command Chris Goldsmid, phishing has emerged as a significant and concerning threat. In the past year alone, Scamwatch has received over 108,000 reports of phishing attacks, resulting in losses amounting to nearly $26 million.
“LabHost alone had the potential to cause $28m in harm to Australians through the sale of stolen Australian credentials,” he said.
“In addition to financial losses, victims of phishing attacks are subject to ongoing security risks and criminal offending, including identity takeovers, extortion and blackmail.
“LabHost is yet another example of the borderless nature of cybercrime and the take-down reinforces the powerful outcomes that can be achieved through a united, global law enforcement front.
“Australians who have used LabHost to steal data should not expect to remain anonymous.
“Authorities have obtained a vast amount of evidence during this investigation and we are working to identify anyone who has used this platform to target innocent victims.”
The investigation claims that cybercriminals would use LabHost to replicate a website and then send texts and emails to unsuspecting victims. These messages would prompt the recipients to log in to their accounts through a deceptive link. When individuals clicked on the link, hackers were able to access a variety of confidential data, including one-time pins, login credentials, security queries, and passphrases.
Cybercriminals have the ability to exploit victims’ personal information in order to gain unauthorised access to legitimate businesses, including financial institutions. This allows them to carry out fraudulent activities, such as stealing funds from victims’ bank accounts. The cybercrime squad’s commander at NSW Police State Crime Command, Acting Detective Superintendent Gillian Lister, emphasised the global nature of cybercrime.
“The NSWPF works not only with the AFP, but multi-jurisdictional policing units across the world, to actively target cybercrime offenders and destroy their criminal networks and prevent further victimisation – and that’s what we’ve done through this operation,” she said.
In 2021, LabHost initially established itself in Canada, concentrating on the North American market. It later expanded its operations to the UK and Ireland before eventually becoming a global enterprise. LabHost offers a monthly sign-up option starting at just $270. LabHost was found to have over 40,000 phishing domains and was being used by over 10,000 cybercriminals worldwide to exploit unsuspecting victims at the time of the global arrests.
Operation Nebulae, the Australian investigation, has reportedly uncovered over 100 individuals in Australia who are using LabHost to target victims within the country, according to reports.According to Victoria Police Detective Superintendent Tim McKinney, the number and severity of cybercrimes are on the rise. However, those who think they can get away with these offences while remaining anonymous are sorely mistaken.
“Cybercrimes such as phishing may be borderless and virtual in nature, but their impact on victims is real and can be devastating,” he said
“If you have used this platform to claim to be a legitimate trusted website for the purpose of conducting fraudulent activity and are under the impression that police will not thoroughly investigate, you are mistaken.
“If you commit cybercrime with the sole intent of scamming everyday Australians, know that alongside our national and international law enforcement partners we will continue to pursue cybercriminals for their reckless actions wherever they may be located in the world.”
In addition to dismantling the LabHost domain, authorities also seized a total of 207 criminal servers.