Cybercriminals foiled in massive sting

Five alleged cybercriminals have been arrested across the country as part of an international operation trying to take down a cybercrime platform used to steal personal credentials from victims around the world, including more than 94,000 people in Australia.

Those arrested allegedly used the platform, known as LabHost, to trick victims into providing their personal information, such as online banking logins, credit card details and passwords, through persistent phishing attacks sent via texts and emails.

It’s believed about 10,000 cybercriminals globally use the platform.

Another 32 people were arrested overseas as part of the joint police operation.

The AFP and state and territory police executed 22 search warrants across five states on Wednesday, including 14 in Victoria, two in Queensland, three in NSW, one in South Australia and two in Western Australia.

A Melbourne man and an Adelaide man, who police will allege were LabHost users, were arrested during the warrants and charged with cybercrime-related offences.

Three Melbourne men were also arrested by Victoria Police and charged with drug-related offences.

LabHost was allegedly marketed as a “one-stop-shop” for phishing, enabling cybercriminals to replicate more than 170 fraudulent websites of reputable banks, government entities and other major organisations to trick unsuspecting victims into believing they were the legitimate websites.

AFP Acting Assistant Commissioner Cyber Command Chris Goldsmid said phishing had become a serious threat, with Scamwatch last year receiving more than 108,000 reports of phishing attacks totalling nearly $26m in losses.

“LabHost alone had the potential to cause $28m in harm to Australians through the sale of stolen Australian credentials,” he said.

“In addition to financial losses, victims of phishing attacks are subject to ongoing security risks and criminal offending, including identity takeovers, extortion and blackmail.

“LabHost is yet another example of the borderless nature of cybercrime and the take-down reinforces the powerful outcomes that can be achieved through a united, global law enforcement front.

“Australians who have used LabHost to steal data should not expect to remain anonymous.

“Authorities have obtained a vast amount of evidence during this investigation and we are working to identify anyone who has used this platform to target innocent victims.”

The AFP will allege once the cybercriminals had replicated a website, they would use LabHost to send texts and emails to victims, prompting them to login to their accounts via the fraudulent link.

When victims followed the link, cybercriminals could obtain a range of sensitive information, such as one-time pins, usernames and passwords, security questions and passphrases.

Cybercriminals could then use victims’ personal information to access legitimate enterprises, such as financial institutions, where they could steal funds from victims’ bank accounts.

NSW Police State Crime Command cybercrime squad commander Acting Detective Superintendent Gillian Lister said cybercrime was a borderless issue.

“The NSWPF works not only with the AFP, but multi-jurisdictional policing units across the world, to actively target cybercrime offenders and destroy their criminal networks and prevent further victimisation – and that’s what we’ve done through this operation,” she said.

LabHost originated in Canada in 2021, targeting North America, before expanding to the UK and Ireland and then going global.

Users could sign up to LabHost for as little as $270 per month.

It’s understood LabHost had more than 40,000 phishing domains and more than 10,000 global active cybercriminals using its technology to exploit victims at the time of the global arrests.

The Australian arm of the investigation, codenamed Operation Nebulae, has allegedly identified more than 100 suspects in Australia who use LabHost to target Australian victims.

Victoria Police Detective Superintendent Tim McKinney said that although cybercrimes were increasing in both scale and frequency, those who committed offences such as these in the belief they can do so anonymously were mistaken.

“Cybercrimes such as phishing may be borderless and virtual in nature, but their impact on victims is real and can be devastating,” he said

“If you have used this platform to claim to be a legitimate trusted website for the purpose of conducting fraudulent activity and are under the impression that police will not thoroughly investigate, you are mistaken.

“If you commit cybercrime with the sole intent of scamming everyday Australians, know that alongside our national and international law enforcement partners we will continue to pursue cybercriminals for their reckless actions wherever they may be located in the world.”

In addition to the take-down of the LabHost domain, 207 criminal servers were also taken down.