The Metropolitan Police announced that they have successfully infiltrated a massive fraud website known as LabHost, which has been used by thousands of criminals to steal personal information from victims. The website has been used by cybercriminals to trick people into handing over sensitive information such as email addresses, passwords, and bank details. Police have identified just under 70,000 individual victims in the U.K. who entered their details into one of LabHost’s websites. So far, 37 suspects have been arrested in connection with the operation. Police have also disrupted LabHost’s websites and replaced the information on its pages with a message indicating that the services have been seized by law enforcement.
LabHost is described as a criminal cyber network that was set up in 2021 with the aim of scamming victims out of key personally identifiable information by creating fake websites. Criminals were able to exploit victims through existing sites or by creating new websites that imitated trusted brands such as banks, healthcare providers, and postal services. The Metropolitan Police stated that LabHost obtained a significant amount of personal data, including 480,000 credit card numbers, 64,000 PIN codes, and more than 1 million passwords used for websites and other online services. As a result of the operation, up to 25,000 victims in the U.K. have been contacted by police to notify them that their data has been compromised.
The police emphasized the importance of collaboration between law enforcement agencies and private partners in dismantling international fraud networks. Dame Lynne Owens, deputy commissioner of the Metropolitan Police Service, stated that online fraudsters often believe they can act with impunity and hide behind digital identities and platforms such as LabHost. However, the successful operation against LabHost demonstrated the ability of law enforcement agencies and private sector partners to work together to combat cybercrime. Private companies such as Chainalysis, Intel 471, Microsoft, The Shadowserver Foundation, and Trend Micro assisted in identifying and taking down LabHost.
The investigation into LabHost began in June 2022 after police received intelligence about the website’s activities from the Cyber Defence Alliance, an intelligence sharing alliance between banks and law enforcement agencies. The Metropolitan Police’s Cyber Crime Unit collaborated with other law enforcement agencies such as the National Crime Agency, City of London Police, Europol, and regional U.K. authorities, as well as international police forces. By combining their resources and expertise, they were able to successfully disrupt and seize the operations of LabHost, preventing further victimization and impact on individuals’ personal data.
By taking down LabHost and arresting suspects involved in the criminal network, law enforcement agencies have sent a clear message to online fraudsters that they will not be able to act with impunity. The successful operation showcased the importance of collaboration between public and private partners in combating cybercrime and protecting individuals’ personal information. The Metropolitan Police highlighted that by working together internationally, law enforcement agencies can dismantle fraudulent networks at their source, demonstrating the effectiveness of coordinated efforts in addressing complex cyber threats and protecting the public from online scams and fraud.
