Australians arrested in global sting over 'one-stop shop' for cybercriminals

The arrests came as part of a takedown of the platform LabHost, a subscription service that police say was used by criminals to steal the personal information of victims.

Two police officers escort a man into a vehicle, following his arrest.

Federal police have arrested five Australians as part of a global sting operation into a global cybercrime operation. Source: Supplied / Australian Federal Police

Five Australians have been arrested after federal police swooped in on alleged cybercriminals who they say were part of a global operation that stole personal data.

The global sting, led by police in the United Kingdom, has resulted in the arrest of 37 people from across 19 countries who allegedly used LabHost — a so-called one-stop shop for cybercriminals.

The personal details of 94,000 Australians have been stolen through LabHost, which has been used by criminals to impersonate 170 websites, including banks and government websites such as MyGov.
Among the 37 people arrested (which include the alleged developer) were five Australians, including a Melbourne man and an Adelaide man who were apprehended during police search warrants carried out on Wednesday. Police allege the pair used LabHost.

Three others were arrested for drug-related offences during the searches.

How did LabHost work?

Australian Federal Police (AFP) acting assistant commissioner for cyber command, Chris Goldsmid, said LabHost gave cyber criminals "all the tools they needed" to carry out — a common scam used to steal a victim's personal information.

Bad actors could access the platform for as little as $270 a month. That granted them access to what the AFP said were "phishing kits", which they could use to host fake websites and generate text and email campaigns to steal personal data.
"Phishing is a technique used by cybercriminals trick victims into providing personal information such as banking logins, credit card details and passwords in order to commit criminal offences or steal money," Goldsmid told reporters on Thursday.

Police estimate as much as $28 million was lost due to phishing scams carried out through LabHost.

Goldsmid said the Australian arm of Labhost — which started in Canada in 2021 — had been under investigation since October.
Smartphones are laid out on a table.
Australian Federal Police seized a number of mobile phones during the sting operation. Source: Supplied / Australian Federal Police
LabHost went global, gaining more than 10,000 users, and hosting over 40,000 phishing websites when it was taken down, police said.

The global operation would "continue over the coming weeks" and more arrests were expected, Goldsmid said.

The arrests have prompted a repeat of warnings for customers to be careful when receiving unsolicited email or texts with links.

Goldsmid said prevention was key and urged Australians to bring a healthy dose of scepticism when asked for their personal details online.

"We urge Australians to think before you click when you receive emails and text messages that contain links," he said.

"Think really carefully even if the email or text looks legitimate."

- With the Australian Associated Press.

Share
3 min read
Published 18 April 2024 2:20pm
By Ewa Staszewska
Source: SBS News



Share this with family and friends